@synapsor/runner 0.1.0-alpha.11 → 0.1.0-alpha.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +85 -0
- package/README.md +169 -23
- package/dist/cli.d.ts.map +1 -1
- package/dist/runner.mjs +855 -66
- package/docs/README.md +21 -0
- package/docs/app-owned-executors.md +5 -0
- package/docs/capability-authoring.md +265 -0
- package/docs/doctor.md +98 -0
- package/docs/handler-helper.md +217 -0
- package/docs/local-mode.md +13 -2
- package/docs/release-notes.md +57 -2
- package/docs/release-policy.md +86 -0
- package/docs/result-envelope-v2.md +148 -0
- package/docs/rfcs/001-result-envelope-v2.md +143 -0
- package/docs/rfcs/002-app-owned-handler-helper.md +161 -0
- package/docs/rfcs/003-integrator-feedback-teardown.md +97 -0
- package/docs/store-lifecycle.md +83 -0
- package/docs/writeback-executors.md +18 -0
- package/examples/app-owned-writeback/README.md +1 -0
- package/examples/mcp-postgres-billing-app-handler/README.md +7 -2
- package/examples/mcp-postgres-billing-app-handler/app-handler.mjs +77 -149
- package/examples/mcp-postgres-billing-app-handler/scripts/run-demo.sh +1 -0
- package/examples/mcp-postgres-billing-app-handler/synapsor-handler.mjs +437 -0
- package/examples/mcp-postgres-billing-app-handler/synapsor.runner.json +1 -0
- package/package.json +3 -1
- package/schemas/change-set.v1.schema.json +140 -0
- package/schemas/execution-receipt.v1.schema.json +34 -0
- package/schemas/onboarding-selection.v1.schema.json +125 -0
- package/schemas/runner-registration.v1.schema.json +48 -0
- package/schemas/synapsor.app-handler-receipt.v1.json +39 -0
- package/schemas/synapsor.app-handler-request.v1.json +119 -0
- package/schemas/synapsor.runner.schema.json +412 -0
- package/schemas/writeback-job.v1.schema.json +121 -0
package/CHANGELOG.md
ADDED
|
@@ -0,0 +1,85 @@
|
|
|
1
|
+
# Changelog
|
|
2
|
+
|
|
3
|
+
## Unreleased
|
|
4
|
+
|
|
5
|
+
### Added
|
|
6
|
+
|
|
7
|
+
- `result_format: 2` for a stable MCP result envelope with
|
|
8
|
+
`ok`, `summary`, `data`, `proposal`, `error`, `evidence`,
|
|
9
|
+
`source_database_changed`, and `_meta.canonical_capability`.
|
|
10
|
+
- `--result-format v1|v2` for `mcp serve`, `mcp serve --transport
|
|
11
|
+
streamable-http`, `mcp serve-streamable-http`, and the legacy JSON-RPC bridge.
|
|
12
|
+
- Capability config fields `description`, per-argument `description`, and
|
|
13
|
+
`returns_hint`; these are surfaced in MCP tool metadata.
|
|
14
|
+
- `tools list` as a first-class alias for `tools preview`, including
|
|
15
|
+
`tools list --aliases`.
|
|
16
|
+
- `mcp client-config --include-instructions` for Claude/Cursor/OpenAI-style
|
|
17
|
+
client snippets with propose-first agent guidance.
|
|
18
|
+
- `schemas/synapsor.runner.schema.json` for editor validation.
|
|
19
|
+
- `docs/capability-authoring.md` and `docs/result-envelope-v2.md`.
|
|
20
|
+
- RFC source docs under `docs/rfcs/`.
|
|
21
|
+
|
|
22
|
+
### Changed
|
|
23
|
+
|
|
24
|
+
- OpenAI-safe aliases include the canonical Synapsor capability name in
|
|
25
|
+
descriptions/metadata so model-visible aliases can still be audited against
|
|
26
|
+
dotted capability names.
|
|
27
|
+
- v2 MCP errors redact raw driver/infra strings and map failures to a small
|
|
28
|
+
safe error-code enum.
|
|
29
|
+
|
|
30
|
+
### Compatibility
|
|
31
|
+
|
|
32
|
+
- Result envelope v1 remains the default in this alpha. Opt in with
|
|
33
|
+
`result_format: 2` or `--result-format v2`.
|
|
34
|
+
- The public command remains `synapsor-runner`.
|
|
35
|
+
|
|
36
|
+
## 0.1.0-alpha.14
|
|
37
|
+
|
|
38
|
+
### Changed
|
|
39
|
+
|
|
40
|
+
- Clarified that `@synapsor/handler` is not published as a standalone npm
|
|
41
|
+
package yet. The TypeScript helper currently exists in the source monorepo
|
|
42
|
+
and as the bundled `synapsor-handler.mjs` shim used by the packaged
|
|
43
|
+
app-owned executor example.
|
|
44
|
+
- Included `CHANGELOG.md` in the `@synapsor/runner` npm tarball so users can
|
|
45
|
+
inspect alpha changes without cloning the repository.
|
|
46
|
+
|
|
47
|
+
## 0.1.0-alpha.13
|
|
48
|
+
|
|
49
|
+
### Changed
|
|
50
|
+
|
|
51
|
+
- Reworked the README opening around a five-line mental model: agent talks to
|
|
52
|
+
Runner, Runner exposes capabilities, proposals are saved but not applied, and
|
|
53
|
+
approval/writeback stay outside the model-facing tool surface.
|
|
54
|
+
- Added plain definitions for capability, proposal, writeback, and executor near
|
|
55
|
+
the top of the README.
|
|
56
|
+
- Added the direct-writeback versus app-owned-executor rule up front: guarded
|
|
57
|
+
one-row updates can use Runner direct writeback; richer business actions use
|
|
58
|
+
an app-owned executor.
|
|
59
|
+
- Added a tiny readable own-database config example with one read capability and
|
|
60
|
+
one proposal capability so new users can picture what the guided wizard
|
|
61
|
+
creates.
|
|
62
|
+
|
|
63
|
+
## 0.1.0-alpha.12
|
|
64
|
+
|
|
65
|
+
### Added
|
|
66
|
+
|
|
67
|
+
- `doctor --check-writeback` verifies direct SQL writer connectivity,
|
|
68
|
+
receipt-table readiness, and rollback-only access to configured proposal
|
|
69
|
+
target tables/columns without mutating business rows.
|
|
70
|
+
- `docs/doctor.md` documents redacted setup checks, handler reachability,
|
|
71
|
+
direct SQL writeback probes, and receipt-table guidance.
|
|
72
|
+
- `store reset --yes` removes only the local SQLite ledger files and refuses
|
|
73
|
+
active server leases unless `--force` is provided.
|
|
74
|
+
|
|
75
|
+
### Changed
|
|
76
|
+
|
|
77
|
+
- Doctor output now warns when direct SQL writeback has not been probed and
|
|
78
|
+
points to `--check-writeback`.
|
|
79
|
+
- Packed/public verification scripts exercise `store reset` in addition to
|
|
80
|
+
stats/prune.
|
|
81
|
+
|
|
82
|
+
## 0.1.0-alpha.11
|
|
83
|
+
|
|
84
|
+
See [docs/release-notes.md](docs/release-notes.md) for the current published
|
|
85
|
+
alpha notes.
|
package/README.md
CHANGED
|
@@ -7,31 +7,44 @@ Runner lets an MCP agent inspect scoped data and request database-backed
|
|
|
7
7
|
business actions without receiving raw SQL, write credentials, approval tools,
|
|
8
8
|
or commit tools.
|
|
9
9
|
|
|
10
|
-
##
|
|
10
|
+
## The Five-Line Model
|
|
11
11
|
|
|
12
|
-
|
|
12
|
+
Your agent talks to Synapsor Runner, not directly to your database.
|
|
13
|
+
It can look: scoped reads through reviewed tools.
|
|
14
|
+
It can suggest: saved proposals with evidence and exact diffs.
|
|
15
|
+
It cannot commit: approval and writeback happen outside the model-facing tool.
|
|
16
|
+
After writeback, Runner keeps receipts and replay so you can inspect what happened.
|
|
13
17
|
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
-
|
|
19
|
-
|
|
20
|
-
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
18
|
+
## Four Terms
|
|
19
|
+
|
|
20
|
+
- Capability: a tool you define in config, such as `billing.inspect_invoice`
|
|
21
|
+
or `billing.propose_late_fee_waiver`. The agent only sees capabilities.
|
|
22
|
+
- Proposal: the agent's suggested database-backed change. It is saved, not
|
|
23
|
+
applied.
|
|
24
|
+
- Writeback: the moment an approved proposal actually changes the database.
|
|
25
|
+
- Executor: your app's writeback handler for anything richer than a guarded
|
|
26
|
+
one-row update.
|
|
27
|
+
|
|
28
|
+
## Who Does What
|
|
29
|
+
|
|
30
|
+
You write the config: sources, trusted context, capabilities, visible fields,
|
|
31
|
+
proposal fields, and guards. For rich writes, you also write a small handler.
|
|
32
|
+
|
|
33
|
+
Synapsor Runner serves the MCP tools, stores evidence/proposals/receipts,
|
|
34
|
+
enforces tenant, column, version, and idempotency guards, routes writeback, and
|
|
35
|
+
keeps the replay log. You do not rebuild the safety loop yourself.
|
|
36
|
+
|
|
37
|
+
## The Writeback Rule
|
|
38
|
+
|
|
39
|
+
One-row update to an existing row: Runner can do guarded direct writeback.
|
|
40
|
+
Anything else, such as inserting a row, touching two tables, or emitting an
|
|
41
|
+
event: your app-owned executor does it after approval.
|
|
42
|
+
|
|
43
|
+
## Deliberate Limits
|
|
44
|
+
|
|
45
|
+
Runner does not expose raw SQL, write credentials, approval tools, or commit
|
|
46
|
+
tools to the model. Direct Runner writeback does not do generic `INSERT`,
|
|
47
|
+
`DELETE`, `UPSERT`, DDL, or multi-row SQL. Those are app-owned executor jobs.
|
|
35
48
|
|
|
36
49
|
```text
|
|
37
50
|
AI agent or MCP client
|
|
@@ -115,6 +128,51 @@ MCP risk review -> npx -y -p @synapsor/runner@alpha synapsor-runner audit
|
|
|
115
128
|
`synapsor-runner` is the public command for this OSS runner. `synapsor` is
|
|
116
129
|
reserved for the Synapsor Cloud CLI.
|
|
117
130
|
|
|
131
|
+
Authoring reference:
|
|
132
|
+
|
|
133
|
+
- [Capability Authoring](docs/capability-authoring.md): read/proposal tools,
|
|
134
|
+
model-facing descriptions, result envelope v2, trusted context, and writeback
|
|
135
|
+
guards.
|
|
136
|
+
- [Result Envelope v2](docs/result-envelope-v2.md): stable
|
|
137
|
+
`ok`/`summary`/`data`/`proposal`/`error` MCP tool results.
|
|
138
|
+
- [JSON Schema](schemas/synapsor.runner.schema.json): editor validation for
|
|
139
|
+
`synapsor.runner.json`.
|
|
140
|
+
|
|
141
|
+
## Current Alpha Details
|
|
142
|
+
|
|
143
|
+
These are current alpha requirements, not hidden behavior:
|
|
144
|
+
|
|
145
|
+
- Writeback with `--config ./synapsor.runner.json` reads the trusted writer
|
|
146
|
+
connection from the source `write_url_env`, for example
|
|
147
|
+
`SYNAPSOR_DATABASE_WRITE_URL`. `SYNAPSOR_DATABASE_URL` is only the legacy
|
|
148
|
+
fallback when you run direct worker/apply flows without a local config.
|
|
149
|
+
- `synapsor-runner mcp serve` is standard stdio MCP for local clients that can
|
|
150
|
+
launch Runner.
|
|
151
|
+
- `synapsor-runner mcp serve-streamable-http` is standard MCP Streamable HTTP
|
|
152
|
+
with `initialize` and in-memory session behavior for SDK/client HTTP MCP
|
|
153
|
+
integrations.
|
|
154
|
+
- OpenAI Agents SDK rejects dotted function/tool names. Use
|
|
155
|
+
`--alias-mode openai` or `--openai-tool-aliases` for OpenAI-facing MCP
|
|
156
|
+
transports. Runner exposes aliases such as `billing__inspect_invoice` and
|
|
157
|
+
keeps the canonical Synapsor capability name in tool metadata.
|
|
158
|
+
- `synapsor-runner mcp serve-http` is a small authenticated JSON-RPC bridge for
|
|
159
|
+
`tools/list`, `tools/call`, and `resources/read`. Use it only when you want a
|
|
160
|
+
simple app/server wrapper instead of full HTTP MCP.
|
|
161
|
+
- Direct SQL writeback creates or writes `synapsor_writeback_receipts` for
|
|
162
|
+
idempotency and replay. The trusted writer needs permission for that table,
|
|
163
|
+
or an administrator must pre-create it and grant access. Use an app-owned
|
|
164
|
+
`http_handler` or `command_handler` if Runner should not create receipt
|
|
165
|
+
tables in your application schema.
|
|
166
|
+
- Run `synapsor-runner doctor --config synapsor.runner.json --check-writeback`
|
|
167
|
+
after reviewing receipt-table DDL/grants to verify writer connectivity,
|
|
168
|
+
receipt-table permissions, and rollback-only target-table access. The probe
|
|
169
|
+
never mutates business rows, but it can create the receipt table if the
|
|
170
|
+
writer has permission.
|
|
171
|
+
- For app-owned `http_handler` executors, configure `signing_secret_env` to
|
|
172
|
+
have Runner sign writeback requests with `X-Synapsor-Signature`. Run
|
|
173
|
+
`synapsor-runner doctor --config synapsor.runner.json --check-handlers` to
|
|
174
|
+
check handler env vars and network reachability without applying a proposal.
|
|
175
|
+
|
|
118
176
|
## Connect Your Own Staging Database
|
|
119
177
|
|
|
120
178
|
Put a read-only connection string in the environment:
|
|
@@ -147,6 +205,89 @@ call immediately and stores the evidence/query audit in the local ledger. If
|
|
|
147
205
|
those env vars are missing, it prints the exact command to run after you set
|
|
148
206
|
them from `.env.example`.
|
|
149
207
|
|
|
208
|
+
The end-to-end shape is:
|
|
209
|
+
|
|
210
|
+
```text
|
|
211
|
+
1. Put your read-only DB URL in DATABASE_URL.
|
|
212
|
+
2. Run start --from-env DATABASE_URL.
|
|
213
|
+
3. Choose one table/view and the safe fields agents may see.
|
|
214
|
+
4. Preview the generated capabilities.
|
|
215
|
+
5. Serve them over MCP to Claude, Cursor, OpenAI Agents SDK, or your app.
|
|
216
|
+
6. For writes, approve a proposal outside MCP before writeback.
|
|
217
|
+
```
|
|
218
|
+
|
|
219
|
+
The generated config is just the safety contract. A small reviewed version
|
|
220
|
+
looks like this:
|
|
221
|
+
|
|
222
|
+
```json
|
|
223
|
+
{
|
|
224
|
+
"version": 1,
|
|
225
|
+
"mode": "review",
|
|
226
|
+
"sources": {
|
|
227
|
+
"app_postgres": {
|
|
228
|
+
"engine": "postgres",
|
|
229
|
+
"read_url_env": "DATABASE_URL",
|
|
230
|
+
"write_url_env": "SYNAPSOR_DATABASE_WRITE_URL"
|
|
231
|
+
}
|
|
232
|
+
},
|
|
233
|
+
"trusted_context": {
|
|
234
|
+
"provider": "environment",
|
|
235
|
+
"values": {
|
|
236
|
+
"tenant_id_env": "SYNAPSOR_TENANT_ID",
|
|
237
|
+
"principal_env": "SYNAPSOR_PRINCIPAL"
|
|
238
|
+
}
|
|
239
|
+
},
|
|
240
|
+
"capabilities": [
|
|
241
|
+
{
|
|
242
|
+
"name": "billing.inspect_invoice",
|
|
243
|
+
"kind": "read",
|
|
244
|
+
"source": "app_postgres",
|
|
245
|
+
"target": {
|
|
246
|
+
"schema": "public",
|
|
247
|
+
"table": "invoices",
|
|
248
|
+
"primary_key": "id",
|
|
249
|
+
"tenant_key": "tenant_id"
|
|
250
|
+
},
|
|
251
|
+
"args": {
|
|
252
|
+
"invoice_id": { "type": "string", "required": true }
|
|
253
|
+
},
|
|
254
|
+
"lookup": { "id_from_arg": "invoice_id" },
|
|
255
|
+
"visible_columns": ["id", "status", "late_fee_cents", "updated_at"],
|
|
256
|
+
"evidence": "required",
|
|
257
|
+
"max_rows": 1
|
|
258
|
+
},
|
|
259
|
+
{
|
|
260
|
+
"name": "billing.propose_late_fee_waiver",
|
|
261
|
+
"kind": "proposal",
|
|
262
|
+
"source": "app_postgres",
|
|
263
|
+
"target": {
|
|
264
|
+
"schema": "public",
|
|
265
|
+
"table": "invoices",
|
|
266
|
+
"primary_key": "id",
|
|
267
|
+
"tenant_key": "tenant_id"
|
|
268
|
+
},
|
|
269
|
+
"args": {
|
|
270
|
+
"invoice_id": { "type": "string", "required": true },
|
|
271
|
+
"reason": { "type": "string", "required": true }
|
|
272
|
+
},
|
|
273
|
+
"lookup": { "id_from_arg": "invoice_id" },
|
|
274
|
+
"visible_columns": ["id", "status", "late_fee_cents", "updated_at"],
|
|
275
|
+
"patch": {
|
|
276
|
+
"late_fee_cents": { "fixed": 0 },
|
|
277
|
+
"waiver_reason": { "from_arg": "reason" }
|
|
278
|
+
},
|
|
279
|
+
"allowed_columns": ["late_fee_cents", "waiver_reason"],
|
|
280
|
+
"conflict_guard": { "column": "updated_at" },
|
|
281
|
+
"approval": { "mode": "human", "required_role": "billing_lead" }
|
|
282
|
+
}
|
|
283
|
+
]
|
|
284
|
+
}
|
|
285
|
+
```
|
|
286
|
+
|
|
287
|
+
The agent sees `billing.inspect_invoice` and
|
|
288
|
+
`billing.propose_late_fee_waiver`. It does not see the database URL, writer
|
|
289
|
+
credential, raw SQL, approval command, or commit command.
|
|
290
|
+
|
|
150
291
|
The wizard creates this local flow:
|
|
151
292
|
|
|
152
293
|
```text
|
|
@@ -421,6 +562,7 @@ Create a redacted local diagnostic report:
|
|
|
421
562
|
|
|
422
563
|
```bash
|
|
423
564
|
synapsor-runner doctor --config synapsor.runner.json --report --redact --output synapsor-doctor.md
|
|
565
|
+
synapsor-runner doctor --config synapsor.runner.json --check-writeback
|
|
424
566
|
```
|
|
425
567
|
|
|
426
568
|
Inspect or compact the local ledger:
|
|
@@ -429,6 +571,7 @@ Inspect or compact the local ledger:
|
|
|
429
571
|
synapsor-runner store stats --store ./.synapsor/local.db
|
|
430
572
|
synapsor-runner store vacuum --store ./.synapsor/local.db
|
|
431
573
|
synapsor-runner store prune --store ./.synapsor/local.db --older-than 30d --dry-run
|
|
574
|
+
synapsor-runner store reset --store ./.synapsor/local.db --yes
|
|
432
575
|
```
|
|
433
576
|
|
|
434
577
|
This is local indexed search for local/dev/staging usage. It is not external
|
|
@@ -442,6 +585,9 @@ your application service already owns business writes, configure an
|
|
|
442
585
|
`http_handler` or `command_handler` executor. Approval still happens outside
|
|
443
586
|
MCP, and the handler returns an applied/conflict/failed receipt for replay.
|
|
444
587
|
Starter handlers are included under `examples/app-owned-writeback`.
|
|
588
|
+
The packaged app-owned billing example also includes a bundled
|
|
589
|
+
`synapsor-handler.mjs` helper shim; `@synapsor/handler` is not published as a
|
|
590
|
+
standalone npm package yet.
|
|
445
591
|
You can also generate a starter handler directly:
|
|
446
592
|
|
|
447
593
|
```bash
|
package/dist/cli.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAYA,OAAO,EAAqG,KAAK,WAAW,
|
|
1
|
+
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAYA,OAAO,EAAqG,KAAK,WAAW,EAA2F,MAAM,6BAA6B,CAAC;AAmB3P,OAAO,EAA6G,KAAK,YAAY,EAAwB,MAAM,2BAA2B,CAAC;AAC/L,OAAO,EAOL,KAAK,gBAAgB,EAEtB,MAAM,mCAAmC,CAAC;AAoS3C,wBAAsB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAkD1D;AA0DD,KAAK,SAAS,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE9E,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,GAAE;IACP,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,OAAO,CAAC,EAAE,WAAW,CAAC;IACtB,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;CACvC,GACL,OAAO,CAAC,MAAM,CAAC,CA6OjB;AA4uDD,wBAAsB,0BAA0B,CAAC,GAAG,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,CAAC,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAM/H"}
|