@synapsor/runner 0.1.0-alpha.11 → 0.1.0-alpha.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. package/CHANGELOG.md +85 -0
  2. package/README.md +169 -23
  3. package/dist/cli.d.ts.map +1 -1
  4. package/dist/runner.mjs +855 -66
  5. package/docs/README.md +21 -0
  6. package/docs/app-owned-executors.md +5 -0
  7. package/docs/capability-authoring.md +265 -0
  8. package/docs/doctor.md +98 -0
  9. package/docs/handler-helper.md +217 -0
  10. package/docs/local-mode.md +13 -2
  11. package/docs/release-notes.md +57 -2
  12. package/docs/release-policy.md +86 -0
  13. package/docs/result-envelope-v2.md +148 -0
  14. package/docs/rfcs/001-result-envelope-v2.md +143 -0
  15. package/docs/rfcs/002-app-owned-handler-helper.md +161 -0
  16. package/docs/rfcs/003-integrator-feedback-teardown.md +97 -0
  17. package/docs/store-lifecycle.md +83 -0
  18. package/docs/writeback-executors.md +18 -0
  19. package/examples/app-owned-writeback/README.md +1 -0
  20. package/examples/mcp-postgres-billing-app-handler/README.md +7 -2
  21. package/examples/mcp-postgres-billing-app-handler/app-handler.mjs +77 -149
  22. package/examples/mcp-postgres-billing-app-handler/scripts/run-demo.sh +1 -0
  23. package/examples/mcp-postgres-billing-app-handler/synapsor-handler.mjs +437 -0
  24. package/examples/mcp-postgres-billing-app-handler/synapsor.runner.json +1 -0
  25. package/package.json +3 -1
  26. package/schemas/change-set.v1.schema.json +140 -0
  27. package/schemas/execution-receipt.v1.schema.json +34 -0
  28. package/schemas/onboarding-selection.v1.schema.json +125 -0
  29. package/schemas/runner-registration.v1.schema.json +48 -0
  30. package/schemas/synapsor.app-handler-receipt.v1.json +39 -0
  31. package/schemas/synapsor.app-handler-request.v1.json +119 -0
  32. package/schemas/synapsor.runner.schema.json +412 -0
  33. package/schemas/writeback-job.v1.schema.json +121 -0
package/CHANGELOG.md ADDED
@@ -0,0 +1,85 @@
1
+ # Changelog
2
+
3
+ ## Unreleased
4
+
5
+ ### Added
6
+
7
+ - `result_format: 2` for a stable MCP result envelope with
8
+ `ok`, `summary`, `data`, `proposal`, `error`, `evidence`,
9
+ `source_database_changed`, and `_meta.canonical_capability`.
10
+ - `--result-format v1|v2` for `mcp serve`, `mcp serve --transport
11
+ streamable-http`, `mcp serve-streamable-http`, and the legacy JSON-RPC bridge.
12
+ - Capability config fields `description`, per-argument `description`, and
13
+ `returns_hint`; these are surfaced in MCP tool metadata.
14
+ - `tools list` as a first-class alias for `tools preview`, including
15
+ `tools list --aliases`.
16
+ - `mcp client-config --include-instructions` for Claude/Cursor/OpenAI-style
17
+ client snippets with propose-first agent guidance.
18
+ - `schemas/synapsor.runner.schema.json` for editor validation.
19
+ - `docs/capability-authoring.md` and `docs/result-envelope-v2.md`.
20
+ - RFC source docs under `docs/rfcs/`.
21
+
22
+ ### Changed
23
+
24
+ - OpenAI-safe aliases include the canonical Synapsor capability name in
25
+ descriptions/metadata so model-visible aliases can still be audited against
26
+ dotted capability names.
27
+ - v2 MCP errors redact raw driver/infra strings and map failures to a small
28
+ safe error-code enum.
29
+
30
+ ### Compatibility
31
+
32
+ - Result envelope v1 remains the default in this alpha. Opt in with
33
+ `result_format: 2` or `--result-format v2`.
34
+ - The public command remains `synapsor-runner`.
35
+
36
+ ## 0.1.0-alpha.14
37
+
38
+ ### Changed
39
+
40
+ - Clarified that `@synapsor/handler` is not published as a standalone npm
41
+ package yet. The TypeScript helper currently exists in the source monorepo
42
+ and as the bundled `synapsor-handler.mjs` shim used by the packaged
43
+ app-owned executor example.
44
+ - Included `CHANGELOG.md` in the `@synapsor/runner` npm tarball so users can
45
+ inspect alpha changes without cloning the repository.
46
+
47
+ ## 0.1.0-alpha.13
48
+
49
+ ### Changed
50
+
51
+ - Reworked the README opening around a five-line mental model: agent talks to
52
+ Runner, Runner exposes capabilities, proposals are saved but not applied, and
53
+ approval/writeback stay outside the model-facing tool surface.
54
+ - Added plain definitions for capability, proposal, writeback, and executor near
55
+ the top of the README.
56
+ - Added the direct-writeback versus app-owned-executor rule up front: guarded
57
+ one-row updates can use Runner direct writeback; richer business actions use
58
+ an app-owned executor.
59
+ - Added a tiny readable own-database config example with one read capability and
60
+ one proposal capability so new users can picture what the guided wizard
61
+ creates.
62
+
63
+ ## 0.1.0-alpha.12
64
+
65
+ ### Added
66
+
67
+ - `doctor --check-writeback` verifies direct SQL writer connectivity,
68
+ receipt-table readiness, and rollback-only access to configured proposal
69
+ target tables/columns without mutating business rows.
70
+ - `docs/doctor.md` documents redacted setup checks, handler reachability,
71
+ direct SQL writeback probes, and receipt-table guidance.
72
+ - `store reset --yes` removes only the local SQLite ledger files and refuses
73
+ active server leases unless `--force` is provided.
74
+
75
+ ### Changed
76
+
77
+ - Doctor output now warns when direct SQL writeback has not been probed and
78
+ points to `--check-writeback`.
79
+ - Packed/public verification scripts exercise `store reset` in addition to
80
+ stats/prune.
81
+
82
+ ## 0.1.0-alpha.11
83
+
84
+ See [docs/release-notes.md](docs/release-notes.md) for the current published
85
+ alpha notes.
package/README.md CHANGED
@@ -7,31 +7,44 @@ Runner lets an MCP agent inspect scoped data and request database-backed
7
7
  business actions without receiving raw SQL, write credentials, approval tools,
8
8
  or commit tools.
9
9
 
10
- ## Alpha Operational Notes
10
+ ## The Five-Line Model
11
11
 
12
- These are current alpha requirements, not hidden behavior:
12
+ Your agent talks to Synapsor Runner, not directly to your database.
13
+ It can look: scoped reads through reviewed tools.
14
+ It can suggest: saved proposals with evidence and exact diffs.
15
+ It cannot commit: approval and writeback happen outside the model-facing tool.
16
+ After writeback, Runner keeps receipts and replay so you can inspect what happened.
13
17
 
14
- - Writeback with `--config ./synapsor.runner.json` reads the trusted writer
15
- connection from the source `write_url_env`, for example
16
- `SYNAPSOR_DATABASE_WRITE_URL`. `SYNAPSOR_DATABASE_URL` is only the legacy
17
- fallback when you run direct worker/apply flows without a local config.
18
- - `synapsor-runner mcp serve` is standard stdio MCP for local clients that can
19
- launch Runner.
20
- - `synapsor-runner mcp serve-streamable-http` is standard MCP Streamable HTTP
21
- with `initialize` and in-memory session behavior for SDK/client HTTP MCP
22
- integrations.
23
- - OpenAI Agents SDK rejects dotted function/tool names. Use
24
- `--alias-mode openai` or `--openai-tool-aliases` for OpenAI-facing MCP
25
- transports. Runner exposes aliases such as `billing__inspect_invoice` and
26
- keeps the canonical Synapsor capability name in tool metadata.
27
- - `synapsor-runner mcp serve-http` is a small authenticated JSON-RPC bridge for
28
- `tools/list`, `tools/call`, and `resources/read`. Use it only when you want a
29
- simple app/server wrapper instead of full HTTP MCP.
30
- - Direct SQL writeback creates or writes `synapsor_writeback_receipts` for
31
- idempotency and replay. The trusted writer needs permission for that table,
32
- or an administrator must pre-create it and grant access. Use an app-owned
33
- `http_handler` or `command_handler` if Runner should not create receipt
34
- tables in your application schema.
18
+ ## Four Terms
19
+
20
+ - Capability: a tool you define in config, such as `billing.inspect_invoice`
21
+ or `billing.propose_late_fee_waiver`. The agent only sees capabilities.
22
+ - Proposal: the agent's suggested database-backed change. It is saved, not
23
+ applied.
24
+ - Writeback: the moment an approved proposal actually changes the database.
25
+ - Executor: your app's writeback handler for anything richer than a guarded
26
+ one-row update.
27
+
28
+ ## Who Does What
29
+
30
+ You write the config: sources, trusted context, capabilities, visible fields,
31
+ proposal fields, and guards. For rich writes, you also write a small handler.
32
+
33
+ Synapsor Runner serves the MCP tools, stores evidence/proposals/receipts,
34
+ enforces tenant, column, version, and idempotency guards, routes writeback, and
35
+ keeps the replay log. You do not rebuild the safety loop yourself.
36
+
37
+ ## The Writeback Rule
38
+
39
+ One-row update to an existing row: Runner can do guarded direct writeback.
40
+ Anything else, such as inserting a row, touching two tables, or emitting an
41
+ event: your app-owned executor does it after approval.
42
+
43
+ ## Deliberate Limits
44
+
45
+ Runner does not expose raw SQL, write credentials, approval tools, or commit
46
+ tools to the model. Direct Runner writeback does not do generic `INSERT`,
47
+ `DELETE`, `UPSERT`, DDL, or multi-row SQL. Those are app-owned executor jobs.
35
48
 
36
49
  ```text
37
50
  AI agent or MCP client
@@ -115,6 +128,51 @@ MCP risk review -> npx -y -p @synapsor/runner@alpha synapsor-runner audit
115
128
  `synapsor-runner` is the public command for this OSS runner. `synapsor` is
116
129
  reserved for the Synapsor Cloud CLI.
117
130
 
131
+ Authoring reference:
132
+
133
+ - [Capability Authoring](docs/capability-authoring.md): read/proposal tools,
134
+ model-facing descriptions, result envelope v2, trusted context, and writeback
135
+ guards.
136
+ - [Result Envelope v2](docs/result-envelope-v2.md): stable
137
+ `ok`/`summary`/`data`/`proposal`/`error` MCP tool results.
138
+ - [JSON Schema](schemas/synapsor.runner.schema.json): editor validation for
139
+ `synapsor.runner.json`.
140
+
141
+ ## Current Alpha Details
142
+
143
+ These are current alpha requirements, not hidden behavior:
144
+
145
+ - Writeback with `--config ./synapsor.runner.json` reads the trusted writer
146
+ connection from the source `write_url_env`, for example
147
+ `SYNAPSOR_DATABASE_WRITE_URL`. `SYNAPSOR_DATABASE_URL` is only the legacy
148
+ fallback when you run direct worker/apply flows without a local config.
149
+ - `synapsor-runner mcp serve` is standard stdio MCP for local clients that can
150
+ launch Runner.
151
+ - `synapsor-runner mcp serve-streamable-http` is standard MCP Streamable HTTP
152
+ with `initialize` and in-memory session behavior for SDK/client HTTP MCP
153
+ integrations.
154
+ - OpenAI Agents SDK rejects dotted function/tool names. Use
155
+ `--alias-mode openai` or `--openai-tool-aliases` for OpenAI-facing MCP
156
+ transports. Runner exposes aliases such as `billing__inspect_invoice` and
157
+ keeps the canonical Synapsor capability name in tool metadata.
158
+ - `synapsor-runner mcp serve-http` is a small authenticated JSON-RPC bridge for
159
+ `tools/list`, `tools/call`, and `resources/read`. Use it only when you want a
160
+ simple app/server wrapper instead of full HTTP MCP.
161
+ - Direct SQL writeback creates or writes `synapsor_writeback_receipts` for
162
+ idempotency and replay. The trusted writer needs permission for that table,
163
+ or an administrator must pre-create it and grant access. Use an app-owned
164
+ `http_handler` or `command_handler` if Runner should not create receipt
165
+ tables in your application schema.
166
+ - Run `synapsor-runner doctor --config synapsor.runner.json --check-writeback`
167
+ after reviewing receipt-table DDL/grants to verify writer connectivity,
168
+ receipt-table permissions, and rollback-only target-table access. The probe
169
+ never mutates business rows, but it can create the receipt table if the
170
+ writer has permission.
171
+ - For app-owned `http_handler` executors, configure `signing_secret_env` to
172
+ have Runner sign writeback requests with `X-Synapsor-Signature`. Run
173
+ `synapsor-runner doctor --config synapsor.runner.json --check-handlers` to
174
+ check handler env vars and network reachability without applying a proposal.
175
+
118
176
  ## Connect Your Own Staging Database
119
177
 
120
178
  Put a read-only connection string in the environment:
@@ -147,6 +205,89 @@ call immediately and stores the evidence/query audit in the local ledger. If
147
205
  those env vars are missing, it prints the exact command to run after you set
148
206
  them from `.env.example`.
149
207
 
208
+ The end-to-end shape is:
209
+
210
+ ```text
211
+ 1. Put your read-only DB URL in DATABASE_URL.
212
+ 2. Run start --from-env DATABASE_URL.
213
+ 3. Choose one table/view and the safe fields agents may see.
214
+ 4. Preview the generated capabilities.
215
+ 5. Serve them over MCP to Claude, Cursor, OpenAI Agents SDK, or your app.
216
+ 6. For writes, approve a proposal outside MCP before writeback.
217
+ ```
218
+
219
+ The generated config is just the safety contract. A small reviewed version
220
+ looks like this:
221
+
222
+ ```json
223
+ {
224
+ "version": 1,
225
+ "mode": "review",
226
+ "sources": {
227
+ "app_postgres": {
228
+ "engine": "postgres",
229
+ "read_url_env": "DATABASE_URL",
230
+ "write_url_env": "SYNAPSOR_DATABASE_WRITE_URL"
231
+ }
232
+ },
233
+ "trusted_context": {
234
+ "provider": "environment",
235
+ "values": {
236
+ "tenant_id_env": "SYNAPSOR_TENANT_ID",
237
+ "principal_env": "SYNAPSOR_PRINCIPAL"
238
+ }
239
+ },
240
+ "capabilities": [
241
+ {
242
+ "name": "billing.inspect_invoice",
243
+ "kind": "read",
244
+ "source": "app_postgres",
245
+ "target": {
246
+ "schema": "public",
247
+ "table": "invoices",
248
+ "primary_key": "id",
249
+ "tenant_key": "tenant_id"
250
+ },
251
+ "args": {
252
+ "invoice_id": { "type": "string", "required": true }
253
+ },
254
+ "lookup": { "id_from_arg": "invoice_id" },
255
+ "visible_columns": ["id", "status", "late_fee_cents", "updated_at"],
256
+ "evidence": "required",
257
+ "max_rows": 1
258
+ },
259
+ {
260
+ "name": "billing.propose_late_fee_waiver",
261
+ "kind": "proposal",
262
+ "source": "app_postgres",
263
+ "target": {
264
+ "schema": "public",
265
+ "table": "invoices",
266
+ "primary_key": "id",
267
+ "tenant_key": "tenant_id"
268
+ },
269
+ "args": {
270
+ "invoice_id": { "type": "string", "required": true },
271
+ "reason": { "type": "string", "required": true }
272
+ },
273
+ "lookup": { "id_from_arg": "invoice_id" },
274
+ "visible_columns": ["id", "status", "late_fee_cents", "updated_at"],
275
+ "patch": {
276
+ "late_fee_cents": { "fixed": 0 },
277
+ "waiver_reason": { "from_arg": "reason" }
278
+ },
279
+ "allowed_columns": ["late_fee_cents", "waiver_reason"],
280
+ "conflict_guard": { "column": "updated_at" },
281
+ "approval": { "mode": "human", "required_role": "billing_lead" }
282
+ }
283
+ ]
284
+ }
285
+ ```
286
+
287
+ The agent sees `billing.inspect_invoice` and
288
+ `billing.propose_late_fee_waiver`. It does not see the database URL, writer
289
+ credential, raw SQL, approval command, or commit command.
290
+
150
291
  The wizard creates this local flow:
151
292
 
152
293
  ```text
@@ -421,6 +562,7 @@ Create a redacted local diagnostic report:
421
562
 
422
563
  ```bash
423
564
  synapsor-runner doctor --config synapsor.runner.json --report --redact --output synapsor-doctor.md
565
+ synapsor-runner doctor --config synapsor.runner.json --check-writeback
424
566
  ```
425
567
 
426
568
  Inspect or compact the local ledger:
@@ -429,6 +571,7 @@ Inspect or compact the local ledger:
429
571
  synapsor-runner store stats --store ./.synapsor/local.db
430
572
  synapsor-runner store vacuum --store ./.synapsor/local.db
431
573
  synapsor-runner store prune --store ./.synapsor/local.db --older-than 30d --dry-run
574
+ synapsor-runner store reset --store ./.synapsor/local.db --yes
432
575
  ```
433
576
 
434
577
  This is local indexed search for local/dev/staging usage. It is not external
@@ -442,6 +585,9 @@ your application service already owns business writes, configure an
442
585
  `http_handler` or `command_handler` executor. Approval still happens outside
443
586
  MCP, and the handler returns an applied/conflict/failed receipt for replay.
444
587
  Starter handlers are included under `examples/app-owned-writeback`.
588
+ The packaged app-owned billing example also includes a bundled
589
+ `synapsor-handler.mjs` helper shim; `@synapsor/handler` is not published as a
590
+ standalone npm package yet.
445
591
  You can also generate a starter handler directly:
446
592
 
447
593
  ```bash
package/dist/cli.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAYA,OAAO,EAAqG,KAAK,WAAW,EAAwE,MAAM,6BAA6B,CAAC;AAkBxO,OAAO,EAA6G,KAAK,YAAY,EAAwB,MAAM,2BAA2B,CAAC;AAC/L,OAAO,EAOL,KAAK,gBAAgB,EAEtB,MAAM,mCAAmC,CAAC;AAkS3C,wBAAsB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAiD1D;AA0DD,KAAK,SAAS,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE9E,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,GAAE;IACP,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,OAAO,CAAC,EAAE,WAAW,CAAC;IACtB,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;CACvC,GACL,OAAO,CAAC,MAAM,CAAC,CA2OjB;AAo9CD,wBAAsB,0BAA0B,CAAC,GAAG,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,CAAC,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAM/H"}
1
+ {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAYA,OAAO,EAAqG,KAAK,WAAW,EAA2F,MAAM,6BAA6B,CAAC;AAmB3P,OAAO,EAA6G,KAAK,YAAY,EAAwB,MAAM,2BAA2B,CAAC;AAC/L,OAAO,EAOL,KAAK,gBAAgB,EAEtB,MAAM,mCAAmC,CAAC;AAoS3C,wBAAsB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAkD1D;AA0DD,KAAK,SAAS,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE9E,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,GAAE;IACP,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,OAAO,CAAC,EAAE,WAAW,CAAC;IACtB,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;CACvC,GACL,OAAO,CAAC,MAAM,CAAC,CA6OjB;AA4uDD,wBAAsB,0BAA0B,CAAC,GAAG,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,CAAC,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAM/H"}