@synapsor/runner 0.1.0-alpha.10 → 0.1.0-alpha.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +203 -21
- package/dist/cli.d.ts.map +1 -1
- package/dist/runner.mjs +1103 -115
- package/docs/README.md +38 -0
- package/docs/app-owned-executors.md +26 -0
- package/docs/capability-authoring.md +265 -0
- package/docs/cloud-mode.md +24 -0
- package/docs/current-scope.md +24 -0
- package/docs/dependency-license-inventory.md +35 -0
- package/docs/doctor.md +98 -0
- package/docs/handler-helper.md +200 -0
- package/docs/http-mcp.md +35 -1
- package/docs/licensing.md +36 -0
- package/docs/local-mode.md +13 -2
- package/docs/mcp-client-setup.md +39 -0
- package/docs/openai-agents-sdk.md +57 -0
- package/docs/release-notes.md +76 -2
- package/docs/release-policy.md +86 -0
- package/docs/result-envelope-v2.md +148 -0
- package/docs/rfcs/001-result-envelope-v2.md +143 -0
- package/docs/rfcs/002-app-owned-handler-helper.md +161 -0
- package/docs/rfcs/003-integrator-feedback-teardown.md +97 -0
- package/docs/store-lifecycle.md +83 -0
- package/docs/use-your-own-database.md +18 -0
- package/docs/writeback-executors.md +29 -0
- package/examples/app-owned-writeback/README.md +1 -0
- package/examples/mcp-postgres-billing-app-handler/README.md +86 -0
- package/examples/mcp-postgres-billing-app-handler/app-handler.mjs +125 -0
- package/examples/mcp-postgres-billing-app-handler/docker-compose.yml +13 -0
- package/examples/mcp-postgres-billing-app-handler/schema.sql +59 -0
- package/examples/mcp-postgres-billing-app-handler/scripts/run-demo.sh +100 -0
- package/examples/mcp-postgres-billing-app-handler/seed.sql +39 -0
- package/examples/mcp-postgres-billing-app-handler/synapsor-handler.mjs +437 -0
- package/examples/mcp-postgres-billing-app-handler/synapsor.runner.json +158 -0
- package/examples/openai-agents-http/README.md +10 -2
- package/examples/openai-agents-stdio/README.md +8 -4
- package/examples/openai-agents-stdio/agent.py +2 -0
- package/fixtures/benchmark/mcp-efficiency.json +53 -0
- package/fixtures/benchmark/mcp-efficiency.txt +25 -0
- package/fixtures/protocol/MANIFEST.json +54 -0
- package/fixtures/protocol/change-set.late-fee-waiver.v1.json +72 -0
- package/fixtures/protocol/execution-receipt.applied.v1.json +14 -0
- package/fixtures/protocol/execution-receipt.conflict.v1.json +15 -0
- package/fixtures/protocol/runner-registration.v1.json +22 -0
- package/fixtures/protocol/writeback-job.late-fee-waiver.v1.json +44 -0
- package/package.json +4 -1
- package/schemas/change-set.v1.schema.json +140 -0
- package/schemas/execution-receipt.v1.schema.json +34 -0
- package/schemas/onboarding-selection.v1.schema.json +125 -0
- package/schemas/runner-registration.v1.schema.json +48 -0
- package/schemas/synapsor.app-handler-receipt.v1.json +39 -0
- package/schemas/synapsor.app-handler-request.v1.json +119 -0
- package/schemas/synapsor.runner.schema.json +412 -0
- package/schemas/writeback-job.v1.schema.json +121 -0
package/docs/README.md
CHANGED
|
@@ -8,21 +8,49 @@ detail.
|
|
|
8
8
|
- [Connect Your Own Database](getting-started-own-database.md): inspect a
|
|
9
9
|
staging Postgres/MySQL database, generate `synapsor.runner.json`, preview
|
|
10
10
|
semantic tools, and serve them over MCP.
|
|
11
|
+
- [Use Your Own Database](use-your-own-database.md): short entry point that
|
|
12
|
+
links to the canonical own-database guide.
|
|
11
13
|
- [MCP Client Setup](mcp-client-setup.md): connect Claude, Cursor, VS Code, or
|
|
12
14
|
another stdio MCP client.
|
|
13
15
|
- [HTTP MCP](http-mcp.md): run Synapsor Runner as an authenticated HTTP MCP
|
|
14
16
|
service for app/server agents.
|
|
17
|
+
- [OpenAI Agents SDK](openai-agents-sdk.md): use Streamable HTTP MCP with
|
|
18
|
+
OpenAI-safe tool aliases.
|
|
19
|
+
- [Capability Authoring](capability-authoring.md): define read/proposal
|
|
20
|
+
capabilities, model-facing descriptions, result envelopes, trusted context,
|
|
21
|
+
and writeback guards. JSON Schema:
|
|
22
|
+
`../schemas/synapsor.runner.schema.json`.
|
|
23
|
+
- [Result Envelope v2](result-envelope-v2.md): the opt-in
|
|
24
|
+
`ok`/`summary`/`data`/`proposal`/`error` response shape for MCP tools.
|
|
25
|
+
- [Handler Helper](handler-helper.md): TypeScript helper for safe app-owned
|
|
26
|
+
rich-write handlers.
|
|
27
|
+
- RFC source context:
|
|
28
|
+
[001 result envelope](rfcs/001-result-envelope-v2.md),
|
|
29
|
+
[002 handler helper](rfcs/002-app-owned-handler-helper.md),
|
|
30
|
+
[003 integrator teardown](rfcs/003-integrator-feedback-teardown.md).
|
|
15
31
|
|
|
16
32
|
## Safety And Operations
|
|
17
33
|
|
|
18
34
|
- [Security Boundary](security-boundary.md): what the model can and cannot see.
|
|
19
35
|
- [Current Limitations](limitations.md): current alpha scope.
|
|
36
|
+
- [Current Scope](current-scope.md): compact alpha scope summary.
|
|
37
|
+
- [Cloud Mode](cloud-mode.md): what stays local and what Cloud-linked mode adds.
|
|
20
38
|
- [Release Notes](release-notes.md): alpha behavior, breaking changes, and the
|
|
21
39
|
stable release policy.
|
|
40
|
+
- [Release Policy](release-policy.md): alpha expectations, stable gates,
|
|
41
|
+
result envelope migration, and publish verification.
|
|
42
|
+
- [Licensing](licensing.md): Apache-2.0 scope, trademark boundary, and what is
|
|
43
|
+
not included in this runner repo.
|
|
44
|
+
- [Dependency License Inventory](dependency-license-inventory.md): current
|
|
45
|
+
dependency license summary for release review.
|
|
22
46
|
- [Troubleshooting First Run](troubleshooting-first-run.md): common setup
|
|
23
47
|
failures and fixes.
|
|
48
|
+
- [Doctor](doctor.md): redacted setup checks, handler probes, direct SQL
|
|
49
|
+
writeback probes, and receipt-table guidance.
|
|
24
50
|
- [Local Mode](local-mode.md): local store, proposals, approval, replay, and
|
|
25
51
|
writeback flow.
|
|
52
|
+
- [Store Lifecycle](store-lifecycle.md): active-store leases, prune safety,
|
|
53
|
+
deleted-store behavior, and concurrent server guardrails.
|
|
26
54
|
|
|
27
55
|
## Features
|
|
28
56
|
|
|
@@ -30,6 +58,16 @@ detail.
|
|
|
30
58
|
- [Recipes](recipes.md): starter business-capability templates.
|
|
31
59
|
- [Writeback Executors](writeback-executors.md): app-owned writeback handlers
|
|
32
60
|
for approved proposals.
|
|
61
|
+
- [App-Owned Executors](app-owned-executors.md): short entry point for rich
|
|
62
|
+
business transactions handled by your app.
|
|
63
|
+
- `synapsor-runner events tail`: local lifecycle events such as
|
|
64
|
+
`proposal_created`, `proposal_approved`, `writeback_applied`, and
|
|
65
|
+
`writeback_conflict`.
|
|
66
|
+
|
|
67
|
+
Useful examples:
|
|
68
|
+
|
|
69
|
+
- `examples/mcp-postgres-billing-app-handler/`: disposable Postgres app showing
|
|
70
|
+
guarded SQL writeback and app-owned account-credit execution side by side.
|
|
33
71
|
|
|
34
72
|
The public docs intentionally stay small. Historical implementation reports,
|
|
35
73
|
release checklists, and internal planning notes are not part of the public
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
# App-Owned Executors
|
|
2
|
+
|
|
3
|
+
The canonical guide is [Writeback Executors](writeback-executors.md).
|
|
4
|
+
|
|
5
|
+
Use app-owned executors when an approved proposal needs a real business
|
|
6
|
+
transaction instead of Runner-managed single-row SQL.
|
|
7
|
+
|
|
8
|
+
Examples:
|
|
9
|
+
|
|
10
|
+
- create a credit row;
|
|
11
|
+
- open a ticket;
|
|
12
|
+
- call Stripe or Zendesk;
|
|
13
|
+
- write ledger/event rows;
|
|
14
|
+
- update multiple tables in one application transaction.
|
|
15
|
+
|
|
16
|
+
The model-facing MCP tool only creates a proposal. Approval happens outside MCP.
|
|
17
|
+
After approval, Runner calls your `http_handler` or `command_handler`, records
|
|
18
|
+
the receipt, and includes the result in replay.
|
|
19
|
+
|
|
20
|
+
Do not use generic SQL for rich business transactions. Let the model propose,
|
|
21
|
+
let Synapsor Runner approve/replay, and let your app execute the transaction.
|
|
22
|
+
|
|
23
|
+
For TypeScript services, prefer the first-party helper in `packages/handler`.
|
|
24
|
+
It enforces bearer/HMAC auth, tenant scope, expected-version guards,
|
|
25
|
+
idempotency, transaction rollback, and safe receipt formatting around your
|
|
26
|
+
business effect. See [Handler Helper](handler-helper.md).
|
|
@@ -0,0 +1,265 @@
|
|
|
1
|
+
# Capability Authoring
|
|
2
|
+
|
|
3
|
+
Use `synapsor.runner.json` to define the database actions an MCP client can see.
|
|
4
|
+
The model sees semantic capabilities such as `billing.inspect_invoice`, not raw
|
|
5
|
+
SQL, table names, write credentials, approval tools, or commit tools.
|
|
6
|
+
|
|
7
|
+
For editor validation, use the JSON Schema:
|
|
8
|
+
|
|
9
|
+
```text
|
|
10
|
+
schemas/synapsor.runner.schema.json
|
|
11
|
+
```
|
|
12
|
+
|
|
13
|
+
## Minimal Shape
|
|
14
|
+
|
|
15
|
+
```json
|
|
16
|
+
{
|
|
17
|
+
"version": 1,
|
|
18
|
+
"mode": "review",
|
|
19
|
+
"result_format": 2,
|
|
20
|
+
"storage": { "sqlite_path": "./.synapsor/local.db" },
|
|
21
|
+
"sources": {
|
|
22
|
+
"app_postgres": {
|
|
23
|
+
"engine": "postgres",
|
|
24
|
+
"read_url_env": "DATABASE_URL",
|
|
25
|
+
"write_url_env": "SYNAPSOR_DATABASE_WRITE_URL",
|
|
26
|
+
"statement_timeout_ms": 3000
|
|
27
|
+
}
|
|
28
|
+
},
|
|
29
|
+
"trusted_context": {
|
|
30
|
+
"provider": "environment",
|
|
31
|
+
"values": {
|
|
32
|
+
"tenant_id_env": "SYNAPSOR_TENANT_ID",
|
|
33
|
+
"principal_env": "SYNAPSOR_PRINCIPAL"
|
|
34
|
+
}
|
|
35
|
+
},
|
|
36
|
+
"capabilities": []
|
|
37
|
+
}
|
|
38
|
+
```
|
|
39
|
+
|
|
40
|
+
`result_format: 2` makes every MCP tool call return one envelope:
|
|
41
|
+
|
|
42
|
+
```json
|
|
43
|
+
{
|
|
44
|
+
"ok": true,
|
|
45
|
+
"summary": "Created proposal wrp_123. Source database changed: no.",
|
|
46
|
+
"action": "billing.propose_late_fee_waiver",
|
|
47
|
+
"kind": "proposal",
|
|
48
|
+
"data": null,
|
|
49
|
+
"proposal": {},
|
|
50
|
+
"error": null,
|
|
51
|
+
"evidence": {
|
|
52
|
+
"bundle_id": "ev_123",
|
|
53
|
+
"note": "audit/replay handle; you do not need to act on it during this turn"
|
|
54
|
+
},
|
|
55
|
+
"source_database_changed": false,
|
|
56
|
+
"_meta": {
|
|
57
|
+
"canonical_capability": "billing.propose_late_fee_waiver"
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
```
|
|
61
|
+
|
|
62
|
+
Use `--result-format v2` on `mcp serve` or `mcp serve-streamable-http` if you
|
|
63
|
+
want to opt in from the command line instead of config.
|
|
64
|
+
|
|
65
|
+
## Read Capability
|
|
66
|
+
|
|
67
|
+
Read capabilities inspect one scoped row or view and save evidence/query-audit
|
|
68
|
+
records locally.
|
|
69
|
+
|
|
70
|
+
```json
|
|
71
|
+
{
|
|
72
|
+
"name": "billing.inspect_invoice",
|
|
73
|
+
"kind": "read",
|
|
74
|
+
"description": "Inspect one invoice in the trusted tenant before proposing a waiver or credit.",
|
|
75
|
+
"returns_hint": "Returns invoice amount, late fee, status, policy facts, and an audit evidence handle.",
|
|
76
|
+
"source": "app_postgres",
|
|
77
|
+
"target": {
|
|
78
|
+
"schema": "public",
|
|
79
|
+
"table": "invoices",
|
|
80
|
+
"primary_key": "id",
|
|
81
|
+
"tenant_key": "tenant_id"
|
|
82
|
+
},
|
|
83
|
+
"args": {
|
|
84
|
+
"invoice_id": {
|
|
85
|
+
"type": "string",
|
|
86
|
+
"required": true,
|
|
87
|
+
"max_length": 128,
|
|
88
|
+
"description": "Invoice id, e.g. INV-3001."
|
|
89
|
+
}
|
|
90
|
+
},
|
|
91
|
+
"lookup": { "id_from_arg": "invoice_id" },
|
|
92
|
+
"visible_columns": ["id", "tenant_id", "status", "late_fee_cents", "updated_at"],
|
|
93
|
+
"evidence": "required",
|
|
94
|
+
"max_rows": 1
|
|
95
|
+
}
|
|
96
|
+
```
|
|
97
|
+
|
|
98
|
+
Model-facing descriptions matter. They should explain when to use the tool and
|
|
99
|
+
what the result contains. Runner also adds evidence-handle guidance so the model
|
|
100
|
+
does not waste a turn trying to call an audit handle.
|
|
101
|
+
|
|
102
|
+
## Proposal Capability
|
|
103
|
+
|
|
104
|
+
Proposal capabilities create an exact before/after diff. They do not mutate your
|
|
105
|
+
source database. Approval and writeback stay outside the model-facing MCP tool
|
|
106
|
+
surface.
|
|
107
|
+
|
|
108
|
+
```json
|
|
109
|
+
{
|
|
110
|
+
"name": "billing.propose_late_fee_waiver",
|
|
111
|
+
"kind": "proposal",
|
|
112
|
+
"description": "Propose waiving one invoice late fee after inspecting invoice and policy evidence.",
|
|
113
|
+
"returns_hint": "Returns a review-required proposal id, exact field diff, evidence handle, and source_database_changed:false.",
|
|
114
|
+
"source": "app_postgres",
|
|
115
|
+
"target": {
|
|
116
|
+
"schema": "public",
|
|
117
|
+
"table": "invoices",
|
|
118
|
+
"primary_key": "id",
|
|
119
|
+
"tenant_key": "tenant_id"
|
|
120
|
+
},
|
|
121
|
+
"args": {
|
|
122
|
+
"invoice_id": {
|
|
123
|
+
"type": "string",
|
|
124
|
+
"required": true,
|
|
125
|
+
"description": "Invoice id, e.g. INV-3001."
|
|
126
|
+
},
|
|
127
|
+
"reason": {
|
|
128
|
+
"type": "string",
|
|
129
|
+
"required": true,
|
|
130
|
+
"max_length": 500,
|
|
131
|
+
"description": "Business reason for the proposed waiver."
|
|
132
|
+
}
|
|
133
|
+
},
|
|
134
|
+
"lookup": { "id_from_arg": "invoice_id" },
|
|
135
|
+
"visible_columns": ["id", "tenant_id", "status", "late_fee_cents", "waiver_reason", "updated_at"],
|
|
136
|
+
"patch": {
|
|
137
|
+
"late_fee_cents": { "fixed": 0 },
|
|
138
|
+
"waiver_reason": { "from_arg": "reason" }
|
|
139
|
+
},
|
|
140
|
+
"allowed_columns": ["late_fee_cents", "waiver_reason"],
|
|
141
|
+
"numeric_bounds": {
|
|
142
|
+
"late_fee_cents": { "minimum": 0, "maximum": 10000 }
|
|
143
|
+
},
|
|
144
|
+
"conflict_guard": { "column": "updated_at" },
|
|
145
|
+
"approval": { "mode": "human", "required_role": "billing_lead" }
|
|
146
|
+
}
|
|
147
|
+
```
|
|
148
|
+
|
|
149
|
+
## Trusted Context
|
|
150
|
+
|
|
151
|
+
Tenant, principal, approval authority, source ids, and row-version authority
|
|
152
|
+
must come from trusted backend/session context, not from model arguments.
|
|
153
|
+
|
|
154
|
+
Good:
|
|
155
|
+
|
|
156
|
+
```json
|
|
157
|
+
"trusted_context": {
|
|
158
|
+
"provider": "environment",
|
|
159
|
+
"values": {
|
|
160
|
+
"tenant_id_env": "SYNAPSOR_TENANT_ID",
|
|
161
|
+
"principal_env": "SYNAPSOR_PRINCIPAL"
|
|
162
|
+
}
|
|
163
|
+
}
|
|
164
|
+
```
|
|
165
|
+
|
|
166
|
+
Bad:
|
|
167
|
+
|
|
168
|
+
```json
|
|
169
|
+
"args": {
|
|
170
|
+
"tenant_id": { "type": "string" }
|
|
171
|
+
}
|
|
172
|
+
```
|
|
173
|
+
|
|
174
|
+
Runner rejects model-facing trust-scope arguments.
|
|
175
|
+
|
|
176
|
+
## Direct SQL Writeback
|
|
177
|
+
|
|
178
|
+
Use direct SQL writeback only for simple bounded single-row `UPDATE` proposals.
|
|
179
|
+
Runner validates:
|
|
180
|
+
|
|
181
|
+
- fixed table and column names;
|
|
182
|
+
- primary-key targeting;
|
|
183
|
+
- tenant guard;
|
|
184
|
+
- `allowed_columns`;
|
|
185
|
+
- numeric bounds and transition guards;
|
|
186
|
+
- optimistic conflict guard such as `updated_at`;
|
|
187
|
+
- one affected row;
|
|
188
|
+
- idempotency receipt.
|
|
189
|
+
|
|
190
|
+
Runner does not expose generic SQL, model-generated SQL, DDL, INSERT, DELETE,
|
|
191
|
+
UPSERT, or multi-row writes.
|
|
192
|
+
|
|
193
|
+
Direct SQL writeback uses the source `write_url_env`, such as
|
|
194
|
+
`SYNAPSOR_DATABASE_WRITE_URL`. The writer needs permission for
|
|
195
|
+
`synapsor_writeback_receipts` or an administrator must pre-create and grant that
|
|
196
|
+
table.
|
|
197
|
+
|
|
198
|
+
## App-Owned Executors
|
|
199
|
+
|
|
200
|
+
Use an app-owned executor when an approved proposal needs richer business work:
|
|
201
|
+
creating a credit row, inserting an outbox event, updating multiple app tables,
|
|
202
|
+
or calling your own service.
|
|
203
|
+
|
|
204
|
+
```json
|
|
205
|
+
"executors": {
|
|
206
|
+
"billing_handler": {
|
|
207
|
+
"type": "http_handler",
|
|
208
|
+
"url_env": "BILLING_WRITEBACK_URL",
|
|
209
|
+
"method": "POST",
|
|
210
|
+
"auth": {
|
|
211
|
+
"type": "bearer_env",
|
|
212
|
+
"token_env": "BILLING_WRITEBACK_TOKEN"
|
|
213
|
+
},
|
|
214
|
+
"signing_secret_env": "BILLING_WRITEBACK_SIGNING_SECRET",
|
|
215
|
+
"timeout_ms": 5000
|
|
216
|
+
}
|
|
217
|
+
}
|
|
218
|
+
```
|
|
219
|
+
|
|
220
|
+
Then reference it from a proposal capability:
|
|
221
|
+
|
|
222
|
+
```json
|
|
223
|
+
{
|
|
224
|
+
"name": "billing.propose_account_credit",
|
|
225
|
+
"kind": "proposal",
|
|
226
|
+
"executor": "billing_handler"
|
|
227
|
+
}
|
|
228
|
+
```
|
|
229
|
+
|
|
230
|
+
Approval still happens outside MCP. Runner sends the approved job to your
|
|
231
|
+
handler, and the handler returns an applied/conflict/failed receipt for replay.
|
|
232
|
+
See [App-Owned Executors](app-owned-executors.md) and
|
|
233
|
+
[Writeback Executors](writeback-executors.md).
|
|
234
|
+
|
|
235
|
+
## OpenAI Aliases
|
|
236
|
+
|
|
237
|
+
Canonical Synapsor names use dots, such as `billing.inspect_invoice`. Some
|
|
238
|
+
clients require function-safe names. Use:
|
|
239
|
+
|
|
240
|
+
```bash
|
|
241
|
+
synapsor-runner mcp serve-streamable-http \
|
|
242
|
+
--config ./synapsor.runner.json \
|
|
243
|
+
--store ./.synapsor/local.db \
|
|
244
|
+
--auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN \
|
|
245
|
+
--alias-mode openai
|
|
246
|
+
```
|
|
247
|
+
|
|
248
|
+
The model sees aliases such as `billing__inspect_invoice`. Runner includes the
|
|
249
|
+
canonical name in tool metadata and descriptions so audit/replay still use the
|
|
250
|
+
real capability name.
|
|
251
|
+
|
|
252
|
+
## Why Not `execute_sql`
|
|
253
|
+
|
|
254
|
+
`execute_sql(sql)` gives the model database authority. Synapsor Runner gives the
|
|
255
|
+
model proposal authority:
|
|
256
|
+
|
|
257
|
+
```text
|
|
258
|
+
model-facing MCP tool -> trusted context -> scoped read -> evidence -> proposal
|
|
259
|
+
```
|
|
260
|
+
|
|
261
|
+
Commit authority stays outside the model:
|
|
262
|
+
|
|
263
|
+
```text
|
|
264
|
+
human/operator approval -> guarded writeback or app-owned handler -> receipt/replay
|
|
265
|
+
```
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
# Cloud Mode
|
|
2
|
+
|
|
3
|
+
Synapsor Runner is local-first. It does not require Synapsor Cloud for the local
|
|
4
|
+
demo, own-database onboarding, MCP serving, proposal creation, local approval,
|
|
5
|
+
guarded writeback, or replay.
|
|
6
|
+
|
|
7
|
+
Cloud-linked mode is for teams that need a shared control plane:
|
|
8
|
+
|
|
9
|
+
- team approvals and RBAC;
|
|
10
|
+
- hosted evidence/replay search;
|
|
11
|
+
- runner registration and heartbeat;
|
|
12
|
+
- job leases;
|
|
13
|
+
- receipt reporting;
|
|
14
|
+
- retention and audit visibility.
|
|
15
|
+
|
|
16
|
+
The local runner still keeps database credentials in your environment. MCP
|
|
17
|
+
client config snippets should contain command paths and runner arguments, not
|
|
18
|
+
database URLs or write credentials.
|
|
19
|
+
|
|
20
|
+
Run the local smoke for this mode with:
|
|
21
|
+
|
|
22
|
+
```bash
|
|
23
|
+
corepack pnpm test:mcp-cloud-linked
|
|
24
|
+
```
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
# Current Scope
|
|
2
|
+
|
|
3
|
+
The canonical scope page is [Current Limitations](limitations.md).
|
|
4
|
+
|
|
5
|
+
Current alpha scope:
|
|
6
|
+
|
|
7
|
+
- local semantic MCP tools for Postgres/MySQL-backed business actions;
|
|
8
|
+
- schema inspection and guided config generation;
|
|
9
|
+
- trusted context from environment/session values;
|
|
10
|
+
- evidence handles, query audit, proposals, receipts, and local replay;
|
|
11
|
+
- guarded single-row `UPDATE` writeback for simple edits;
|
|
12
|
+
- app-owned `http_handler` and `command_handler` executors for richer approved
|
|
13
|
+
business transactions;
|
|
14
|
+
- stdio MCP, Streamable HTTP MCP, and a small JSON-RPC bridge.
|
|
15
|
+
|
|
16
|
+
Out of scope:
|
|
17
|
+
|
|
18
|
+
- raw `execute_sql`;
|
|
19
|
+
- model-generated SQL;
|
|
20
|
+
- generic INSERT/DELETE/UPSERT/DDL;
|
|
21
|
+
- generic multi-row SQL writeback;
|
|
22
|
+
- physical branching of external Postgres/MySQL;
|
|
23
|
+
- self-hosted Synapsor Cloud;
|
|
24
|
+
- production SLA or compliance certification.
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
# Dependency License Inventory
|
|
2
|
+
|
|
3
|
+
Generated from the current lockfile/install with:
|
|
4
|
+
|
|
5
|
+
```bash
|
|
6
|
+
corepack pnpm licenses list --json
|
|
7
|
+
```
|
|
8
|
+
|
|
9
|
+
Summary from the current dependency set:
|
|
10
|
+
|
|
11
|
+
| License | Package entries |
|
|
12
|
+
| --- | ---: |
|
|
13
|
+
| MIT | 149 |
|
|
14
|
+
| Apache-2.0 | 4 |
|
|
15
|
+
| BSD-3-Clause | 3 |
|
|
16
|
+
| BSD-2-Clause | 1 |
|
|
17
|
+
| ISC | 11 |
|
|
18
|
+
|
|
19
|
+
Apache-2.0 dependency entries reported by pnpm:
|
|
20
|
+
|
|
21
|
+
- `denque@2.1.0`
|
|
22
|
+
- `expect-type@1.3.0`
|
|
23
|
+
- `long@5.3.2`
|
|
24
|
+
- `typescript@5.9.3`
|
|
25
|
+
|
|
26
|
+
This file is an inventory summary, not a replacement for dependency license
|
|
27
|
+
review. Third-party dependency licenses and notices are not changed by the
|
|
28
|
+
first-party Synapsor Runner Apache-2.0 license.
|
|
29
|
+
|
|
30
|
+
Before public release:
|
|
31
|
+
|
|
32
|
+
- regenerate this inventory from a clean install;
|
|
33
|
+
- review dependency notices with the release owner or qualified counsel;
|
|
34
|
+
- keep third-party notices separate from the first-party Synapsor Runner
|
|
35
|
+
license.
|
package/docs/doctor.md
ADDED
|
@@ -0,0 +1,98 @@
|
|
|
1
|
+
# Doctor
|
|
2
|
+
|
|
3
|
+
Use `doctor` to check a local Runner setup without printing database URLs,
|
|
4
|
+
passwords, bearer tokens, signing secrets, or private keys.
|
|
5
|
+
|
|
6
|
+
```bash
|
|
7
|
+
synapsor-runner doctor --config synapsor.runner.json
|
|
8
|
+
synapsor-runner doctor --config synapsor.runner.json --json
|
|
9
|
+
synapsor-runner doctor --config synapsor.runner.json --report --redact --output synapsor-doctor.md
|
|
10
|
+
```
|
|
11
|
+
|
|
12
|
+
The default check validates:
|
|
13
|
+
|
|
14
|
+
- config shape;
|
|
15
|
+
- trusted context environment variables;
|
|
16
|
+
- read credential environment variables;
|
|
17
|
+
- read/write credential separation;
|
|
18
|
+
- reachable source metadata when the read env var is set;
|
|
19
|
+
- configured target tables and columns;
|
|
20
|
+
- MCP tool boundary, including absence of raw SQL and commit tools;
|
|
21
|
+
- local store stats.
|
|
22
|
+
|
|
23
|
+
## App-Owned Handler Checks
|
|
24
|
+
|
|
25
|
+
For `http_handler` executors, add `--check-handlers`:
|
|
26
|
+
|
|
27
|
+
```bash
|
|
28
|
+
synapsor-runner doctor --config synapsor.runner.json --check-handlers
|
|
29
|
+
```
|
|
30
|
+
|
|
31
|
+
This checks handler URL/token/signing-secret env vars and sends a reachability
|
|
32
|
+
probe to the handler endpoint. It does not apply a proposal and does not send a
|
|
33
|
+
writeback job.
|
|
34
|
+
|
|
35
|
+
Use `signing_secret_env` for non-loopback handler deployments so Runner signs
|
|
36
|
+
requests with:
|
|
37
|
+
|
|
38
|
+
```text
|
|
39
|
+
X-Synapsor-Signature
|
|
40
|
+
X-Synapsor-Issued-At
|
|
41
|
+
X-Synapsor-Proposal-Id
|
|
42
|
+
Idempotency-Key
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
## Direct SQL Writeback Checks
|
|
46
|
+
|
|
47
|
+
For direct `sql_update` writeback, add `--check-writeback` only after reviewing
|
|
48
|
+
the receipt-table DDL/grants:
|
|
49
|
+
|
|
50
|
+
```bash
|
|
51
|
+
synapsor-runner doctor --config synapsor.runner.json --check-writeback
|
|
52
|
+
```
|
|
53
|
+
|
|
54
|
+
This connects with the trusted writer env var named by `write_url_env` and
|
|
55
|
+
checks:
|
|
56
|
+
|
|
57
|
+
- writer database connectivity;
|
|
58
|
+
- `synapsor_writeback_receipts` permission through the adapter doctor;
|
|
59
|
+
- rollback-only access to each configured proposal target table;
|
|
60
|
+
- rollback-only update permission for configured allowed write columns.
|
|
61
|
+
|
|
62
|
+
The target-table probe uses fixed schema/table/column identifiers from the
|
|
63
|
+
reviewed config. It does not accept model SQL, user SQL, arbitrary table names,
|
|
64
|
+
or arbitrary column names. It runs inside a transaction and rolls back.
|
|
65
|
+
|
|
66
|
+
The receipt-table probe can create `synapsor_writeback_receipts` if the writer
|
|
67
|
+
has permission. If your policy does not allow Runner to create tables in the
|
|
68
|
+
application schema, pre-create the table and grant access:
|
|
69
|
+
|
|
70
|
+
```bash
|
|
71
|
+
synapsor-runner writeback migration --engine postgres --schema synapsor
|
|
72
|
+
synapsor-runner writeback grants --engine postgres --schema synapsor --writer-role app_writer
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
For MySQL:
|
|
76
|
+
|
|
77
|
+
```bash
|
|
78
|
+
synapsor-runner writeback migration --engine mysql --schema appdb
|
|
79
|
+
synapsor-runner writeback grants --engine mysql --schema appdb --writer-role "'app_writer'@'%'"
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
Use an app-owned `http_handler` or `command_handler` executor when your
|
|
83
|
+
application should own richer business writes or receipt storage.
|
|
84
|
+
|
|
85
|
+
## Redaction
|
|
86
|
+
|
|
87
|
+
Doctor output intentionally uses safe categories such as:
|
|
88
|
+
|
|
89
|
+
```text
|
|
90
|
+
connection failed
|
|
91
|
+
authentication failed
|
|
92
|
+
permission denied
|
|
93
|
+
configured object not found
|
|
94
|
+
database probe failed
|
|
95
|
+
```
|
|
96
|
+
|
|
97
|
+
Raw driver errors, connection strings, passwords, tokens, signing secrets, and
|
|
98
|
+
handler URLs are not printed in the report.
|