@synapsor/runner 0.1.0-alpha.11 → 0.1.0-alpha.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (32) hide show
  1. package/README.md +166 -23
  2. package/dist/cli.d.ts.map +1 -1
  3. package/dist/runner.mjs +855 -66
  4. package/docs/README.md +21 -0
  5. package/docs/app-owned-executors.md +5 -0
  6. package/docs/capability-authoring.md +265 -0
  7. package/docs/doctor.md +98 -0
  8. package/docs/handler-helper.md +200 -0
  9. package/docs/local-mode.md +13 -2
  10. package/docs/release-notes.md +47 -2
  11. package/docs/release-policy.md +86 -0
  12. package/docs/result-envelope-v2.md +148 -0
  13. package/docs/rfcs/001-result-envelope-v2.md +143 -0
  14. package/docs/rfcs/002-app-owned-handler-helper.md +161 -0
  15. package/docs/rfcs/003-integrator-feedback-teardown.md +97 -0
  16. package/docs/store-lifecycle.md +83 -0
  17. package/docs/writeback-executors.md +18 -0
  18. package/examples/app-owned-writeback/README.md +1 -0
  19. package/examples/mcp-postgres-billing-app-handler/README.md +6 -2
  20. package/examples/mcp-postgres-billing-app-handler/app-handler.mjs +77 -149
  21. package/examples/mcp-postgres-billing-app-handler/scripts/run-demo.sh +1 -0
  22. package/examples/mcp-postgres-billing-app-handler/synapsor-handler.mjs +437 -0
  23. package/examples/mcp-postgres-billing-app-handler/synapsor.runner.json +1 -0
  24. package/package.json +2 -1
  25. package/schemas/change-set.v1.schema.json +140 -0
  26. package/schemas/execution-receipt.v1.schema.json +34 -0
  27. package/schemas/onboarding-selection.v1.schema.json +125 -0
  28. package/schemas/runner-registration.v1.schema.json +48 -0
  29. package/schemas/synapsor.app-handler-receipt.v1.json +39 -0
  30. package/schemas/synapsor.app-handler-request.v1.json +119 -0
  31. package/schemas/synapsor.runner.schema.json +412 -0
  32. package/schemas/writeback-job.v1.schema.json +121 -0
package/README.md CHANGED
@@ -7,31 +7,44 @@ Runner lets an MCP agent inspect scoped data and request database-backed
7
7
  business actions without receiving raw SQL, write credentials, approval tools,
8
8
  or commit tools.
9
9
 
10
- ## Alpha Operational Notes
10
+ ## The Five-Line Model
11
11
 
12
- These are current alpha requirements, not hidden behavior:
12
+ Your agent talks to Synapsor Runner, not directly to your database.
13
+ It can look: scoped reads through reviewed tools.
14
+ It can suggest: saved proposals with evidence and exact diffs.
15
+ It cannot commit: approval and writeback happen outside the model-facing tool.
16
+ After writeback, Runner keeps receipts and replay so you can inspect what happened.
13
17
 
14
- - Writeback with `--config ./synapsor.runner.json` reads the trusted writer
15
- connection from the source `write_url_env`, for example
16
- `SYNAPSOR_DATABASE_WRITE_URL`. `SYNAPSOR_DATABASE_URL` is only the legacy
17
- fallback when you run direct worker/apply flows without a local config.
18
- - `synapsor-runner mcp serve` is standard stdio MCP for local clients that can
19
- launch Runner.
20
- - `synapsor-runner mcp serve-streamable-http` is standard MCP Streamable HTTP
21
- with `initialize` and in-memory session behavior for SDK/client HTTP MCP
22
- integrations.
23
- - OpenAI Agents SDK rejects dotted function/tool names. Use
24
- `--alias-mode openai` or `--openai-tool-aliases` for OpenAI-facing MCP
25
- transports. Runner exposes aliases such as `billing__inspect_invoice` and
26
- keeps the canonical Synapsor capability name in tool metadata.
27
- - `synapsor-runner mcp serve-http` is a small authenticated JSON-RPC bridge for
28
- `tools/list`, `tools/call`, and `resources/read`. Use it only when you want a
29
- simple app/server wrapper instead of full HTTP MCP.
30
- - Direct SQL writeback creates or writes `synapsor_writeback_receipts` for
31
- idempotency and replay. The trusted writer needs permission for that table,
32
- or an administrator must pre-create it and grant access. Use an app-owned
33
- `http_handler` or `command_handler` if Runner should not create receipt
34
- tables in your application schema.
18
+ ## Four Terms
19
+
20
+ - Capability: a tool you define in config, such as `billing.inspect_invoice`
21
+ or `billing.propose_late_fee_waiver`. The agent only sees capabilities.
22
+ - Proposal: the agent's suggested database-backed change. It is saved, not
23
+ applied.
24
+ - Writeback: the moment an approved proposal actually changes the database.
25
+ - Executor: your app's writeback handler for anything richer than a guarded
26
+ one-row update.
27
+
28
+ ## Who Does What
29
+
30
+ You write the config: sources, trusted context, capabilities, visible fields,
31
+ proposal fields, and guards. For rich writes, you also write a small handler.
32
+
33
+ Synapsor Runner serves the MCP tools, stores evidence/proposals/receipts,
34
+ enforces tenant, column, version, and idempotency guards, routes writeback, and
35
+ keeps the replay log. You do not rebuild the safety loop yourself.
36
+
37
+ ## The Writeback Rule
38
+
39
+ One-row update to an existing row: Runner can do guarded direct writeback.
40
+ Anything else, such as inserting a row, touching two tables, or emitting an
41
+ event: your app-owned executor does it after approval.
42
+
43
+ ## Deliberate Limits
44
+
45
+ Runner does not expose raw SQL, write credentials, approval tools, or commit
46
+ tools to the model. Direct Runner writeback does not do generic `INSERT`,
47
+ `DELETE`, `UPSERT`, DDL, or multi-row SQL. Those are app-owned executor jobs.
35
48
 
36
49
  ```text
37
50
  AI agent or MCP client
@@ -115,6 +128,51 @@ MCP risk review -> npx -y -p @synapsor/runner@alpha synapsor-runner audit
115
128
  `synapsor-runner` is the public command for this OSS runner. `synapsor` is
116
129
  reserved for the Synapsor Cloud CLI.
117
130
 
131
+ Authoring reference:
132
+
133
+ - [Capability Authoring](docs/capability-authoring.md): read/proposal tools,
134
+ model-facing descriptions, result envelope v2, trusted context, and writeback
135
+ guards.
136
+ - [Result Envelope v2](docs/result-envelope-v2.md): stable
137
+ `ok`/`summary`/`data`/`proposal`/`error` MCP tool results.
138
+ - [JSON Schema](schemas/synapsor.runner.schema.json): editor validation for
139
+ `synapsor.runner.json`.
140
+
141
+ ## Current Alpha Details
142
+
143
+ These are current alpha requirements, not hidden behavior:
144
+
145
+ - Writeback with `--config ./synapsor.runner.json` reads the trusted writer
146
+ connection from the source `write_url_env`, for example
147
+ `SYNAPSOR_DATABASE_WRITE_URL`. `SYNAPSOR_DATABASE_URL` is only the legacy
148
+ fallback when you run direct worker/apply flows without a local config.
149
+ - `synapsor-runner mcp serve` is standard stdio MCP for local clients that can
150
+ launch Runner.
151
+ - `synapsor-runner mcp serve-streamable-http` is standard MCP Streamable HTTP
152
+ with `initialize` and in-memory session behavior for SDK/client HTTP MCP
153
+ integrations.
154
+ - OpenAI Agents SDK rejects dotted function/tool names. Use
155
+ `--alias-mode openai` or `--openai-tool-aliases` for OpenAI-facing MCP
156
+ transports. Runner exposes aliases such as `billing__inspect_invoice` and
157
+ keeps the canonical Synapsor capability name in tool metadata.
158
+ - `synapsor-runner mcp serve-http` is a small authenticated JSON-RPC bridge for
159
+ `tools/list`, `tools/call`, and `resources/read`. Use it only when you want a
160
+ simple app/server wrapper instead of full HTTP MCP.
161
+ - Direct SQL writeback creates or writes `synapsor_writeback_receipts` for
162
+ idempotency and replay. The trusted writer needs permission for that table,
163
+ or an administrator must pre-create it and grant access. Use an app-owned
164
+ `http_handler` or `command_handler` if Runner should not create receipt
165
+ tables in your application schema.
166
+ - Run `synapsor-runner doctor --config synapsor.runner.json --check-writeback`
167
+ after reviewing receipt-table DDL/grants to verify writer connectivity,
168
+ receipt-table permissions, and rollback-only target-table access. The probe
169
+ never mutates business rows, but it can create the receipt table if the
170
+ writer has permission.
171
+ - For app-owned `http_handler` executors, configure `signing_secret_env` to
172
+ have Runner sign writeback requests with `X-Synapsor-Signature`. Run
173
+ `synapsor-runner doctor --config synapsor.runner.json --check-handlers` to
174
+ check handler env vars and network reachability without applying a proposal.
175
+
118
176
  ## Connect Your Own Staging Database
119
177
 
120
178
  Put a read-only connection string in the environment:
@@ -147,6 +205,89 @@ call immediately and stores the evidence/query audit in the local ledger. If
147
205
  those env vars are missing, it prints the exact command to run after you set
148
206
  them from `.env.example`.
149
207
 
208
+ The end-to-end shape is:
209
+
210
+ ```text
211
+ 1. Put your read-only DB URL in DATABASE_URL.
212
+ 2. Run start --from-env DATABASE_URL.
213
+ 3. Choose one table/view and the safe fields agents may see.
214
+ 4. Preview the generated capabilities.
215
+ 5. Serve them over MCP to Claude, Cursor, OpenAI Agents SDK, or your app.
216
+ 6. For writes, approve a proposal outside MCP before writeback.
217
+ ```
218
+
219
+ The generated config is just the safety contract. A small reviewed version
220
+ looks like this:
221
+
222
+ ```json
223
+ {
224
+ "version": 1,
225
+ "mode": "review",
226
+ "sources": {
227
+ "app_postgres": {
228
+ "engine": "postgres",
229
+ "read_url_env": "DATABASE_URL",
230
+ "write_url_env": "SYNAPSOR_DATABASE_WRITE_URL"
231
+ }
232
+ },
233
+ "trusted_context": {
234
+ "provider": "environment",
235
+ "values": {
236
+ "tenant_id_env": "SYNAPSOR_TENANT_ID",
237
+ "principal_env": "SYNAPSOR_PRINCIPAL"
238
+ }
239
+ },
240
+ "capabilities": [
241
+ {
242
+ "name": "billing.inspect_invoice",
243
+ "kind": "read",
244
+ "source": "app_postgres",
245
+ "target": {
246
+ "schema": "public",
247
+ "table": "invoices",
248
+ "primary_key": "id",
249
+ "tenant_key": "tenant_id"
250
+ },
251
+ "args": {
252
+ "invoice_id": { "type": "string", "required": true }
253
+ },
254
+ "lookup": { "id_from_arg": "invoice_id" },
255
+ "visible_columns": ["id", "status", "late_fee_cents", "updated_at"],
256
+ "evidence": "required",
257
+ "max_rows": 1
258
+ },
259
+ {
260
+ "name": "billing.propose_late_fee_waiver",
261
+ "kind": "proposal",
262
+ "source": "app_postgres",
263
+ "target": {
264
+ "schema": "public",
265
+ "table": "invoices",
266
+ "primary_key": "id",
267
+ "tenant_key": "tenant_id"
268
+ },
269
+ "args": {
270
+ "invoice_id": { "type": "string", "required": true },
271
+ "reason": { "type": "string", "required": true }
272
+ },
273
+ "lookup": { "id_from_arg": "invoice_id" },
274
+ "visible_columns": ["id", "status", "late_fee_cents", "updated_at"],
275
+ "patch": {
276
+ "late_fee_cents": { "fixed": 0 },
277
+ "waiver_reason": { "from_arg": "reason" }
278
+ },
279
+ "allowed_columns": ["late_fee_cents", "waiver_reason"],
280
+ "conflict_guard": { "column": "updated_at" },
281
+ "approval": { "mode": "human", "required_role": "billing_lead" }
282
+ }
283
+ ]
284
+ }
285
+ ```
286
+
287
+ The agent sees `billing.inspect_invoice` and
288
+ `billing.propose_late_fee_waiver`. It does not see the database URL, writer
289
+ credential, raw SQL, approval command, or commit command.
290
+
150
291
  The wizard creates this local flow:
151
292
 
152
293
  ```text
@@ -421,6 +562,7 @@ Create a redacted local diagnostic report:
421
562
 
422
563
  ```bash
423
564
  synapsor-runner doctor --config synapsor.runner.json --report --redact --output synapsor-doctor.md
565
+ synapsor-runner doctor --config synapsor.runner.json --check-writeback
424
566
  ```
425
567
 
426
568
  Inspect or compact the local ledger:
@@ -429,6 +571,7 @@ Inspect or compact the local ledger:
429
571
  synapsor-runner store stats --store ./.synapsor/local.db
430
572
  synapsor-runner store vacuum --store ./.synapsor/local.db
431
573
  synapsor-runner store prune --store ./.synapsor/local.db --older-than 30d --dry-run
574
+ synapsor-runner store reset --store ./.synapsor/local.db --yes
432
575
  ```
433
576
 
434
577
  This is local indexed search for local/dev/staging usage. It is not external
package/dist/cli.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAYA,OAAO,EAAqG,KAAK,WAAW,EAAwE,MAAM,6BAA6B,CAAC;AAkBxO,OAAO,EAA6G,KAAK,YAAY,EAAwB,MAAM,2BAA2B,CAAC;AAC/L,OAAO,EAOL,KAAK,gBAAgB,EAEtB,MAAM,mCAAmC,CAAC;AAkS3C,wBAAsB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAiD1D;AA0DD,KAAK,SAAS,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE9E,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,GAAE;IACP,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,OAAO,CAAC,EAAE,WAAW,CAAC;IACtB,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;CACvC,GACL,OAAO,CAAC,MAAM,CAAC,CA2OjB;AAo9CD,wBAAsB,0BAA0B,CAAC,GAAG,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,CAAC,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAM/H"}
1
+ {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAYA,OAAO,EAAqG,KAAK,WAAW,EAA2F,MAAM,6BAA6B,CAAC;AAmB3P,OAAO,EAA6G,KAAK,YAAY,EAAwB,MAAM,2BAA2B,CAAC;AAC/L,OAAO,EAOL,KAAK,gBAAgB,EAEtB,MAAM,mCAAmC,CAAC;AAoS3C,wBAAsB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAkD1D;AA0DD,KAAK,SAAS,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE9E,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,GAAE;IACP,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,OAAO,CAAC,EAAE,WAAW,CAAC;IACtB,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;CACvC,GACL,OAAO,CAAC,MAAM,CAAC,CA6OjB;AA4uDD,wBAAsB,0BAA0B,CAAC,GAAG,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,CAAC,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAM/H"}