@synapsor/runner 0.1.0-alpha.10 → 0.1.0-alpha.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (54) hide show
  1. package/README.md +203 -21
  2. package/dist/cli.d.ts.map +1 -1
  3. package/dist/runner.mjs +1103 -115
  4. package/docs/README.md +38 -0
  5. package/docs/app-owned-executors.md +26 -0
  6. package/docs/capability-authoring.md +265 -0
  7. package/docs/cloud-mode.md +24 -0
  8. package/docs/current-scope.md +24 -0
  9. package/docs/dependency-license-inventory.md +35 -0
  10. package/docs/doctor.md +98 -0
  11. package/docs/handler-helper.md +200 -0
  12. package/docs/http-mcp.md +35 -1
  13. package/docs/licensing.md +36 -0
  14. package/docs/local-mode.md +13 -2
  15. package/docs/mcp-client-setup.md +39 -0
  16. package/docs/openai-agents-sdk.md +57 -0
  17. package/docs/release-notes.md +76 -2
  18. package/docs/release-policy.md +86 -0
  19. package/docs/result-envelope-v2.md +148 -0
  20. package/docs/rfcs/001-result-envelope-v2.md +143 -0
  21. package/docs/rfcs/002-app-owned-handler-helper.md +161 -0
  22. package/docs/rfcs/003-integrator-feedback-teardown.md +97 -0
  23. package/docs/store-lifecycle.md +83 -0
  24. package/docs/use-your-own-database.md +18 -0
  25. package/docs/writeback-executors.md +29 -0
  26. package/examples/app-owned-writeback/README.md +1 -0
  27. package/examples/mcp-postgres-billing-app-handler/README.md +86 -0
  28. package/examples/mcp-postgres-billing-app-handler/app-handler.mjs +125 -0
  29. package/examples/mcp-postgres-billing-app-handler/docker-compose.yml +13 -0
  30. package/examples/mcp-postgres-billing-app-handler/schema.sql +59 -0
  31. package/examples/mcp-postgres-billing-app-handler/scripts/run-demo.sh +100 -0
  32. package/examples/mcp-postgres-billing-app-handler/seed.sql +39 -0
  33. package/examples/mcp-postgres-billing-app-handler/synapsor-handler.mjs +437 -0
  34. package/examples/mcp-postgres-billing-app-handler/synapsor.runner.json +158 -0
  35. package/examples/openai-agents-http/README.md +10 -2
  36. package/examples/openai-agents-stdio/README.md +8 -4
  37. package/examples/openai-agents-stdio/agent.py +2 -0
  38. package/fixtures/benchmark/mcp-efficiency.json +53 -0
  39. package/fixtures/benchmark/mcp-efficiency.txt +25 -0
  40. package/fixtures/protocol/MANIFEST.json +54 -0
  41. package/fixtures/protocol/change-set.late-fee-waiver.v1.json +72 -0
  42. package/fixtures/protocol/execution-receipt.applied.v1.json +14 -0
  43. package/fixtures/protocol/execution-receipt.conflict.v1.json +15 -0
  44. package/fixtures/protocol/runner-registration.v1.json +22 -0
  45. package/fixtures/protocol/writeback-job.late-fee-waiver.v1.json +44 -0
  46. package/package.json +4 -1
  47. package/schemas/change-set.v1.schema.json +140 -0
  48. package/schemas/execution-receipt.v1.schema.json +34 -0
  49. package/schemas/onboarding-selection.v1.schema.json +125 -0
  50. package/schemas/runner-registration.v1.schema.json +48 -0
  51. package/schemas/synapsor.app-handler-receipt.v1.json +39 -0
  52. package/schemas/synapsor.app-handler-request.v1.json +119 -0
  53. package/schemas/synapsor.runner.schema.json +412 -0
  54. package/schemas/writeback-job.v1.schema.json +121 -0
package/README.md CHANGED
@@ -7,27 +7,44 @@ Runner lets an MCP agent inspect scoped data and request database-backed
7
7
  business actions without receiving raw SQL, write credentials, approval tools,
8
8
  or commit tools.
9
9
 
10
- ## Alpha Operational Notes
10
+ ## The Five-Line Model
11
11
 
12
- These are current alpha requirements, not hidden behavior:
12
+ Your agent talks to Synapsor Runner, not directly to your database.
13
+ It can look: scoped reads through reviewed tools.
14
+ It can suggest: saved proposals with evidence and exact diffs.
15
+ It cannot commit: approval and writeback happen outside the model-facing tool.
16
+ After writeback, Runner keeps receipts and replay so you can inspect what happened.
13
17
 
14
- - Writeback with `--config ./synapsor.runner.json` reads the trusted writer
15
- connection from the source `write_url_env`, for example
16
- `SYNAPSOR_DATABASE_WRITE_URL`. `SYNAPSOR_DATABASE_URL` is only the legacy
17
- fallback when you run direct worker/apply flows without a local config.
18
- - `synapsor-runner mcp serve` is standard stdio MCP for local clients that can
19
- launch Runner.
20
- - `synapsor-runner mcp serve-streamable-http` is standard MCP Streamable HTTP
21
- with `initialize` and in-memory session behavior for SDK/client HTTP MCP
22
- integrations.
23
- - `synapsor-runner mcp serve-http` is a small authenticated JSON-RPC bridge for
24
- `tools/list`, `tools/call`, and `resources/read`. Use it only when you want a
25
- simple app/server wrapper instead of full HTTP MCP.
26
- - Direct SQL writeback creates or writes `synapsor_writeback_receipts` for
27
- idempotency and replay. The trusted writer needs permission for that table,
28
- or an administrator must pre-create it and grant access. Use an app-owned
29
- `http_handler` or `command_handler` if Runner should not create receipt
30
- tables in your application schema.
18
+ ## Four Terms
19
+
20
+ - Capability: a tool you define in config, such as `billing.inspect_invoice`
21
+ or `billing.propose_late_fee_waiver`. The agent only sees capabilities.
22
+ - Proposal: the agent's suggested database-backed change. It is saved, not
23
+ applied.
24
+ - Writeback: the moment an approved proposal actually changes the database.
25
+ - Executor: your app's writeback handler for anything richer than a guarded
26
+ one-row update.
27
+
28
+ ## Who Does What
29
+
30
+ You write the config: sources, trusted context, capabilities, visible fields,
31
+ proposal fields, and guards. For rich writes, you also write a small handler.
32
+
33
+ Synapsor Runner serves the MCP tools, stores evidence/proposals/receipts,
34
+ enforces tenant, column, version, and idempotency guards, routes writeback, and
35
+ keeps the replay log. You do not rebuild the safety loop yourself.
36
+
37
+ ## The Writeback Rule
38
+
39
+ One-row update to an existing row: Runner can do guarded direct writeback.
40
+ Anything else, such as inserting a row, touching two tables, or emitting an
41
+ event: your app-owned executor does it after approval.
42
+
43
+ ## Deliberate Limits
44
+
45
+ Runner does not expose raw SQL, write credentials, approval tools, or commit
46
+ tools to the model. Direct Runner writeback does not do generic `INSERT`,
47
+ `DELETE`, `UPSERT`, DDL, or multi-row SQL. Those are app-owned executor jobs.
31
48
 
32
49
  ```text
33
50
  AI agent or MCP client
@@ -111,6 +128,51 @@ MCP risk review -> npx -y -p @synapsor/runner@alpha synapsor-runner audit
111
128
  `synapsor-runner` is the public command for this OSS runner. `synapsor` is
112
129
  reserved for the Synapsor Cloud CLI.
113
130
 
131
+ Authoring reference:
132
+
133
+ - [Capability Authoring](docs/capability-authoring.md): read/proposal tools,
134
+ model-facing descriptions, result envelope v2, trusted context, and writeback
135
+ guards.
136
+ - [Result Envelope v2](docs/result-envelope-v2.md): stable
137
+ `ok`/`summary`/`data`/`proposal`/`error` MCP tool results.
138
+ - [JSON Schema](schemas/synapsor.runner.schema.json): editor validation for
139
+ `synapsor.runner.json`.
140
+
141
+ ## Current Alpha Details
142
+
143
+ These are current alpha requirements, not hidden behavior:
144
+
145
+ - Writeback with `--config ./synapsor.runner.json` reads the trusted writer
146
+ connection from the source `write_url_env`, for example
147
+ `SYNAPSOR_DATABASE_WRITE_URL`. `SYNAPSOR_DATABASE_URL` is only the legacy
148
+ fallback when you run direct worker/apply flows without a local config.
149
+ - `synapsor-runner mcp serve` is standard stdio MCP for local clients that can
150
+ launch Runner.
151
+ - `synapsor-runner mcp serve-streamable-http` is standard MCP Streamable HTTP
152
+ with `initialize` and in-memory session behavior for SDK/client HTTP MCP
153
+ integrations.
154
+ - OpenAI Agents SDK rejects dotted function/tool names. Use
155
+ `--alias-mode openai` or `--openai-tool-aliases` for OpenAI-facing MCP
156
+ transports. Runner exposes aliases such as `billing__inspect_invoice` and
157
+ keeps the canonical Synapsor capability name in tool metadata.
158
+ - `synapsor-runner mcp serve-http` is a small authenticated JSON-RPC bridge for
159
+ `tools/list`, `tools/call`, and `resources/read`. Use it only when you want a
160
+ simple app/server wrapper instead of full HTTP MCP.
161
+ - Direct SQL writeback creates or writes `synapsor_writeback_receipts` for
162
+ idempotency and replay. The trusted writer needs permission for that table,
163
+ or an administrator must pre-create it and grant access. Use an app-owned
164
+ `http_handler` or `command_handler` if Runner should not create receipt
165
+ tables in your application schema.
166
+ - Run `synapsor-runner doctor --config synapsor.runner.json --check-writeback`
167
+ after reviewing receipt-table DDL/grants to verify writer connectivity,
168
+ receipt-table permissions, and rollback-only target-table access. The probe
169
+ never mutates business rows, but it can create the receipt table if the
170
+ writer has permission.
171
+ - For app-owned `http_handler` executors, configure `signing_secret_env` to
172
+ have Runner sign writeback requests with `X-Synapsor-Signature`. Run
173
+ `synapsor-runner doctor --config synapsor.runner.json --check-handlers` to
174
+ check handler env vars and network reachability without applying a proposal.
175
+
114
176
  ## Connect Your Own Staging Database
115
177
 
116
178
  Put a read-only connection string in the environment:
@@ -143,6 +205,89 @@ call immediately and stores the evidence/query audit in the local ledger. If
143
205
  those env vars are missing, it prints the exact command to run after you set
144
206
  them from `.env.example`.
145
207
 
208
+ The end-to-end shape is:
209
+
210
+ ```text
211
+ 1. Put your read-only DB URL in DATABASE_URL.
212
+ 2. Run start --from-env DATABASE_URL.
213
+ 3. Choose one table/view and the safe fields agents may see.
214
+ 4. Preview the generated capabilities.
215
+ 5. Serve them over MCP to Claude, Cursor, OpenAI Agents SDK, or your app.
216
+ 6. For writes, approve a proposal outside MCP before writeback.
217
+ ```
218
+
219
+ The generated config is just the safety contract. A small reviewed version
220
+ looks like this:
221
+
222
+ ```json
223
+ {
224
+ "version": 1,
225
+ "mode": "review",
226
+ "sources": {
227
+ "app_postgres": {
228
+ "engine": "postgres",
229
+ "read_url_env": "DATABASE_URL",
230
+ "write_url_env": "SYNAPSOR_DATABASE_WRITE_URL"
231
+ }
232
+ },
233
+ "trusted_context": {
234
+ "provider": "environment",
235
+ "values": {
236
+ "tenant_id_env": "SYNAPSOR_TENANT_ID",
237
+ "principal_env": "SYNAPSOR_PRINCIPAL"
238
+ }
239
+ },
240
+ "capabilities": [
241
+ {
242
+ "name": "billing.inspect_invoice",
243
+ "kind": "read",
244
+ "source": "app_postgres",
245
+ "target": {
246
+ "schema": "public",
247
+ "table": "invoices",
248
+ "primary_key": "id",
249
+ "tenant_key": "tenant_id"
250
+ },
251
+ "args": {
252
+ "invoice_id": { "type": "string", "required": true }
253
+ },
254
+ "lookup": { "id_from_arg": "invoice_id" },
255
+ "visible_columns": ["id", "status", "late_fee_cents", "updated_at"],
256
+ "evidence": "required",
257
+ "max_rows": 1
258
+ },
259
+ {
260
+ "name": "billing.propose_late_fee_waiver",
261
+ "kind": "proposal",
262
+ "source": "app_postgres",
263
+ "target": {
264
+ "schema": "public",
265
+ "table": "invoices",
266
+ "primary_key": "id",
267
+ "tenant_key": "tenant_id"
268
+ },
269
+ "args": {
270
+ "invoice_id": { "type": "string", "required": true },
271
+ "reason": { "type": "string", "required": true }
272
+ },
273
+ "lookup": { "id_from_arg": "invoice_id" },
274
+ "visible_columns": ["id", "status", "late_fee_cents", "updated_at"],
275
+ "patch": {
276
+ "late_fee_cents": { "fixed": 0 },
277
+ "waiver_reason": { "from_arg": "reason" }
278
+ },
279
+ "allowed_columns": ["late_fee_cents", "waiver_reason"],
280
+ "conflict_guard": { "column": "updated_at" },
281
+ "approval": { "mode": "human", "required_role": "billing_lead" }
282
+ }
283
+ ]
284
+ }
285
+ ```
286
+
287
+ The agent sees `billing.inspect_invoice` and
288
+ `billing.propose_late_fee_waiver`. It does not see the database URL, writer
289
+ credential, raw SQL, approval command, or commit command.
290
+
146
291
  The wizard creates this local flow:
147
292
 
148
293
  ```text
@@ -199,6 +344,15 @@ synapsor-runner mcp serve \
199
344
  --store ./.synapsor/local.db
200
345
  ```
201
346
 
347
+ For OpenAI Agents SDK over stdio, add OpenAI-safe aliases:
348
+
349
+ ```bash
350
+ synapsor-runner mcp serve \
351
+ --config ./synapsor.runner.json \
352
+ --store ./.synapsor/local.db \
353
+ --alias-mode openai
354
+ ```
355
+
202
356
  App/server deployments:
203
357
 
204
358
  ```bash
@@ -207,12 +361,29 @@ export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-local-token"
207
361
  synapsor-runner mcp serve-streamable-http \
208
362
  --config ./synapsor.runner.json \
209
363
  --store ./.synapsor/local.db \
210
- --auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
364
+ --auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN \
365
+ --alias-mode openai
366
+ ```
367
+
368
+ Equivalent unified command:
369
+
370
+ ```bash
371
+ synapsor-runner mcp serve \
372
+ --transport streamable-http \
373
+ --config ./synapsor.runner.json \
374
+ --store ./.synapsor/local.db \
375
+ --auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN \
376
+ --alias-mode openai
211
377
  ```
212
378
 
213
379
  Streamable HTTP defaults to `127.0.0.1:8766`, requires bearer auth by default,
214
380
  and should use private networking, TLS, and rate limits before being exposed
215
- beyond a local machine.
381
+ beyond a local machine. With `--alias-mode openai`, tools are exposed to
382
+ the model as OpenAI-safe aliases such as `billing__inspect_invoice`; `_meta`
383
+ still includes `synapsor.canonical_tool_name = billing.inspect_invoice`, and
384
+ Runner routes calls back to the canonical Synapsor capability. Use
385
+ `--alias-mode both` during migrations if one client still expects canonical
386
+ dotted names while another needs OpenAI-safe aliases.
216
387
 
217
388
  Bridge mode:
218
389
 
@@ -245,6 +416,15 @@ Before asking an agent to solve a real task, confirm it can call a Runner tool:
245
416
  synapsor-runner tools preview --config ./synapsor.runner.json --store ./.synapsor/local.db
246
417
  ```
247
418
 
419
+ For OpenAI-facing clients:
420
+
421
+ ```bash
422
+ synapsor-runner tools preview \
423
+ --config ./synapsor.runner.json \
424
+ --store ./.synapsor/local.db \
425
+ --alias-mode openai
426
+ ```
427
+
248
428
  Then ask the agent:
249
429
 
250
430
  ```text
@@ -382,6 +562,7 @@ Create a redacted local diagnostic report:
382
562
 
383
563
  ```bash
384
564
  synapsor-runner doctor --config synapsor.runner.json --report --redact --output synapsor-doctor.md
565
+ synapsor-runner doctor --config synapsor.runner.json --check-writeback
385
566
  ```
386
567
 
387
568
  Inspect or compact the local ledger:
@@ -390,6 +571,7 @@ Inspect or compact the local ledger:
390
571
  synapsor-runner store stats --store ./.synapsor/local.db
391
572
  synapsor-runner store vacuum --store ./.synapsor/local.db
392
573
  synapsor-runner store prune --store ./.synapsor/local.db --older-than 30d --dry-run
574
+ synapsor-runner store reset --store ./.synapsor/local.db --yes
393
575
  ```
394
576
 
395
577
  This is local indexed search for local/dev/staging usage. It is not external
package/dist/cli.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAYA,OAAO,EAAkF,KAAK,WAAW,EAAoD,MAAM,6BAA6B,CAAC;AAkBjM,OAAO,EAA6G,KAAK,YAAY,EAAwB,MAAM,2BAA2B,CAAC;AAC/L,OAAO,EAOL,KAAK,gBAAgB,EAEtB,MAAM,mCAAmC,CAAC;AAkS3C,wBAAsB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAiD1D;AA0DD,KAAK,SAAS,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE9E,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,GAAE;IACP,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,OAAO,CAAC,EAAE,WAAW,CAAC;IACtB,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;CACvC,GACL,OAAO,CAAC,MAAM,CAAC,CA2OjB;AAo9CD,wBAAsB,0BAA0B,CAAC,GAAG,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,CAAC,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAM/H"}
1
+ {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAYA,OAAO,EAAqG,KAAK,WAAW,EAA2F,MAAM,6BAA6B,CAAC;AAmB3P,OAAO,EAA6G,KAAK,YAAY,EAAwB,MAAM,2BAA2B,CAAC;AAC/L,OAAO,EAOL,KAAK,gBAAgB,EAEtB,MAAM,mCAAmC,CAAC;AAoS3C,wBAAsB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAkD1D;AA0DD,KAAK,SAAS,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE9E,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,GAAE;IACP,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,OAAO,CAAC,EAAE,WAAW,CAAC;IACtB,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;CACvC,GACL,OAAO,CAAC,MAAM,CAAC,CA6OjB;AA4uDD,wBAAsB,0BAA0B,CAAC,GAAG,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,CAAC,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAM/H"}