@synapsor/runner 0.1.0-alpha.10 → 0.1.0-alpha.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +203 -21
- package/dist/cli.d.ts.map +1 -1
- package/dist/runner.mjs +1103 -115
- package/docs/README.md +38 -0
- package/docs/app-owned-executors.md +26 -0
- package/docs/capability-authoring.md +265 -0
- package/docs/cloud-mode.md +24 -0
- package/docs/current-scope.md +24 -0
- package/docs/dependency-license-inventory.md +35 -0
- package/docs/doctor.md +98 -0
- package/docs/handler-helper.md +200 -0
- package/docs/http-mcp.md +35 -1
- package/docs/licensing.md +36 -0
- package/docs/local-mode.md +13 -2
- package/docs/mcp-client-setup.md +39 -0
- package/docs/openai-agents-sdk.md +57 -0
- package/docs/release-notes.md +76 -2
- package/docs/release-policy.md +86 -0
- package/docs/result-envelope-v2.md +148 -0
- package/docs/rfcs/001-result-envelope-v2.md +143 -0
- package/docs/rfcs/002-app-owned-handler-helper.md +161 -0
- package/docs/rfcs/003-integrator-feedback-teardown.md +97 -0
- package/docs/store-lifecycle.md +83 -0
- package/docs/use-your-own-database.md +18 -0
- package/docs/writeback-executors.md +29 -0
- package/examples/app-owned-writeback/README.md +1 -0
- package/examples/mcp-postgres-billing-app-handler/README.md +86 -0
- package/examples/mcp-postgres-billing-app-handler/app-handler.mjs +125 -0
- package/examples/mcp-postgres-billing-app-handler/docker-compose.yml +13 -0
- package/examples/mcp-postgres-billing-app-handler/schema.sql +59 -0
- package/examples/mcp-postgres-billing-app-handler/scripts/run-demo.sh +100 -0
- package/examples/mcp-postgres-billing-app-handler/seed.sql +39 -0
- package/examples/mcp-postgres-billing-app-handler/synapsor-handler.mjs +437 -0
- package/examples/mcp-postgres-billing-app-handler/synapsor.runner.json +158 -0
- package/examples/openai-agents-http/README.md +10 -2
- package/examples/openai-agents-stdio/README.md +8 -4
- package/examples/openai-agents-stdio/agent.py +2 -0
- package/fixtures/benchmark/mcp-efficiency.json +53 -0
- package/fixtures/benchmark/mcp-efficiency.txt +25 -0
- package/fixtures/protocol/MANIFEST.json +54 -0
- package/fixtures/protocol/change-set.late-fee-waiver.v1.json +72 -0
- package/fixtures/protocol/execution-receipt.applied.v1.json +14 -0
- package/fixtures/protocol/execution-receipt.conflict.v1.json +15 -0
- package/fixtures/protocol/runner-registration.v1.json +22 -0
- package/fixtures/protocol/writeback-job.late-fee-waiver.v1.json +44 -0
- package/package.json +4 -1
- package/schemas/change-set.v1.schema.json +140 -0
- package/schemas/execution-receipt.v1.schema.json +34 -0
- package/schemas/onboarding-selection.v1.schema.json +125 -0
- package/schemas/runner-registration.v1.schema.json +48 -0
- package/schemas/synapsor.app-handler-receipt.v1.json +39 -0
- package/schemas/synapsor.app-handler-request.v1.json +119 -0
- package/schemas/synapsor.runner.schema.json +412 -0
- package/schemas/writeback-job.v1.schema.json +121 -0
package/README.md
CHANGED
|
@@ -7,27 +7,44 @@ Runner lets an MCP agent inspect scoped data and request database-backed
|
|
|
7
7
|
business actions without receiving raw SQL, write credentials, approval tools,
|
|
8
8
|
or commit tools.
|
|
9
9
|
|
|
10
|
-
##
|
|
10
|
+
## The Five-Line Model
|
|
11
11
|
|
|
12
|
-
|
|
12
|
+
Your agent talks to Synapsor Runner, not directly to your database.
|
|
13
|
+
It can look: scoped reads through reviewed tools.
|
|
14
|
+
It can suggest: saved proposals with evidence and exact diffs.
|
|
15
|
+
It cannot commit: approval and writeback happen outside the model-facing tool.
|
|
16
|
+
After writeback, Runner keeps receipts and replay so you can inspect what happened.
|
|
13
17
|
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
-
|
|
19
|
-
|
|
20
|
-
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
18
|
+
## Four Terms
|
|
19
|
+
|
|
20
|
+
- Capability: a tool you define in config, such as `billing.inspect_invoice`
|
|
21
|
+
or `billing.propose_late_fee_waiver`. The agent only sees capabilities.
|
|
22
|
+
- Proposal: the agent's suggested database-backed change. It is saved, not
|
|
23
|
+
applied.
|
|
24
|
+
- Writeback: the moment an approved proposal actually changes the database.
|
|
25
|
+
- Executor: your app's writeback handler for anything richer than a guarded
|
|
26
|
+
one-row update.
|
|
27
|
+
|
|
28
|
+
## Who Does What
|
|
29
|
+
|
|
30
|
+
You write the config: sources, trusted context, capabilities, visible fields,
|
|
31
|
+
proposal fields, and guards. For rich writes, you also write a small handler.
|
|
32
|
+
|
|
33
|
+
Synapsor Runner serves the MCP tools, stores evidence/proposals/receipts,
|
|
34
|
+
enforces tenant, column, version, and idempotency guards, routes writeback, and
|
|
35
|
+
keeps the replay log. You do not rebuild the safety loop yourself.
|
|
36
|
+
|
|
37
|
+
## The Writeback Rule
|
|
38
|
+
|
|
39
|
+
One-row update to an existing row: Runner can do guarded direct writeback.
|
|
40
|
+
Anything else, such as inserting a row, touching two tables, or emitting an
|
|
41
|
+
event: your app-owned executor does it after approval.
|
|
42
|
+
|
|
43
|
+
## Deliberate Limits
|
|
44
|
+
|
|
45
|
+
Runner does not expose raw SQL, write credentials, approval tools, or commit
|
|
46
|
+
tools to the model. Direct Runner writeback does not do generic `INSERT`,
|
|
47
|
+
`DELETE`, `UPSERT`, DDL, or multi-row SQL. Those are app-owned executor jobs.
|
|
31
48
|
|
|
32
49
|
```text
|
|
33
50
|
AI agent or MCP client
|
|
@@ -111,6 +128,51 @@ MCP risk review -> npx -y -p @synapsor/runner@alpha synapsor-runner audit
|
|
|
111
128
|
`synapsor-runner` is the public command for this OSS runner. `synapsor` is
|
|
112
129
|
reserved for the Synapsor Cloud CLI.
|
|
113
130
|
|
|
131
|
+
Authoring reference:
|
|
132
|
+
|
|
133
|
+
- [Capability Authoring](docs/capability-authoring.md): read/proposal tools,
|
|
134
|
+
model-facing descriptions, result envelope v2, trusted context, and writeback
|
|
135
|
+
guards.
|
|
136
|
+
- [Result Envelope v2](docs/result-envelope-v2.md): stable
|
|
137
|
+
`ok`/`summary`/`data`/`proposal`/`error` MCP tool results.
|
|
138
|
+
- [JSON Schema](schemas/synapsor.runner.schema.json): editor validation for
|
|
139
|
+
`synapsor.runner.json`.
|
|
140
|
+
|
|
141
|
+
## Current Alpha Details
|
|
142
|
+
|
|
143
|
+
These are current alpha requirements, not hidden behavior:
|
|
144
|
+
|
|
145
|
+
- Writeback with `--config ./synapsor.runner.json` reads the trusted writer
|
|
146
|
+
connection from the source `write_url_env`, for example
|
|
147
|
+
`SYNAPSOR_DATABASE_WRITE_URL`. `SYNAPSOR_DATABASE_URL` is only the legacy
|
|
148
|
+
fallback when you run direct worker/apply flows without a local config.
|
|
149
|
+
- `synapsor-runner mcp serve` is standard stdio MCP for local clients that can
|
|
150
|
+
launch Runner.
|
|
151
|
+
- `synapsor-runner mcp serve-streamable-http` is standard MCP Streamable HTTP
|
|
152
|
+
with `initialize` and in-memory session behavior for SDK/client HTTP MCP
|
|
153
|
+
integrations.
|
|
154
|
+
- OpenAI Agents SDK rejects dotted function/tool names. Use
|
|
155
|
+
`--alias-mode openai` or `--openai-tool-aliases` for OpenAI-facing MCP
|
|
156
|
+
transports. Runner exposes aliases such as `billing__inspect_invoice` and
|
|
157
|
+
keeps the canonical Synapsor capability name in tool metadata.
|
|
158
|
+
- `synapsor-runner mcp serve-http` is a small authenticated JSON-RPC bridge for
|
|
159
|
+
`tools/list`, `tools/call`, and `resources/read`. Use it only when you want a
|
|
160
|
+
simple app/server wrapper instead of full HTTP MCP.
|
|
161
|
+
- Direct SQL writeback creates or writes `synapsor_writeback_receipts` for
|
|
162
|
+
idempotency and replay. The trusted writer needs permission for that table,
|
|
163
|
+
or an administrator must pre-create it and grant access. Use an app-owned
|
|
164
|
+
`http_handler` or `command_handler` if Runner should not create receipt
|
|
165
|
+
tables in your application schema.
|
|
166
|
+
- Run `synapsor-runner doctor --config synapsor.runner.json --check-writeback`
|
|
167
|
+
after reviewing receipt-table DDL/grants to verify writer connectivity,
|
|
168
|
+
receipt-table permissions, and rollback-only target-table access. The probe
|
|
169
|
+
never mutates business rows, but it can create the receipt table if the
|
|
170
|
+
writer has permission.
|
|
171
|
+
- For app-owned `http_handler` executors, configure `signing_secret_env` to
|
|
172
|
+
have Runner sign writeback requests with `X-Synapsor-Signature`. Run
|
|
173
|
+
`synapsor-runner doctor --config synapsor.runner.json --check-handlers` to
|
|
174
|
+
check handler env vars and network reachability without applying a proposal.
|
|
175
|
+
|
|
114
176
|
## Connect Your Own Staging Database
|
|
115
177
|
|
|
116
178
|
Put a read-only connection string in the environment:
|
|
@@ -143,6 +205,89 @@ call immediately and stores the evidence/query audit in the local ledger. If
|
|
|
143
205
|
those env vars are missing, it prints the exact command to run after you set
|
|
144
206
|
them from `.env.example`.
|
|
145
207
|
|
|
208
|
+
The end-to-end shape is:
|
|
209
|
+
|
|
210
|
+
```text
|
|
211
|
+
1. Put your read-only DB URL in DATABASE_URL.
|
|
212
|
+
2. Run start --from-env DATABASE_URL.
|
|
213
|
+
3. Choose one table/view and the safe fields agents may see.
|
|
214
|
+
4. Preview the generated capabilities.
|
|
215
|
+
5. Serve them over MCP to Claude, Cursor, OpenAI Agents SDK, or your app.
|
|
216
|
+
6. For writes, approve a proposal outside MCP before writeback.
|
|
217
|
+
```
|
|
218
|
+
|
|
219
|
+
The generated config is just the safety contract. A small reviewed version
|
|
220
|
+
looks like this:
|
|
221
|
+
|
|
222
|
+
```json
|
|
223
|
+
{
|
|
224
|
+
"version": 1,
|
|
225
|
+
"mode": "review",
|
|
226
|
+
"sources": {
|
|
227
|
+
"app_postgres": {
|
|
228
|
+
"engine": "postgres",
|
|
229
|
+
"read_url_env": "DATABASE_URL",
|
|
230
|
+
"write_url_env": "SYNAPSOR_DATABASE_WRITE_URL"
|
|
231
|
+
}
|
|
232
|
+
},
|
|
233
|
+
"trusted_context": {
|
|
234
|
+
"provider": "environment",
|
|
235
|
+
"values": {
|
|
236
|
+
"tenant_id_env": "SYNAPSOR_TENANT_ID",
|
|
237
|
+
"principal_env": "SYNAPSOR_PRINCIPAL"
|
|
238
|
+
}
|
|
239
|
+
},
|
|
240
|
+
"capabilities": [
|
|
241
|
+
{
|
|
242
|
+
"name": "billing.inspect_invoice",
|
|
243
|
+
"kind": "read",
|
|
244
|
+
"source": "app_postgres",
|
|
245
|
+
"target": {
|
|
246
|
+
"schema": "public",
|
|
247
|
+
"table": "invoices",
|
|
248
|
+
"primary_key": "id",
|
|
249
|
+
"tenant_key": "tenant_id"
|
|
250
|
+
},
|
|
251
|
+
"args": {
|
|
252
|
+
"invoice_id": { "type": "string", "required": true }
|
|
253
|
+
},
|
|
254
|
+
"lookup": { "id_from_arg": "invoice_id" },
|
|
255
|
+
"visible_columns": ["id", "status", "late_fee_cents", "updated_at"],
|
|
256
|
+
"evidence": "required",
|
|
257
|
+
"max_rows": 1
|
|
258
|
+
},
|
|
259
|
+
{
|
|
260
|
+
"name": "billing.propose_late_fee_waiver",
|
|
261
|
+
"kind": "proposal",
|
|
262
|
+
"source": "app_postgres",
|
|
263
|
+
"target": {
|
|
264
|
+
"schema": "public",
|
|
265
|
+
"table": "invoices",
|
|
266
|
+
"primary_key": "id",
|
|
267
|
+
"tenant_key": "tenant_id"
|
|
268
|
+
},
|
|
269
|
+
"args": {
|
|
270
|
+
"invoice_id": { "type": "string", "required": true },
|
|
271
|
+
"reason": { "type": "string", "required": true }
|
|
272
|
+
},
|
|
273
|
+
"lookup": { "id_from_arg": "invoice_id" },
|
|
274
|
+
"visible_columns": ["id", "status", "late_fee_cents", "updated_at"],
|
|
275
|
+
"patch": {
|
|
276
|
+
"late_fee_cents": { "fixed": 0 },
|
|
277
|
+
"waiver_reason": { "from_arg": "reason" }
|
|
278
|
+
},
|
|
279
|
+
"allowed_columns": ["late_fee_cents", "waiver_reason"],
|
|
280
|
+
"conflict_guard": { "column": "updated_at" },
|
|
281
|
+
"approval": { "mode": "human", "required_role": "billing_lead" }
|
|
282
|
+
}
|
|
283
|
+
]
|
|
284
|
+
}
|
|
285
|
+
```
|
|
286
|
+
|
|
287
|
+
The agent sees `billing.inspect_invoice` and
|
|
288
|
+
`billing.propose_late_fee_waiver`. It does not see the database URL, writer
|
|
289
|
+
credential, raw SQL, approval command, or commit command.
|
|
290
|
+
|
|
146
291
|
The wizard creates this local flow:
|
|
147
292
|
|
|
148
293
|
```text
|
|
@@ -199,6 +344,15 @@ synapsor-runner mcp serve \
|
|
|
199
344
|
--store ./.synapsor/local.db
|
|
200
345
|
```
|
|
201
346
|
|
|
347
|
+
For OpenAI Agents SDK over stdio, add OpenAI-safe aliases:
|
|
348
|
+
|
|
349
|
+
```bash
|
|
350
|
+
synapsor-runner mcp serve \
|
|
351
|
+
--config ./synapsor.runner.json \
|
|
352
|
+
--store ./.synapsor/local.db \
|
|
353
|
+
--alias-mode openai
|
|
354
|
+
```
|
|
355
|
+
|
|
202
356
|
App/server deployments:
|
|
203
357
|
|
|
204
358
|
```bash
|
|
@@ -207,12 +361,29 @@ export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-local-token"
|
|
|
207
361
|
synapsor-runner mcp serve-streamable-http \
|
|
208
362
|
--config ./synapsor.runner.json \
|
|
209
363
|
--store ./.synapsor/local.db \
|
|
210
|
-
--auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
|
|
364
|
+
--auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN \
|
|
365
|
+
--alias-mode openai
|
|
366
|
+
```
|
|
367
|
+
|
|
368
|
+
Equivalent unified command:
|
|
369
|
+
|
|
370
|
+
```bash
|
|
371
|
+
synapsor-runner mcp serve \
|
|
372
|
+
--transport streamable-http \
|
|
373
|
+
--config ./synapsor.runner.json \
|
|
374
|
+
--store ./.synapsor/local.db \
|
|
375
|
+
--auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN \
|
|
376
|
+
--alias-mode openai
|
|
211
377
|
```
|
|
212
378
|
|
|
213
379
|
Streamable HTTP defaults to `127.0.0.1:8766`, requires bearer auth by default,
|
|
214
380
|
and should use private networking, TLS, and rate limits before being exposed
|
|
215
|
-
beyond a local machine.
|
|
381
|
+
beyond a local machine. With `--alias-mode openai`, tools are exposed to
|
|
382
|
+
the model as OpenAI-safe aliases such as `billing__inspect_invoice`; `_meta`
|
|
383
|
+
still includes `synapsor.canonical_tool_name = billing.inspect_invoice`, and
|
|
384
|
+
Runner routes calls back to the canonical Synapsor capability. Use
|
|
385
|
+
`--alias-mode both` during migrations if one client still expects canonical
|
|
386
|
+
dotted names while another needs OpenAI-safe aliases.
|
|
216
387
|
|
|
217
388
|
Bridge mode:
|
|
218
389
|
|
|
@@ -245,6 +416,15 @@ Before asking an agent to solve a real task, confirm it can call a Runner tool:
|
|
|
245
416
|
synapsor-runner tools preview --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
246
417
|
```
|
|
247
418
|
|
|
419
|
+
For OpenAI-facing clients:
|
|
420
|
+
|
|
421
|
+
```bash
|
|
422
|
+
synapsor-runner tools preview \
|
|
423
|
+
--config ./synapsor.runner.json \
|
|
424
|
+
--store ./.synapsor/local.db \
|
|
425
|
+
--alias-mode openai
|
|
426
|
+
```
|
|
427
|
+
|
|
248
428
|
Then ask the agent:
|
|
249
429
|
|
|
250
430
|
```text
|
|
@@ -382,6 +562,7 @@ Create a redacted local diagnostic report:
|
|
|
382
562
|
|
|
383
563
|
```bash
|
|
384
564
|
synapsor-runner doctor --config synapsor.runner.json --report --redact --output synapsor-doctor.md
|
|
565
|
+
synapsor-runner doctor --config synapsor.runner.json --check-writeback
|
|
385
566
|
```
|
|
386
567
|
|
|
387
568
|
Inspect or compact the local ledger:
|
|
@@ -390,6 +571,7 @@ Inspect or compact the local ledger:
|
|
|
390
571
|
synapsor-runner store stats --store ./.synapsor/local.db
|
|
391
572
|
synapsor-runner store vacuum --store ./.synapsor/local.db
|
|
392
573
|
synapsor-runner store prune --store ./.synapsor/local.db --older-than 30d --dry-run
|
|
574
|
+
synapsor-runner store reset --store ./.synapsor/local.db --yes
|
|
393
575
|
```
|
|
394
576
|
|
|
395
577
|
This is local indexed search for local/dev/staging usage. It is not external
|
package/dist/cli.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAYA,OAAO,
|
|
1
|
+
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAYA,OAAO,EAAqG,KAAK,WAAW,EAA2F,MAAM,6BAA6B,CAAC;AAmB3P,OAAO,EAA6G,KAAK,YAAY,EAAwB,MAAM,2BAA2B,CAAC;AAC/L,OAAO,EAOL,KAAK,gBAAgB,EAEtB,MAAM,mCAAmC,CAAC;AAoS3C,wBAAsB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAkD1D;AA0DD,KAAK,SAAS,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE9E,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,GAAE;IACP,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,OAAO,CAAC,EAAE,WAAW,CAAC;IACtB,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;CACvC,GACL,OAAO,CAAC,MAAM,CAAC,CA6OjB;AA4uDD,wBAAsB,0BAA0B,CAAC,GAAG,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,CAAC,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAM/H"}
|