@synapsor/runner 0.1.0-alpha.16 → 0.1.0-alpha.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -4,6 +4,38 @@
4
4
 
5
5
  No unreleased changes yet.
6
6
 
7
+ ## 0.1.0-alpha.17
8
+
9
+ ### Added
10
+
11
+ - Prompt-free onboarding for `onboard db` / `init` through `--yes`,
12
+ `--non-interactive`, and `--answers <file.json>`.
13
+ - Friendly scripted onboarding flags: `--tenant-column`, `--id-arg`, `--patch
14
+ column=fixed:value|arg:name`, `--patch-bounds`, `--status-guards`,
15
+ `--read-description`, `--read-returns-hint`, `--handler-output`, and
16
+ `--emit-handler`.
17
+ - Answers-file onboarding can emit the same artifacts as the wizard: reviewed
18
+ config, `.env.example`, MCP snippets, and optional handler template.
19
+ - Guided onboarding now shows a final "what I am about to write" preview where
20
+ users can revise visible fields or capability names before files are written.
21
+ - README and runner README now include a short "How An External Handler Works"
22
+ explanation directly after the writeback rule.
23
+ - `events webhook` / `events push` can POST local proposal/writeback lifecycle
24
+ events to a local/dev/staging HTTP endpoint for review UIs or notifications.
25
+
26
+ ### Changed
27
+
28
+ - When `--namespace` is omitted, generated capability names derive a namespace
29
+ from the selected table instead of defaulting to `source.*`.
30
+ - App-owned `http_handler` and `command_handler` generated configs mark the
31
+ Runner source as `read_only: true` when no writer env is supplied. These
32
+ configs now validate without a `WRITEBACK_DISABLED` warning.
33
+ - Direct SQL review-mode proposal capabilities still require `write_url_env`
34
+ readiness; missing writer env remains visible as `WRITEBACK_DISABLED`.
35
+ - Published docs/examples no longer contain install-looking
36
+ `@synapsor/handler` imports. The app-owned example uses the bundled
37
+ `synapsor-handler.mjs` shim directly.
38
+
7
39
  ## 0.1.0-alpha.16
8
40
 
9
41
  ### Added
package/README.md CHANGED
@@ -44,6 +44,25 @@ One-row update to an existing row: Runner can do guarded direct writeback.
44
44
  Anything else, such as inserting a row, touching two tables, or emitting an
45
45
  event: your app-owned executor does it after approval.
46
46
 
47
+ ## How An External Handler Works
48
+
49
+ Some changes are too rich for Runner's one-row writeback: insert a credit row,
50
+ touch two tables, or emit an event. For those, you run a small endpoint. The
51
+ flow is:
52
+
53
+ ```text
54
+ agent proposes
55
+ -> human approves outside MCP
56
+ -> Runner POSTs the approved change to your endpoint
57
+ -> your code writes it in its own transaction and returns a receipt
58
+ ```
59
+
60
+ The model never touches this code. You are the last line of defense: Runner
61
+ hands you the tenant, expected row version, and idempotency key, and your
62
+ handler must re-check all three. Skipping those checks reintroduces
63
+ cross-tenant writes, lost updates, or duplicate writes. Start from
64
+ `synapsor-runner handler template ...` instead of hand-rolling the safety checks.
65
+
47
66
  ## Deliberate Limits
48
67
 
49
68
  Runner does not expose raw SQL, write credentials, approval tools, or commit
@@ -129,6 +148,16 @@ Your own staging DB -> export DATABASE_URL=... then run the inspect command b
129
148
  MCP risk review -> npx -y -p @synapsor/runner@alpha synapsor-runner audit --example dangerous-db-mcp
130
149
  ```
131
150
 
151
+ For your own database, do this before wiring Claude, Cursor, OpenAI Agents SDK,
152
+ or another MCP client:
153
+
154
+ ```text
155
+ 1. Generate the config with start/init/onboard.
156
+ 2. Run tools preview to confirm no raw SQL or write credentials are exposed.
157
+ 3. Run smoke call against one generated inspect tool.
158
+ 4. Only then run up --serve or mcp serve.
159
+ ```
160
+
132
161
  `synapsor-runner` is the public command for this OSS runner. `synapsor` is
133
162
  reserved for the Synapsor Cloud CLI.
134
163
 
@@ -227,21 +256,56 @@ Bring the generated review-mode workspace up with one command:
227
256
 
228
257
  ```bash
229
258
  npx -y -p @synapsor/runner@alpha synapsor-runner up \
259
+ --serve \
230
260
  --config ./synapsor.runner.json \
231
- --store ./.synapsor/local.db \
232
- --dry-run
261
+ --store ./.synapsor/local.db
233
262
  ```
234
263
 
235
264
  `up` validates the config/store, summarizes model-facing tools, shows whether
236
265
  proposal tools use direct SQL writeback or app-owned executors, checks active
237
266
  store leases, and prints the next smoke, approve, apply, replay, UI, and doctor
238
- commands. Use `--transport streamable-http` when you want `up` to start the
239
- standard HTTP MCP server.
267
+ commands. By default, `up` is guidance-only. Use `up --serve` to start the
268
+ standard Streamable HTTP MCP server after the checklist; use `--dry-run` to
269
+ rehearse without starting it. For app-owned executor configs, add
270
+ `--with-handler` to run the handler doctor before serving.
271
+
272
+ For CI, shell scripts, or an LLM driving the setup, use the prompt-free path:
273
+
274
+ ```bash
275
+ npx -y -p @synapsor/runner@alpha synapsor-runner onboard db \
276
+ --from-env DATABASE_URL \
277
+ --schema public \
278
+ --table invoices \
279
+ --mode review \
280
+ --tenant-column tenant_id \
281
+ --primary-key id \
282
+ --conflict-column updated_at \
283
+ --namespace billing \
284
+ --object-name invoice \
285
+ --id-arg invoice_id \
286
+ --visible-columns id,tenant_id,late_fee_cents,waiver_reason,updated_at \
287
+ --patch late_fee_cents=fixed:0,waiver_reason=arg:reason \
288
+ --patch-bounds late_fee_cents=0:5500 \
289
+ --write-url-env SYNAPSOR_DATABASE_WRITE_URL \
290
+ --yes
291
+ ```
292
+
293
+ If `--namespace` is omitted, Runner derives a namespace from the table name
294
+ instead of creating `source.*` tools. Use `--read-tool` and `--proposal-tool`
295
+ when you need exact model-facing names.
296
+
297
+ For app-owned writeback, replace `--write-url-env ...` with
298
+ `--writeback http_handler --handler-url-env APP_WRITEBACK_URL --emit-handler`.
299
+ Runner marks that source as read-only unless you explicitly pass a writer env,
300
+ so `config validate` does not warn that direct SQL writeback is disabled.
301
+ You can also pass `--answers ./answers.json --yes` for a fully declarative
302
+ setup file.
240
303
 
241
304
  ```json
242
305
  {
243
306
  "version": 1,
244
307
  "mode": "review",
308
+ "result_format": 2,
245
309
  "sources": {
246
310
  "app_postgres": {
247
311
  "engine": "postgres",
@@ -315,7 +379,8 @@ trusted context -> capability -> MCP tool
315
379
 
316
380
  It asks which table/view backs the context, which tenant/scope column and
317
381
  backend session env vars are trusted, which fields are visible, and what
318
- semantic capability name to expose.
382
+ semantic capability name to expose. Before writing files, it shows a final
383
+ preview and lets you revise visible fields or capability names.
319
384
 
320
385
  ```bash
321
386
  npx -y -p @synapsor/runner@alpha synapsor-runner init \
@@ -384,6 +449,17 @@ synapsor-runner mcp serve-streamable-http \
384
449
  --alias-mode openai
385
450
  ```
386
451
 
452
+ You can also start the same review-mode server through the safer startup
453
+ checklist:
454
+
455
+ ```bash
456
+ synapsor-runner up --serve \
457
+ --config ./synapsor.runner.json \
458
+ --store ./.synapsor/local.db \
459
+ --auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN \
460
+ --alias-mode openai
461
+ ```
462
+
387
463
  Equivalent unified command:
388
464
 
389
465
  ```bash
@@ -472,6 +548,22 @@ For a longer local session, you can install the alpha package explicitly:
472
548
  npm install -g @synapsor/runner@alpha
473
549
  ```
474
550
 
551
+ ## Stable Compatibility Promise
552
+
553
+ Until the first stable `0.1.0` tag is published, install with `@alpha` or an
554
+ exact alpha version. Do not treat the untagged `latest` dist-tag as stable yet.
555
+
556
+ After `0.1.0` is promoted to `latest`, Synapsor Runner will keep the documented
557
+ `synapsor-runner` binary, `synapsor.runner.json` schema version `1`, result
558
+ envelope v2, stdio MCP, Streamable HTTP MCP, MCP client snippets, proposal/
559
+ approval/writeback inspection commands, direct SQL writeback contract, and
560
+ app-owned executor contract compatible through the `0.1.x` line unless a
561
+ release note marks a deprecation first.
562
+
563
+ Stable does not mean production SLA, hosted Cloud features, compliance
564
+ certification, physical Postgres/MySQL branching, generic SQL writeback, or
565
+ support for undocumented local SQLite internals.
566
+
475
567
  ## Runtime Flow
476
568
 
477
569
  The local runner keeps the model-facing tool call separate from approval and
@@ -556,6 +648,8 @@ relying on `latest`:
556
648
 
557
649
  ```bash
558
650
  synapsor-runner activity search --tenant acme --object invoice:INV-3001
651
+ synapsor-runner events tail --store ./.synapsor/local.db
652
+ synapsor-runner events webhook --url http://127.0.0.1:8788/synapsor/events --kind proposal_created --store ./.synapsor/local.db
559
653
  synapsor-runner proposals list --tenant acme --object invoice:INV-3001 --status approved
560
654
  synapsor-runner evidence show ev_...
561
655
  synapsor-runner query-audit list --evidence ev_...
@@ -588,11 +682,17 @@ Inspect or compact the local ledger:
588
682
 
589
683
  ```bash
590
684
  synapsor-runner store stats --store ./.synapsor/local.db
685
+ synapsor-runner events tail --store ./.synapsor/local.db --follow
686
+ synapsor-runner events webhook --url-env SYNAPSOR_EVENT_WEBHOOK_URL --auth-token-env SYNAPSOR_EVENT_WEBHOOK_TOKEN --follow --store ./.synapsor/local.db
591
687
  synapsor-runner store vacuum --store ./.synapsor/local.db
592
688
  synapsor-runner store prune --store ./.synapsor/local.db --older-than 30d --dry-run
593
689
  synapsor-runner store reset --store ./.synapsor/local.db --yes
594
690
  ```
595
691
 
692
+ `events webhook` is a local/dev/staging convenience for review UIs, Slack
693
+ bridges, or app-local notifications. It POSTs one redacted local event envelope
694
+ per lifecycle event; it is not a hosted central ledger.
695
+
596
696
  This is local indexed search for local/dev/staging usage. It is not external
597
697
  database time travel, not cross-runner search, and not hosted compliance
598
698
  retention.
@@ -613,8 +713,8 @@ MCP, and the handler returns an applied/conflict/failed receipt for replay.
613
713
 
614
714
  Starter handlers are included under `examples/app-owned-writeback`.
615
715
  The packaged app-owned billing example also includes a bundled
616
- `synapsor-handler.mjs` helper shim; `@synapsor/handler` is not published as a
617
- standalone npm package yet.
716
+ `synapsor-handler.mjs` helper shim. There is no separate handler package to
717
+ install.
618
718
  You can also generate a starter handler directly:
619
719
 
620
720
  ```bash
package/dist/cli.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAYA,OAAO,EAAqG,KAAK,WAAW,EAA2F,MAAM,6BAA6B,CAAC;AAmB3P,OAAO,EAA6G,KAAK,YAAY,EAAwB,MAAM,2BAA2B,CAAC;AAC/L,OAAO,EAOL,KAAK,gBAAgB,EAEtB,MAAM,mCAAmC,CAAC;AA4U3C,wBAAsB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAmD1D;AA0DD,KAAK,SAAS,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE9E,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,GAAE;IACP,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,OAAO,CAAC,EAAE,WAAW,CAAC;IACtB,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;CACvC,GACL,OAAO,CAAC,MAAM,CAAC,CA+RjB;AAivDD,wBAAsB,0BAA0B,CAAC,GAAG,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,CAAC,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAM/H"}
1
+ {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAYA,OAAO,EAAqG,KAAK,WAAW,EAA2F,MAAM,6BAA6B,CAAC;AAmB3P,OAAO,EAA6G,KAAK,YAAY,EAAwB,MAAM,2BAA2B,CAAC;AAC/L,OAAO,EAOL,KAAK,gBAAgB,EAEtB,MAAM,mCAAmC,CAAC;AA4U3C,wBAAsB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAmD1D;AA+DD,KAAK,SAAS,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE9E,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,GAAE;IACP,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,OAAO,CAAC,EAAE,WAAW,CAAC;IACtB,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;CACvC,GACL,OAAO,CAAC,MAAM,CAAC,CA2TjB;AAo7DD,wBAAsB,0BAA0B,CAAC,GAAG,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,CAAC,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAM/H"}