@synapsor/runner 0.1.0-alpha.2 → 0.1.0-alpha.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +8 -4
- package/dist/cli.d.ts.map +1 -1
- package/dist/runner.mjs +106 -9
- package/docs/cloud-mode.md +3 -3
- package/docs/config-migrations.md +3 -3
- package/docs/demo-transcript.md +4 -4
- package/docs/first-10-minutes.md +3 -3
- package/docs/getting-started-own-database.md +27 -27
- package/docs/local-mode.md +13 -13
- package/docs/local-ui.md +4 -4
- package/docs/mcp-audit.md +17 -6
- package/docs/mcp-client-setup.md +6 -6
- package/docs/mcp-efficiency-benchmark.md +2 -2
- package/docs/operations.md +3 -3
- package/docs/own-db-20-minutes.md +14 -14
- package/docs/recipes.md +6 -6
- package/docs/schema-inspection.md +3 -3
- package/docs/shadow-mode.md +4 -4
- package/docs/troubleshooting-first-run.md +6 -6
- package/docs/writeback-executors.md +1 -1
- package/examples/reference-support-billing-app/README.md +9 -9
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -10,12 +10,16 @@ or commit tools.
|
|
|
10
10
|
## Run The Alpha
|
|
11
11
|
|
|
12
12
|
```bash
|
|
13
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
13
|
+
npx -y -p @synapsor/runner@alpha synapsor --help
|
|
14
|
+
npx -y -p @synapsor/runner@alpha synapsor demo --quick
|
|
15
|
+
npx -y -p @synapsor/runner@alpha synapsor audit --example dangerous-db-mcp
|
|
14
16
|
```
|
|
15
17
|
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
18
|
+
`synapsor` is the public command. `synapsor-runner` remains available as a
|
|
19
|
+
backward-compatible alias for earlier alpha commands.
|
|
20
|
+
|
|
21
|
+
`synapsor demo --quick` is fixture-only and does not require Docker. Use
|
|
22
|
+
`synapsor demo` for the disposable local Postgres-backed demo.
|
|
19
23
|
|
|
20
24
|
Use it with a local or staging database:
|
|
21
25
|
|
package/dist/cli.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAiBA,OAAO,EAOL,KAAK,gBAAgB,EAEtB,MAAM,mCAAmC,CAAC;
|
|
1
|
+
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAiBA,OAAO,EAOL,KAAK,gBAAgB,EAEtB,MAAM,mCAAmC,CAAC;AA0H3C,wBAAsB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAqC1D;AA0DD,KAAK,SAAS,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE9E,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,GAAE;IACP,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;CACvC,GACL,OAAO,CAAC,MAAM,CAAC,CA0KjB"}
|
package/dist/runner.mjs
CHANGED
|
@@ -2158,7 +2158,7 @@ function createMcpRuntime(config, options = {}) {
|
|
|
2158
2158
|
}
|
|
2159
2159
|
function createSynapsorMcpServer(runtime) {
|
|
2160
2160
|
const server = new McpServer(
|
|
2161
|
-
{ name: "synapsor-runner", version: "0.1.0-alpha.
|
|
2161
|
+
{ name: "synapsor-runner", version: "0.1.0-alpha.3" },
|
|
2162
2162
|
{ capabilities: { tools: {}, resources: {} } }
|
|
2163
2163
|
);
|
|
2164
2164
|
if (runtime.config.mode === "cloud") {
|
|
@@ -5162,6 +5162,94 @@ function stringOrDefault(value, fallback) {
|
|
|
5162
5162
|
// apps/runner/src/cli.ts
|
|
5163
5163
|
var adapters = { postgres: postgresAdapter, mysql: mysqlAdapter };
|
|
5164
5164
|
var handlerReceiptStatuses = /* @__PURE__ */ new Set(["applied", "already_applied", "conflict", "failed"]);
|
|
5165
|
+
var dangerousDatabaseMcpAuditExample = {
|
|
5166
|
+
tools: [
|
|
5167
|
+
{
|
|
5168
|
+
name: "execute_sql",
|
|
5169
|
+
description: "Execute arbitrary SQL against the application database.",
|
|
5170
|
+
inputSchema: {
|
|
5171
|
+
type: "object",
|
|
5172
|
+
properties: {
|
|
5173
|
+
sql: { type: "string" }
|
|
5174
|
+
},
|
|
5175
|
+
required: ["sql"]
|
|
5176
|
+
}
|
|
5177
|
+
},
|
|
5178
|
+
{
|
|
5179
|
+
name: "run_query",
|
|
5180
|
+
description: "Run any query and return database rows.",
|
|
5181
|
+
inputSchema: {
|
|
5182
|
+
type: "object",
|
|
5183
|
+
properties: {
|
|
5184
|
+
query: { type: "string" },
|
|
5185
|
+
table: { type: "string" },
|
|
5186
|
+
columns: {
|
|
5187
|
+
type: "array",
|
|
5188
|
+
items: { type: "string" }
|
|
5189
|
+
}
|
|
5190
|
+
},
|
|
5191
|
+
required: ["query"]
|
|
5192
|
+
}
|
|
5193
|
+
},
|
|
5194
|
+
{
|
|
5195
|
+
name: "approve_refund",
|
|
5196
|
+
description: "Approve and issue a customer refund immediately.",
|
|
5197
|
+
inputSchema: {
|
|
5198
|
+
type: "object",
|
|
5199
|
+
properties: {
|
|
5200
|
+
refund_id: { type: "string" },
|
|
5201
|
+
tenant_id: { type: "string" },
|
|
5202
|
+
amount_cents: { type: "number" }
|
|
5203
|
+
},
|
|
5204
|
+
required: ["refund_id", "tenant_id", "amount_cents"]
|
|
5205
|
+
}
|
|
5206
|
+
},
|
|
5207
|
+
{
|
|
5208
|
+
name: "update_customer",
|
|
5209
|
+
description: "Update a customer record directly.",
|
|
5210
|
+
inputSchema: {
|
|
5211
|
+
type: "object",
|
|
5212
|
+
properties: {
|
|
5213
|
+
customer_id: { type: "string" },
|
|
5214
|
+
tenant_id: { type: "string" },
|
|
5215
|
+
column: { type: "string" },
|
|
5216
|
+
value: { type: "string" }
|
|
5217
|
+
},
|
|
5218
|
+
required: ["customer_id", "tenant_id", "column", "value"]
|
|
5219
|
+
}
|
|
5220
|
+
},
|
|
5221
|
+
{
|
|
5222
|
+
name: "delete_order",
|
|
5223
|
+
description: "Delete an order from the database.",
|
|
5224
|
+
inputSchema: {
|
|
5225
|
+
type: "object",
|
|
5226
|
+
properties: {
|
|
5227
|
+
order_id: { type: "string" },
|
|
5228
|
+
tenant_id: { type: "string" }
|
|
5229
|
+
},
|
|
5230
|
+
required: ["order_id", "tenant_id"]
|
|
5231
|
+
}
|
|
5232
|
+
},
|
|
5233
|
+
{
|
|
5234
|
+
name: "query_database",
|
|
5235
|
+
description: "Query arbitrary tables and columns from the database.",
|
|
5236
|
+
inputSchema: {
|
|
5237
|
+
type: "object",
|
|
5238
|
+
properties: {
|
|
5239
|
+
database: { type: "string" },
|
|
5240
|
+
schema: { type: "string" },
|
|
5241
|
+
table: { type: "string" },
|
|
5242
|
+
columns: {
|
|
5243
|
+
type: "array",
|
|
5244
|
+
items: { type: "string" }
|
|
5245
|
+
},
|
|
5246
|
+
where: { type: "string" }
|
|
5247
|
+
},
|
|
5248
|
+
required: ["table"]
|
|
5249
|
+
}
|
|
5250
|
+
}
|
|
5251
|
+
]
|
|
5252
|
+
};
|
|
5165
5253
|
var defaultConfigPath = "synapsor.runner.json";
|
|
5166
5254
|
var defaultStorePath = "./.synapsor/local.db";
|
|
5167
5255
|
var referenceDemoDir = "examples/reference-support-billing-app";
|
|
@@ -6912,7 +7000,7 @@ async function cloudConnect(args) {
|
|
|
6912
7000
|
return 1;
|
|
6913
7001
|
}
|
|
6914
7002
|
const runnerId = String(parsed.cloud.runner_id || process2.env.SYNAPSOR_RUNNER_ID || "synapsor_runner_local").trim();
|
|
6915
|
-
const runnerVersion = String(parsed.cloud.runner_version || process2.env.npm_package_version || "0.1.0-alpha.
|
|
7003
|
+
const runnerVersion = String(parsed.cloud.runner_version || process2.env.npm_package_version || "0.1.0-alpha.3").trim();
|
|
6916
7004
|
const engines = normalizeEngines(parsed.cloud.engines);
|
|
6917
7005
|
const capabilities = normalizeCapabilities(parsed.cloud.capabilities);
|
|
6918
7006
|
const client = new ControlPlaneClient({
|
|
@@ -7047,7 +7135,7 @@ async function quickDemo() {
|
|
|
7047
7135
|
"",
|
|
7048
7136
|
"Next:",
|
|
7049
7137
|
`${cliCommandName()} demo`,
|
|
7050
|
-
`${cliCommandName()} audit
|
|
7138
|
+
`${cliCommandName()} audit --example dangerous-db-mcp`,
|
|
7051
7139
|
""
|
|
7052
7140
|
].join("\n"));
|
|
7053
7141
|
return 0;
|
|
@@ -7065,12 +7153,13 @@ async function mcpServe(args) {
|
|
|
7065
7153
|
}
|
|
7066
7154
|
async function mcpAudit(args) {
|
|
7067
7155
|
const json = args.includes("--json");
|
|
7068
|
-
const
|
|
7156
|
+
const example = optionalArg(args, "--example");
|
|
7157
|
+
const target2 = example ? `example:${example}` : firstPositional(args);
|
|
7069
7158
|
if (!target2) {
|
|
7070
|
-
throw new Error("mcp audit requires <target>");
|
|
7159
|
+
throw new Error("mcp audit requires <target> or --example dangerous-db-mcp");
|
|
7071
7160
|
}
|
|
7072
7161
|
const timeoutMs = Number(optionalArg(args, "--timeout-ms") ?? "5000");
|
|
7073
|
-
const payload = await readMcpAuditTarget(target2, args, timeoutMs);
|
|
7162
|
+
const payload = example ? builtInMcpAuditExample(example) : await readMcpAuditTarget(target2, args, timeoutMs);
|
|
7074
7163
|
const report = auditMcpManifest(payload, { target: target2 });
|
|
7075
7164
|
process2.stdout.write(json ? `${JSON.stringify(report, null, 2)}
|
|
7076
7165
|
` : formatMcpAuditReport(report));
|
|
@@ -7106,8 +7195,9 @@ async function audit(args) {
|
|
|
7106
7195
|
const url = optionalArg(args, "--url");
|
|
7107
7196
|
const stdio = optionalArg(args, "--stdio");
|
|
7108
7197
|
const mcpConfig2 = optionalArg(args, "--mcp-config");
|
|
7109
|
-
const
|
|
7110
|
-
|
|
7198
|
+
const example = optionalArg(args, "--example");
|
|
7199
|
+
const target2 = example ? `example:${example}` : url ?? (stdio ? `stdio:${stdio}` : mcpConfig2 ?? firstPositional(args));
|
|
7200
|
+
if (!target2) throw new Error("audit requires <target>, --example dangerous-db-mcp, --mcp-config <path>, --stdio <command>, or --url <url>");
|
|
7111
7201
|
const forwarded = args.filter((arg, index) => {
|
|
7112
7202
|
const previous = args[index - 1];
|
|
7113
7203
|
return !["--url", "--stdio", "--mcp-config"].includes(arg) && !["--url", "--stdio", "--mcp-config"].includes(previous ?? "");
|
|
@@ -7723,6 +7813,10 @@ async function readMcpAuditTarget(target2, args, timeoutMs) {
|
|
|
7723
7813
|
}
|
|
7724
7814
|
return parsed;
|
|
7725
7815
|
}
|
|
7816
|
+
function builtInMcpAuditExample(example) {
|
|
7817
|
+
if (example === "dangerous-db-mcp") return dangerousDatabaseMcpAuditExample;
|
|
7818
|
+
throw new Error(`unknown audit example: ${example}. Available examples: dangerous-db-mcp`);
|
|
7819
|
+
}
|
|
7726
7820
|
function isRunnerConfigLike(value) {
|
|
7727
7821
|
return isRecord6(value) && value.version === 1 && Array.isArray(value.capabilities);
|
|
7728
7822
|
}
|
|
@@ -8326,6 +8420,7 @@ function firstPositional(args) {
|
|
|
8326
8420
|
"--database-url-env",
|
|
8327
8421
|
"--destination",
|
|
8328
8422
|
"--engine",
|
|
8423
|
+
"--example",
|
|
8329
8424
|
"--from",
|
|
8330
8425
|
"--from-env",
|
|
8331
8426
|
"--host",
|
|
@@ -8601,7 +8696,7 @@ function starterCloudConfig() {
|
|
|
8601
8696
|
base_url_env: "SYNAPSOR_CLOUD_BASE_URL",
|
|
8602
8697
|
runner_token_env: "SYNAPSOR_RUNNER_TOKEN",
|
|
8603
8698
|
runner_id: "synapsor_runner_local",
|
|
8604
|
-
runner_version: "0.1.0-alpha.
|
|
8699
|
+
runner_version: "0.1.0-alpha.3",
|
|
8605
8700
|
project_id: "token_scope",
|
|
8606
8701
|
adapter_id: "mcp.your_adapter",
|
|
8607
8702
|
source_id: "src_replace_me",
|
|
@@ -8675,6 +8770,7 @@ Generate a reviewed Synapsor Runner contract. Defaults to read-only in the wizar
|
|
|
8675
8770
|
mcp: `Usage:
|
|
8676
8771
|
${cmd} mcp serve --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
8677
8772
|
${cmd} mcp config --absolute-paths --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
8773
|
+
${cmd} mcp audit --example dangerous-db-mcp
|
|
8678
8774
|
${cmd} mcp audit ./tools-list.json
|
|
8679
8775
|
|
|
8680
8776
|
MCP clients see semantic tools. They do not receive raw SQL, write credentials, approval tools, or commit tools.
|
|
@@ -8697,6 +8793,7 @@ Print MCP client configuration that references the local runner command, not dat
|
|
|
8697
8793
|
Create the same evidence-backed proposal the MCP tool would create. The source database is not mutated.
|
|
8698
8794
|
`,
|
|
8699
8795
|
audit: `Usage:
|
|
8796
|
+
${cmd} audit --example dangerous-db-mcp
|
|
8700
8797
|
${cmd} audit ./synapsor.runner.json
|
|
8701
8798
|
${cmd} audit --mcp-config ./claude_desktop_config.json
|
|
8702
8799
|
${cmd} audit --stdio "node ./server.js"
|
package/docs/cloud-mode.md
CHANGED
|
@@ -53,7 +53,7 @@ Cloud mode uses the same MCP server command with a `mode: "cloud"` config:
|
|
|
53
53
|
"base_url_env": "SYNAPSOR_CLOUD_BASE_URL",
|
|
54
54
|
"runner_token_env": "SYNAPSOR_RUNNER_TOKEN",
|
|
55
55
|
"runner_id": "synapsor_runner_local",
|
|
56
|
-
"runner_version": "0.1.0-alpha.
|
|
56
|
+
"runner_version": "0.1.0-alpha.3",
|
|
57
57
|
"project_id": "token_scope",
|
|
58
58
|
"adapter_id": "mcp.your_adapter",
|
|
59
59
|
"source_id": "src_replace_me",
|
|
@@ -71,7 +71,7 @@ Run:
|
|
|
71
71
|
```bash
|
|
72
72
|
SYNAPSOR_CLOUD_BASE_URL="https://api.synapsor.ai" \
|
|
73
73
|
SYNAPSOR_RUNNER_TOKEN="syn_wbr_..." \
|
|
74
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
74
|
+
npx -y -p @synapsor/runner@alpha synapsor mcp serve --config ./synapsor.cloud.json
|
|
75
75
|
```
|
|
76
76
|
|
|
77
77
|
Validate the Cloud runner token and source scope before serving tools:
|
|
@@ -79,7 +79,7 @@ Validate the Cloud runner token and source scope before serving tools:
|
|
|
79
79
|
```bash
|
|
80
80
|
SYNAPSOR_CLOUD_BASE_URL="https://api.synapsor.ai" \
|
|
81
81
|
SYNAPSOR_RUNNER_TOKEN="syn_wbr_..." \
|
|
82
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
82
|
+
npx -y -p @synapsor/runner@alpha synapsor cloud connect --config ./synapsor.cloud.json
|
|
83
83
|
```
|
|
84
84
|
|
|
85
85
|
`cloud connect` verifies the runner token, registers the runner id/version, sends engine/capability/source metadata, and posts an initial heartbeat. It does not send Postgres/MySQL URLs, passwords, write credentials, prompts, or table data. The `project_id` field may be the literal `token_scope` because Synapsor Cloud validates the real project/source from the scoped runner token.
|
|
@@ -29,7 +29,7 @@ validation.
|
|
|
29
29
|
Because version 1 is the only supported schema today, migration is conservative:
|
|
30
30
|
|
|
31
31
|
```bash
|
|
32
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
32
|
+
npx -y -p @synapsor/runner@alpha synapsor config migrate --config synapsor.runner.json
|
|
33
33
|
```
|
|
34
34
|
|
|
35
35
|
prints that the config is already current and writes nothing.
|
|
@@ -37,7 +37,7 @@ prints that the config is already current and writes nothing.
|
|
|
37
37
|
To write a normalized copy:
|
|
38
38
|
|
|
39
39
|
```bash
|
|
40
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
40
|
+
npx -y -p @synapsor/runner@alpha synapsor config migrate \
|
|
41
41
|
--config synapsor.runner.json \
|
|
42
42
|
--output migrated.json \
|
|
43
43
|
--yes
|
|
@@ -47,7 +47,7 @@ To rewrite in place, the command requires an explicit write and creates a
|
|
|
47
47
|
timestamped backup:
|
|
48
48
|
|
|
49
49
|
```bash
|
|
50
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
50
|
+
npx -y -p @synapsor/runner@alpha synapsor config migrate \
|
|
51
51
|
--config synapsor.runner.json \
|
|
52
52
|
--write \
|
|
53
53
|
--yes
|
package/docs/demo-transcript.md
CHANGED
|
@@ -41,18 +41,18 @@ The model did not get:
|
|
|
41
41
|
Next:
|
|
42
42
|
|
|
43
43
|
1. Open proposal UI:
|
|
44
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
44
|
+
npx -y -p @synapsor/runner@alpha synapsor ui --tour --config ./examples/mcp-postgres-billing/synapsor.runner.json --store ./.synapsor/local.db
|
|
45
45
|
|
|
46
46
|
2. Run the reference app:
|
|
47
47
|
corepack pnpm demo:reference
|
|
48
48
|
|
|
49
49
|
3. Generate MCP client config:
|
|
50
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
50
|
+
npx -y -p @synapsor/runner@alpha synapsor mcp config --absolute-paths --config ./examples/mcp-postgres-billing/synapsor.runner.json --store ./.synapsor/local.db
|
|
51
51
|
|
|
52
52
|
4. Use your own staging Postgres/MySQL:
|
|
53
53
|
export DATABASE_URL='<postgres-or-mysql-read-url>'
|
|
54
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
55
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
54
|
+
npx -y -p @synapsor/runner@alpha synapsor inspect --from-env DATABASE_URL
|
|
55
|
+
npx -y -p @synapsor/runner@alpha synapsor init --wizard --from-env DATABASE_URL
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
The full log should include the lower-level proof:
|
package/docs/first-10-minutes.md
CHANGED
|
@@ -70,7 +70,7 @@ authority.
|
|
|
70
70
|
## Next Command 1: Open The Local UI
|
|
71
71
|
|
|
72
72
|
```bash
|
|
73
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
73
|
+
npx -y -p @synapsor/runner@alpha synapsor ui --tour \
|
|
74
74
|
--config ./examples/mcp-postgres-billing/synapsor.runner.json \
|
|
75
75
|
--store ./.synapsor/local.db
|
|
76
76
|
```
|
|
@@ -97,7 +97,7 @@ The reference app uses a disposable support/billing Postgres database and proves
|
|
|
97
97
|
## Next Command 3: Generate MCP Client Config
|
|
98
98
|
|
|
99
99
|
```bash
|
|
100
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
100
|
+
npx -y -p @synapsor/runner@alpha synapsor mcp config claude-desktop \
|
|
101
101
|
--absolute-paths \
|
|
102
102
|
--config ./examples/mcp-postgres-billing/synapsor.runner.json \
|
|
103
103
|
--store ./.synapsor/local.db
|
|
@@ -110,7 +110,7 @@ tools, commit tools, or write credentials.
|
|
|
110
110
|
Verify the configured tool boundary with:
|
|
111
111
|
|
|
112
112
|
```bash
|
|
113
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
113
|
+
npx -y -p @synapsor/runner@alpha synapsor tools preview \
|
|
114
114
|
--config ./examples/mcp-postgres-billing/synapsor.runner.json \
|
|
115
115
|
--store ./.synapsor/local.db
|
|
116
116
|
```
|
|
@@ -76,7 +76,7 @@ other trusted database TLS setup.
|
|
|
76
76
|
## 2. Inspect metadata
|
|
77
77
|
|
|
78
78
|
```bash
|
|
79
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
79
|
+
npx -y -p @synapsor/runner@alpha synapsor inspect \
|
|
80
80
|
--engine auto \
|
|
81
81
|
--from-env DATABASE_URL \
|
|
82
82
|
--schema public
|
|
@@ -85,13 +85,13 @@ npx -y -p @synapsor/runner@alpha synapsor-runner inspect \
|
|
|
85
85
|
For a disposable staging URL, this also works:
|
|
86
86
|
|
|
87
87
|
```bash
|
|
88
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
88
|
+
npx -y -p @synapsor/runner@alpha synapsor inspect "$DATABASE_URL" --engine auto --schema public
|
|
89
89
|
```
|
|
90
90
|
|
|
91
91
|
For automation:
|
|
92
92
|
|
|
93
93
|
```bash
|
|
94
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
94
|
+
npx -y -p @synapsor/runner@alpha synapsor inspect \
|
|
95
95
|
--engine postgres \
|
|
96
96
|
--from-env DATABASE_URL \
|
|
97
97
|
--schema public \
|
|
@@ -108,9 +108,9 @@ to your staging table, primary key, tenant key, conflict column, visible fields,
|
|
|
108
108
|
allowed write fields, and business limits.
|
|
109
109
|
|
|
110
110
|
```bash
|
|
111
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
112
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
113
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
111
|
+
npx -y -p @synapsor/runner@alpha synapsor recipes list
|
|
112
|
+
npx -y -p @synapsor/runner@alpha synapsor recipes show billing.late_fee_waiver
|
|
113
|
+
npx -y -p @synapsor/runner@alpha synapsor recipes init billing.late_fee_waiver --output synapsor.runner.json
|
|
114
114
|
```
|
|
115
115
|
|
|
116
116
|
Use a recipe when the shape is close. Use the guided wizard or explicit flags
|
|
@@ -125,7 +125,7 @@ only the capabilities in your generated `synapsor.runner.json`.
|
|
|
125
125
|
In an interactive terminal, run the guided wizard:
|
|
126
126
|
|
|
127
127
|
```bash
|
|
128
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
128
|
+
npx -y -p @synapsor/runner@alpha synapsor init --from-env DATABASE_URL --mode read_only --wizard
|
|
129
129
|
```
|
|
130
130
|
|
|
131
131
|
The generated capabilities are based on your selections. Synapsor Runner does
|
|
@@ -161,7 +161,7 @@ If you already know the reviewed table/action, generate config directly from
|
|
|
161
161
|
metadata and explicit flags:
|
|
162
162
|
|
|
163
163
|
```bash
|
|
164
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
164
|
+
npx -y -p @synapsor/runner@alpha synapsor init \
|
|
165
165
|
--from-env DATABASE_URL \
|
|
166
166
|
--engine postgres \
|
|
167
167
|
--schema public \
|
|
@@ -180,7 +180,7 @@ npx -y -p @synapsor/runner@alpha synapsor-runner init \
|
|
|
180
180
|
Or generate from a saved inspection snapshot without reconnecting:
|
|
181
181
|
|
|
182
182
|
```bash
|
|
183
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
183
|
+
npx -y -p @synapsor/runner@alpha synapsor init \
|
|
184
184
|
--inspection-json schema-inspection.json \
|
|
185
185
|
--table invoices \
|
|
186
186
|
--namespace billing \
|
|
@@ -248,7 +248,7 @@ contain database URLs or passwords.
|
|
|
248
248
|
## 6. Generate runner files
|
|
249
249
|
|
|
250
250
|
```bash
|
|
251
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
251
|
+
npx -y -p @synapsor/runner@alpha synapsor init \
|
|
252
252
|
--spec onboarding-selection.json \
|
|
253
253
|
--non-interactive
|
|
254
254
|
```
|
|
@@ -268,10 +268,10 @@ files.
|
|
|
268
268
|
Generate or refresh MCP client snippets later with:
|
|
269
269
|
|
|
270
270
|
```bash
|
|
271
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
272
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
273
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
274
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
271
|
+
npx -y -p @synapsor/runner@alpha synapsor mcp config generic --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
272
|
+
npx -y -p @synapsor/runner@alpha synapsor mcp config claude-desktop --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
273
|
+
npx -y -p @synapsor/runner@alpha synapsor mcp config cursor --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
274
|
+
npx -y -p @synapsor/runner@alpha synapsor tools preview --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
275
275
|
```
|
|
276
276
|
|
|
277
277
|
The snippets contain the local command and args. They must not contain database
|
|
@@ -280,8 +280,8 @@ URLs, passwords, approval tools, commit tools, or write credentials.
|
|
|
280
280
|
## 7. Validate the config
|
|
281
281
|
|
|
282
282
|
```bash
|
|
283
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
284
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
283
|
+
npx -y -p @synapsor/runner@alpha synapsor config validate --config synapsor.runner.json
|
|
284
|
+
npx -y -p @synapsor/runner@alpha synapsor config show --config synapsor.runner.json --redacted
|
|
285
285
|
```
|
|
286
286
|
|
|
287
287
|
The config stores environment-variable names, not connection-string values.
|
|
@@ -289,7 +289,7 @@ The config stores environment-variable names, not connection-string values.
|
|
|
289
289
|
Run doctor after setting the referenced environment variables:
|
|
290
290
|
|
|
291
291
|
```bash
|
|
292
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
292
|
+
npx -y -p @synapsor/runner@alpha synapsor doctor --config synapsor.runner.json
|
|
293
293
|
```
|
|
294
294
|
|
|
295
295
|
Doctor validates config shape, trusted context env vars, source env vars,
|
|
@@ -297,7 +297,7 @@ read/write credential separation, table/column metadata when the read URL is
|
|
|
297
297
|
available, and the semantic MCP tool boundary. Use JSON for automation:
|
|
298
298
|
|
|
299
299
|
```bash
|
|
300
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
300
|
+
npx -y -p @synapsor/runner@alpha synapsor doctor --config synapsor.runner.json --json
|
|
301
301
|
```
|
|
302
302
|
|
|
303
303
|
## 8. Serve semantic MCP tools
|
|
@@ -305,7 +305,7 @@ npx -y -p @synapsor/runner@alpha synapsor-runner doctor --config synapsor.runner
|
|
|
305
305
|
```bash
|
|
306
306
|
export SYNAPSOR_TENANT_ID="acme"
|
|
307
307
|
export SYNAPSOR_PRINCIPAL="local_operator"
|
|
308
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
308
|
+
npx -y -p @synapsor/runner@alpha synapsor mcp serve --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
309
309
|
```
|
|
310
310
|
|
|
311
311
|
The model-facing MCP server exposes semantic tools such as:
|
|
@@ -325,10 +325,10 @@ tools, commit tools, database URLs, write credentials, or tenant authority.
|
|
|
325
325
|
Proposal tools leave the source database unchanged. Review locally:
|
|
326
326
|
|
|
327
327
|
```bash
|
|
328
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
329
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
330
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
331
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
328
|
+
npx -y -p @synapsor/runner@alpha synapsor proposals list --store ./.synapsor/local.db
|
|
329
|
+
npx -y -p @synapsor/runner@alpha synapsor proposals show wrp_123 --store ./.synapsor/local.db
|
|
330
|
+
npx -y -p @synapsor/runner@alpha synapsor proposals approve wrp_123 --store ./.synapsor/local.db --actor local_reviewer --yes
|
|
331
|
+
npx -y -p @synapsor/runner@alpha synapsor proposals writeback-job wrp_123 --store ./.synapsor/local.db --output job.json
|
|
332
332
|
```
|
|
333
333
|
|
|
334
334
|
Apply through the trusted worker path with a separate writer credential:
|
|
@@ -337,7 +337,7 @@ Apply through the trusted worker path with a separate writer credential:
|
|
|
337
337
|
export SYNAPSOR_DATABASE_WRITE_URL="<postgres-or-mysql-write-url>"
|
|
338
338
|
SYNAPSOR_ENGINE=postgres \
|
|
339
339
|
SYNAPSOR_DATABASE_URL="$SYNAPSOR_DATABASE_WRITE_URL" \
|
|
340
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
340
|
+
npx -y -p @synapsor/runner@alpha synapsor apply --job job.json --config synapsor.runner.json --store ./.synapsor/local.db
|
|
341
341
|
```
|
|
342
342
|
|
|
343
343
|
If your application/API should own the business write, use an `http_handler`
|
|
@@ -346,7 +346,7 @@ from environment variables, and the handler receives a structured proposal/job
|
|
|
346
346
|
payload, not arbitrary model SQL:
|
|
347
347
|
|
|
348
348
|
```bash
|
|
349
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
349
|
+
npx -y -p @synapsor/runner@alpha synapsor apply --proposal wrp_123 --config synapsor.runner.json --store ./.synapsor/local.db
|
|
350
350
|
```
|
|
351
351
|
|
|
352
352
|
See `docs/writeback-executors.md`.
|
|
@@ -354,8 +354,8 @@ See `docs/writeback-executors.md`.
|
|
|
354
354
|
Replay afterward:
|
|
355
355
|
|
|
356
356
|
```bash
|
|
357
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
358
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
357
|
+
npx -y -p @synapsor/runner@alpha synapsor replay show wrp_123 --store ./.synapsor/local.db
|
|
358
|
+
npx -y -p @synapsor/runner@alpha synapsor replay export wrp_123 --store ./.synapsor/local.db --output replay.json
|
|
359
359
|
```
|
|
360
360
|
|
|
361
361
|
## Boundary
|
package/docs/local-mode.md
CHANGED
|
@@ -30,13 +30,13 @@ Still pending:
|
|
|
30
30
|
Create a starter config without putting credentials in the file:
|
|
31
31
|
|
|
32
32
|
```bash
|
|
33
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
33
|
+
npx -y -p @synapsor/runner@alpha synapsor init --engine postgres --mode review
|
|
34
34
|
```
|
|
35
35
|
|
|
36
36
|
For MySQL:
|
|
37
37
|
|
|
38
38
|
```bash
|
|
39
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
39
|
+
npx -y -p @synapsor/runner@alpha synapsor init --engine mysql --mode review --output synapsor.mysql.runner.json
|
|
40
40
|
```
|
|
41
41
|
|
|
42
42
|
The generated config uses environment-variable names for read/write URLs and trusted context. Edit the table, column, and capability names before serving tools.
|
|
@@ -49,8 +49,8 @@ persisted into proposals, evidence, query audit, runner state, or replay.
|
|
|
49
49
|
For a reviewed own-database setup generated from explicit selections, use:
|
|
50
50
|
|
|
51
51
|
```bash
|
|
52
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
53
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
52
|
+
npx -y -p @synapsor/runner@alpha synapsor init --spec onboarding-selection.json --non-interactive
|
|
53
|
+
npx -y -p @synapsor/runner@alpha synapsor doctor --config synapsor.runner.json
|
|
54
54
|
```
|
|
55
55
|
|
|
56
56
|
`doctor --config` checks config validation, required environment variables,
|
|
@@ -87,19 +87,19 @@ If neither is set, the CLI uses:
|
|
|
87
87
|
List proposals:
|
|
88
88
|
|
|
89
89
|
```bash
|
|
90
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
90
|
+
npx -y -p @synapsor/runner@alpha synapsor proposals list --store ./.synapsor/local.db
|
|
91
91
|
```
|
|
92
92
|
|
|
93
93
|
Show a proposal:
|
|
94
94
|
|
|
95
95
|
```bash
|
|
96
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
96
|
+
npx -y -p @synapsor/runner@alpha synapsor proposals show wrp_123 --store ./.synapsor/local.db
|
|
97
97
|
```
|
|
98
98
|
|
|
99
99
|
Approve:
|
|
100
100
|
|
|
101
101
|
```bash
|
|
102
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
102
|
+
npx -y -p @synapsor/runner@alpha synapsor proposals approve wrp_123 \
|
|
103
103
|
--store ./.synapsor/local.db \
|
|
104
104
|
--actor local_reviewer \
|
|
105
105
|
--yes
|
|
@@ -110,7 +110,7 @@ Before approval, the CLI prints the reviewer-critical proposal details: trusted
|
|
|
110
110
|
Create a guarded writeback job from an approved proposal:
|
|
111
111
|
|
|
112
112
|
```bash
|
|
113
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
113
|
+
npx -y -p @synapsor/runner@alpha synapsor proposals writeback-job wrp_123 \
|
|
114
114
|
--store ./.synapsor/local.db \
|
|
115
115
|
--project local \
|
|
116
116
|
--runner local_runner \
|
|
@@ -122,7 +122,7 @@ The generated job uses the public `synapsor.writeback-job.v1` protocol and can b
|
|
|
122
122
|
```bash
|
|
123
123
|
SYNAPSOR_ENGINE=postgres \
|
|
124
124
|
SYNAPSOR_DATABASE_URL="postgresql://writer:<password>@localhost:5432/app" \
|
|
125
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
125
|
+
npx -y -p @synapsor/runner@alpha synapsor apply --job job.json --config synapsor.runner.json --store ./.synapsor/local.db
|
|
126
126
|
```
|
|
127
127
|
|
|
128
128
|
Passing `--store` records the terminal `synapsor.execution-receipt.v1` locally. Replay then links the proposal, approval, writeback job, applied/conflict/failed receipt, evidence, and query audit.
|
|
@@ -130,7 +130,7 @@ Passing `--store` records the terminal `synapsor.execution-receipt.v1` locally.
|
|
|
130
130
|
Reject:
|
|
131
131
|
|
|
132
132
|
```bash
|
|
133
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
133
|
+
npx -y -p @synapsor/runner@alpha synapsor proposals reject wrp_123 \
|
|
134
134
|
--store ./.synapsor/local.db \
|
|
135
135
|
--reason "policy evidence is incomplete" \
|
|
136
136
|
--yes
|
|
@@ -147,7 +147,7 @@ Shadow-mode proposals are inspectable through `proposals show` and `replay show`
|
|
|
147
147
|
Start a localhost-only review UI:
|
|
148
148
|
|
|
149
149
|
```bash
|
|
150
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
150
|
+
npx -y -p @synapsor/runner@alpha synapsor ui --config synapsor.runner.json --store ./.synapsor/local.db
|
|
151
151
|
```
|
|
152
152
|
|
|
153
153
|
The UI shows setup summary, semantic tools, proposal states, exact diffs,
|
|
@@ -163,13 +163,13 @@ tools, MCP commit tools, or controls that widen configured tables/columns.
|
|
|
163
163
|
Show replay:
|
|
164
164
|
|
|
165
165
|
```bash
|
|
166
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
166
|
+
npx -y -p @synapsor/runner@alpha synapsor replay show wrp_123 --store ./.synapsor/local.db
|
|
167
167
|
```
|
|
168
168
|
|
|
169
169
|
Export replay:
|
|
170
170
|
|
|
171
171
|
```bash
|
|
172
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
172
|
+
npx -y -p @synapsor/runner@alpha synapsor replay export wrp_123 \
|
|
173
173
|
--store ./.synapsor/local.db \
|
|
174
174
|
--output replay.json
|
|
175
175
|
```
|
package/docs/local-ui.md
CHANGED
|
@@ -7,7 +7,7 @@ From a source checkout, use `./bin/synapsor ui ...` if the global binary is not
|
|
|
7
7
|
linked yet.
|
|
8
8
|
|
|
9
9
|
```bash
|
|
10
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
10
|
+
npx -y -p @synapsor/runner@alpha synapsor ui --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
11
11
|
```
|
|
12
12
|
|
|
13
13
|
By default it binds to localhost only and prints a per-run URL:
|
|
@@ -135,7 +135,7 @@ For normal use, do not bind the UI to anything except localhost.
|
|
|
135
135
|
For a deliberate trusted local-network demo:
|
|
136
136
|
|
|
137
137
|
```bash
|
|
138
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
138
|
+
npx -y -p @synapsor/runner@alpha synapsor ui --host 0.0.0.0 --allow-remote-bind
|
|
139
139
|
```
|
|
140
140
|
|
|
141
141
|
Do this only in an isolated environment. The local UI is not a hosted
|
|
@@ -156,8 +156,8 @@ The UI is intentionally small in the current alpha:
|
|
|
156
156
|
Use the CLI apply path after approval:
|
|
157
157
|
|
|
158
158
|
```bash
|
|
159
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
159
|
+
npx -y -p @synapsor/runner@alpha synapsor proposals writeback-job wrp_123 --store ./.synapsor/local.db --output job.json
|
|
160
160
|
SYNAPSOR_ENGINE=postgres \
|
|
161
161
|
SYNAPSOR_DATABASE_URL="$SYNAPSOR_DATABASE_WRITE_URL" \
|
|
162
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
162
|
+
npx -y -p @synapsor/runner@alpha synapsor apply --job job.json --config synapsor.runner.json --store ./.synapsor/local.db
|
|
163
163
|
```
|
package/docs/mcp-audit.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# MCP database risk review
|
|
2
2
|
|
|
3
|
-
`npx -y -p @synapsor/runner@alpha synapsor
|
|
3
|
+
`npx -y -p @synapsor/runner@alpha synapsor audit <target>` performs a
|
|
4
4
|
static MCP database risk review over an exported tool manifest, a remote MCP
|
|
5
5
|
`tools/list` endpoint, or a stdio MCP server. The `mcp audit` subcommand is also
|
|
6
6
|
available for users who look for the command under the MCP namespace.
|
|
@@ -20,35 +20,46 @@ MCP annotations are treated as hints, not enforcement.
|
|
|
20
20
|
|
|
21
21
|
## Usage
|
|
22
22
|
|
|
23
|
+
Built-in database MCP risk example:
|
|
24
|
+
|
|
25
|
+
```bash
|
|
26
|
+
npx -y -p @synapsor/runner@alpha synapsor audit --example dangerous-db-mcp
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
This bundled example does not require a source checkout or local examples file.
|
|
30
|
+
It audits a deliberately risky database MCP shape with `execute_sql`,
|
|
31
|
+
`run_query`, model-callable approval/update/delete tools, arbitrary
|
|
32
|
+
table/column inputs, and model-controlled tenant/principal fields.
|
|
33
|
+
|
|
23
34
|
Human-readable output:
|
|
24
35
|
|
|
25
36
|
```bash
|
|
26
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
37
|
+
npx -y -p @synapsor/runner@alpha synapsor audit ./tools-list.json
|
|
27
38
|
```
|
|
28
39
|
|
|
29
40
|
Remote `tools/list` endpoint with a bearer token kept in the environment:
|
|
30
41
|
|
|
31
42
|
```bash
|
|
32
43
|
SYNAPSOR_MCP_AUDIT_BEARER="..." \
|
|
33
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
44
|
+
npx -y -p @synapsor/runner@alpha synapsor audit https://mcp.example.com --json
|
|
34
45
|
```
|
|
35
46
|
|
|
36
47
|
Remote endpoint with a custom bearer-token environment variable:
|
|
37
48
|
|
|
38
49
|
```bash
|
|
39
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
50
|
+
npx -y -p @synapsor/runner@alpha synapsor audit https://mcp.example.com --bearer-env MCP_AUDIT_TOKEN --json
|
|
40
51
|
```
|
|
41
52
|
|
|
42
53
|
Stdio MCP server:
|
|
43
54
|
|
|
44
55
|
```bash
|
|
45
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
56
|
+
npx -y -p @synapsor/runner@alpha synapsor audit 'stdio:node ./server.mjs' --timeout-ms 5000
|
|
46
57
|
```
|
|
47
58
|
|
|
48
59
|
JSON output:
|
|
49
60
|
|
|
50
61
|
```bash
|
|
51
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
62
|
+
npx -y -p @synapsor/runner@alpha synapsor audit ./tools-list.json --json
|
|
52
63
|
```
|
|
53
64
|
|
|
54
65
|
During local development, the repo-local wrapper can run the same command:
|
package/docs/mcp-client-setup.md
CHANGED
|
@@ -29,7 +29,7 @@ corepack pnpm test:mcp-client-configs
|
|
|
29
29
|
Print a snippet without modifying any client files:
|
|
30
30
|
|
|
31
31
|
```bash
|
|
32
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
32
|
+
npx -y -p @synapsor/runner@alpha synapsor mcp config claude-desktop \
|
|
33
33
|
--config ./synapsor.runner.json \
|
|
34
34
|
--store ./.synapsor/local.db
|
|
35
35
|
```
|
|
@@ -47,13 +47,13 @@ vscode
|
|
|
47
47
|
The older form is still supported:
|
|
48
48
|
|
|
49
49
|
```bash
|
|
50
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
50
|
+
npx -y -p @synapsor/runner@alpha synapsor mcp configure --client claude-desktop --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
51
51
|
```
|
|
52
52
|
|
|
53
53
|
Write is opt-in and requires an explicit destination:
|
|
54
54
|
|
|
55
55
|
```bash
|
|
56
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
56
|
+
npx -y -p @synapsor/runner@alpha synapsor mcp configure \
|
|
57
57
|
--client cursor \
|
|
58
58
|
--config ./synapsor.runner.json \
|
|
59
59
|
--store ./.synapsor/local.db \
|
|
@@ -72,7 +72,7 @@ database URLs or passwords into the client config.
|
|
|
72
72
|
From the runner repository:
|
|
73
73
|
|
|
74
74
|
```bash
|
|
75
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
75
|
+
npx -y -p @synapsor/runner@alpha synapsor mcp serve --config ./examples/mcp-postgres-billing/synapsor.runner.json --store ./.synapsor/local.db
|
|
76
76
|
```
|
|
77
77
|
|
|
78
78
|
For the alpha package, keep the package tag explicit in client configuration.
|
|
@@ -82,13 +82,13 @@ For the alpha package, keep the package tag explicit in client configuration.
|
|
|
82
82
|
```json
|
|
83
83
|
{
|
|
84
84
|
"mcpServers": {
|
|
85
|
-
"synapsor
|
|
85
|
+
"synapsor": {
|
|
86
86
|
"command": "npx",
|
|
87
87
|
"args": [
|
|
88
88
|
"-y",
|
|
89
89
|
"-p",
|
|
90
90
|
"@synapsor/runner@alpha",
|
|
91
|
-
"synapsor
|
|
91
|
+
"synapsor",
|
|
92
92
|
"mcp",
|
|
93
93
|
"serve",
|
|
94
94
|
"--config",
|
|
@@ -7,13 +7,13 @@ The global `synapsor` command is only needed after installing or linking the
|
|
|
7
7
|
CLI.
|
|
8
8
|
|
|
9
9
|
```bash
|
|
10
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
10
|
+
npx -y -p @synapsor/runner@alpha synapsor benchmark mcp-efficiency
|
|
11
11
|
```
|
|
12
12
|
|
|
13
13
|
For machine-readable output:
|
|
14
14
|
|
|
15
15
|
```bash
|
|
16
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
16
|
+
npx -y -p @synapsor/runner@alpha synapsor benchmark mcp-efficiency --json
|
|
17
17
|
```
|
|
18
18
|
|
|
19
19
|
The benchmark compares an included fixture, not universal model behavior.
|
package/docs/operations.md
CHANGED
|
@@ -12,9 +12,9 @@
|
|
|
12
12
|
## Routine checks
|
|
13
13
|
|
|
14
14
|
```bash
|
|
15
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
16
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
17
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
15
|
+
npx -y -p @synapsor/runner@alpha synapsor doctor
|
|
16
|
+
npx -y -p @synapsor/runner@alpha synapsor validate --job examples/postgres-support/job.approved.json
|
|
17
|
+
npx -y -p @synapsor/runner@alpha synapsor validate --job examples/mysql-orders/job.approved.json
|
|
18
18
|
```
|
|
19
19
|
|
|
20
20
|
`doctor` validates local configuration, calls Synapsor's runner-token doctor endpoint, confirms the token is authenticated for the configured source, checks database reachability and engine version, creates/verifies `synapsor_writeback_receipts`, and performs a rollback-only receipt insert to prove the configured credential can write runner receipts. It does not mutate business tables.
|
|
@@ -32,7 +32,7 @@ That command runs inspection, guided config generation, and tool preview. The
|
|
|
32
32
|
rest of this page shows the same steps explicitly.
|
|
33
33
|
|
|
34
34
|
```bash
|
|
35
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
35
|
+
npx -y -p @synapsor/runner@alpha synapsor inspect --from-env DATABASE_URL --engine auto
|
|
36
36
|
```
|
|
37
37
|
|
|
38
38
|
This prints discovered tables/views, primary keys, possible tenant/scope
|
|
@@ -43,7 +43,7 @@ write credentials to the model.
|
|
|
43
43
|
For disposable staging databases, this shorter form also works:
|
|
44
44
|
|
|
45
45
|
```bash
|
|
46
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
46
|
+
npx -y -p @synapsor/runner@alpha synapsor inspect "$DATABASE_URL" --engine auto
|
|
47
47
|
```
|
|
48
48
|
|
|
49
49
|
Prefer `--from-env` on shared machines so URLs do not land in shell history.
|
|
@@ -51,7 +51,7 @@ Prefer `--from-env` on shared machines so URLs do not land in shell history.
|
|
|
51
51
|
## 3. Run The Guided Wizard
|
|
52
52
|
|
|
53
53
|
```bash
|
|
54
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
54
|
+
npx -y -p @synapsor/runner@alpha synapsor init --from-env DATABASE_URL --mode review --wizard
|
|
55
55
|
```
|
|
56
56
|
|
|
57
57
|
The wizard asks for:
|
|
@@ -100,9 +100,9 @@ The generated config stores environment-variable names, not database secrets.
|
|
|
100
100
|
## 5. Preview What The Model Sees
|
|
101
101
|
|
|
102
102
|
```bash
|
|
103
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
104
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
105
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
103
|
+
npx -y -p @synapsor/runner@alpha synapsor config validate --config synapsor.runner.json
|
|
104
|
+
npx -y -p @synapsor/runner@alpha synapsor doctor --config synapsor.runner.json
|
|
105
|
+
npx -y -p @synapsor/runner@alpha synapsor tools preview --config synapsor.runner.json --store ./.synapsor/local.db
|
|
106
106
|
```
|
|
107
107
|
|
|
108
108
|
`doctor` checks config shape, trusted context env vars, source env vars,
|
|
@@ -124,7 +124,7 @@ vars, and the semantic MCP tool boundary.
|
|
|
124
124
|
export SYNAPSOR_TENANT_ID="acme"
|
|
125
125
|
export SYNAPSOR_PRINCIPAL="local_operator"
|
|
126
126
|
|
|
127
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
127
|
+
npx -y -p @synapsor/runner@alpha synapsor mcp serve \
|
|
128
128
|
--config ./synapsor.runner.json \
|
|
129
129
|
--store ./.synapsor/local.db
|
|
130
130
|
```
|
|
@@ -138,15 +138,15 @@ model-controlled tenant authority.
|
|
|
138
138
|
If a proposal is created:
|
|
139
139
|
|
|
140
140
|
```bash
|
|
141
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
142
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
143
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
141
|
+
npx -y -p @synapsor/runner@alpha synapsor proposals list --store ./.synapsor/local.db
|
|
142
|
+
npx -y -p @synapsor/runner@alpha synapsor proposals show <proposal_id> --store ./.synapsor/local.db
|
|
143
|
+
npx -y -p @synapsor/runner@alpha synapsor replay show <proposal_id> --store ./.synapsor/local.db
|
|
144
144
|
```
|
|
145
145
|
|
|
146
146
|
Open the UI:
|
|
147
147
|
|
|
148
148
|
```bash
|
|
149
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
149
|
+
npx -y -p @synapsor/runner@alpha synapsor ui --tour --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
150
150
|
```
|
|
151
151
|
|
|
152
152
|
## 8. Apply Only After Review
|
|
@@ -160,12 +160,12 @@ export SYNAPSOR_DATABASE_WRITE_URL="<postgres-or-mysql-writer-url>"
|
|
|
160
160
|
Then:
|
|
161
161
|
|
|
162
162
|
```bash
|
|
163
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
164
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
163
|
+
npx -y -p @synapsor/runner@alpha synapsor proposals approve <proposal_id> --store ./.synapsor/local.db --actor local_reviewer --yes
|
|
164
|
+
npx -y -p @synapsor/runner@alpha synapsor proposals writeback-job <proposal_id> --store ./.synapsor/local.db --output job.json
|
|
165
165
|
|
|
166
166
|
SYNAPSOR_ENGINE=postgres \
|
|
167
167
|
SYNAPSOR_DATABASE_URL="$SYNAPSOR_DATABASE_WRITE_URL" \
|
|
168
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
168
|
+
npx -y -p @synapsor/runner@alpha synapsor apply --job job.json --config synapsor.runner.json --store ./.synapsor/local.db
|
|
169
169
|
```
|
|
170
170
|
|
|
171
171
|
If your application should own the business write, configure an `http_handler`
|
package/docs/recipes.md
CHANGED
|
@@ -9,20 +9,20 @@ tenant key, conflict column, and business limits.
|
|
|
9
9
|
List recipes:
|
|
10
10
|
|
|
11
11
|
```bash
|
|
12
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
12
|
+
npx -y -p @synapsor/runner@alpha synapsor recipes list
|
|
13
13
|
```
|
|
14
14
|
|
|
15
15
|
Inspect one:
|
|
16
16
|
|
|
17
17
|
```bash
|
|
18
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
18
|
+
npx -y -p @synapsor/runner@alpha synapsor recipes show billing.late_fee_waiver
|
|
19
19
|
```
|
|
20
20
|
|
|
21
21
|
Initialize a starter config:
|
|
22
22
|
|
|
23
23
|
```bash
|
|
24
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
25
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
24
|
+
npx -y -p @synapsor/runner@alpha synapsor recipes init billing.late_fee_waiver --output synapsor.runner.json
|
|
25
|
+
npx -y -p @synapsor/runner@alpha synapsor config validate --config synapsor.runner.json
|
|
26
26
|
```
|
|
27
27
|
|
|
28
28
|
Built-in recipes are JSON files under `recipes/`. They are starter data, not
|
|
@@ -31,8 +31,8 @@ domain, and initialize from your file:
|
|
|
31
31
|
|
|
32
32
|
```bash
|
|
33
33
|
cp recipes/billing.late_fee_waiver.json my-recipe.json
|
|
34
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
35
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
34
|
+
npx -y -p @synapsor/runner@alpha synapsor recipes show ./my-recipe.json
|
|
35
|
+
npx -y -p @synapsor/runner@alpha synapsor recipes init ./my-recipe.json --output synapsor.runner.json
|
|
36
36
|
```
|
|
37
37
|
|
|
38
38
|
Available recipes:
|
|
@@ -7,7 +7,7 @@ Use the public `synapsor ...` runner CLI. From a source checkout, use
|
|
|
7
7
|
`./bin/synapsor ...` if the global binary is not linked yet.
|
|
8
8
|
|
|
9
9
|
```bash
|
|
10
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
10
|
+
npx -y -p @synapsor/runner@alpha synapsor inspect \
|
|
11
11
|
--engine auto \
|
|
12
12
|
--from-env SYNAPSOR_DATABASE_READ_URL \
|
|
13
13
|
--schema public
|
|
@@ -16,7 +16,7 @@ npx -y -p @synapsor/runner@alpha synapsor-runner inspect \
|
|
|
16
16
|
JSON output:
|
|
17
17
|
|
|
18
18
|
```bash
|
|
19
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
19
|
+
npx -y -p @synapsor/runner@alpha synapsor inspect \
|
|
20
20
|
--engine mysql \
|
|
21
21
|
--from-env SYNAPSOR_DATABASE_READ_URL \
|
|
22
22
|
--schema app \
|
|
@@ -84,5 +84,5 @@ Binary/blob/vector columns are excluded from generated default visible columns.
|
|
|
84
84
|
Use the inspection result to create `onboarding-selection.json`, then run:
|
|
85
85
|
|
|
86
86
|
```bash
|
|
87
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
87
|
+
npx -y -p @synapsor/runner@alpha synapsor init --spec onboarding-selection.json --non-interactive
|
|
88
88
|
```
|
package/docs/shadow-mode.md
CHANGED
|
@@ -17,7 +17,7 @@ Run a shadow config:
|
|
|
17
17
|
List shadow proposals:
|
|
18
18
|
|
|
19
19
|
```bash
|
|
20
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
20
|
+
npx -y -p @synapsor/runner@alpha synapsor shadow list --store ./.synapsor/local.db
|
|
21
21
|
```
|
|
22
22
|
|
|
23
23
|
Record the human action:
|
|
@@ -30,7 +30,7 @@ cat > human-action.json <<'JSON'
|
|
|
30
30
|
}
|
|
31
31
|
JSON
|
|
32
32
|
|
|
33
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
33
|
+
npx -y -p @synapsor/runner@alpha synapsor shadow record-human-action wrp_123 \
|
|
34
34
|
--store ./.synapsor/local.db \
|
|
35
35
|
--patch human-action.json \
|
|
36
36
|
--actor human_operator \
|
|
@@ -40,13 +40,13 @@ npx -y -p @synapsor/runner@alpha synapsor-runner shadow record-human-action wrp_
|
|
|
40
40
|
Compare:
|
|
41
41
|
|
|
42
42
|
```bash
|
|
43
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
43
|
+
npx -y -p @synapsor/runner@alpha synapsor shadow compare wrp_123 --store ./.synapsor/local.db
|
|
44
44
|
```
|
|
45
45
|
|
|
46
46
|
Report:
|
|
47
47
|
|
|
48
48
|
```bash
|
|
49
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
49
|
+
npx -y -p @synapsor/runner@alpha synapsor shadow report --store ./.synapsor/local.db
|
|
50
50
|
```
|
|
51
51
|
|
|
52
52
|
The report counts:
|
|
@@ -3,13 +3,13 @@
|
|
|
3
3
|
Run the friendly doctor first:
|
|
4
4
|
|
|
5
5
|
```bash
|
|
6
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
6
|
+
npx -y -p @synapsor/runner@alpha synapsor doctor --first-run
|
|
7
7
|
```
|
|
8
8
|
|
|
9
9
|
Use JSON for automation:
|
|
10
10
|
|
|
11
11
|
```bash
|
|
12
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
12
|
+
npx -y -p @synapsor/runner@alpha synapsor doctor --first-run --json
|
|
13
13
|
```
|
|
14
14
|
|
|
15
15
|
## Docker Missing
|
|
@@ -128,13 +128,13 @@ Own-database MCP setup needs a reviewed config before serving tools.
|
|
|
128
128
|
Fix:
|
|
129
129
|
|
|
130
130
|
```bash
|
|
131
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
131
|
+
npx -y -p @synapsor/runner@alpha synapsor init --from-env DATABASE_URL --mode review --wizard
|
|
132
132
|
```
|
|
133
133
|
|
|
134
134
|
Or pass an example config:
|
|
135
135
|
|
|
136
136
|
```bash
|
|
137
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
137
|
+
npx -y -p @synapsor/runner@alpha synapsor tools preview --config ./examples/mcp-postgres-billing/synapsor.runner.json --store ./.synapsor/local.db
|
|
138
138
|
```
|
|
139
139
|
|
|
140
140
|
## SQLite Store Missing
|
|
@@ -180,7 +180,7 @@ Fix:
|
|
|
180
180
|
|
|
181
181
|
```bash
|
|
182
182
|
export SYNAPSOR_DATABASE_READ_URL="<read-only-url>"
|
|
183
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
183
|
+
npx -y -p @synapsor/runner@alpha synapsor doctor --config synapsor.runner.json
|
|
184
184
|
```
|
|
185
185
|
|
|
186
186
|
## Read/Write Credential Split Failed
|
|
@@ -216,7 +216,7 @@ Fix:
|
|
|
216
216
|
Regenerate the snippet:
|
|
217
217
|
|
|
218
218
|
```bash
|
|
219
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
219
|
+
npx -y -p @synapsor/runner@alpha synapsor mcp config claude-desktop \
|
|
220
220
|
--absolute-paths \
|
|
221
221
|
--config ./synapsor.runner.json \
|
|
222
222
|
--store ./.synapsor/local.db
|
|
@@ -36,14 +36,14 @@ examples/reference-support-billing-app/scripts/run-demo.sh
|
|
|
36
36
|
Validate the reviewed contract:
|
|
37
37
|
|
|
38
38
|
```bash
|
|
39
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
40
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
39
|
+
npx -y -p @synapsor/runner@alpha synapsor config validate --config examples/reference-support-billing-app/synapsor.runner.json
|
|
40
|
+
npx -y -p @synapsor/runner@alpha synapsor doctor --config examples/reference-support-billing-app/synapsor.runner.json
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
Serve MCP:
|
|
44
44
|
|
|
45
45
|
```bash
|
|
46
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
46
|
+
npx -y -p @synapsor/runner@alpha synapsor mcp serve \
|
|
47
47
|
--config examples/reference-support-billing-app/synapsor.runner.json \
|
|
48
48
|
--store ./tmp/reference-support-billing/local.db
|
|
49
49
|
```
|
|
@@ -64,17 +64,17 @@ The model does not receive approval tools, commit tools, write credentials, raw
|
|
|
64
64
|
After a proposal exists:
|
|
65
65
|
|
|
66
66
|
```bash
|
|
67
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
68
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
69
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
70
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
71
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
67
|
+
npx -y -p @synapsor/runner@alpha synapsor proposals list --store ./tmp/reference-support-billing/local.db
|
|
68
|
+
npx -y -p @synapsor/runner@alpha synapsor proposals approve <proposal_id> --store ./tmp/reference-support-billing/local.db --actor local_reviewer --yes
|
|
69
|
+
npx -y -p @synapsor/runner@alpha synapsor proposals writeback-job <proposal_id> --store ./tmp/reference-support-billing/local.db --output ./tmp/reference-support-billing/job.json
|
|
70
|
+
npx -y -p @synapsor/runner@alpha synapsor apply --job ./tmp/reference-support-billing/job.json --store ./tmp/reference-support-billing/local.db
|
|
71
|
+
npx -y -p @synapsor/runner@alpha synapsor replay export <proposal_id> --store ./tmp/reference-support-billing/local.db --output ./tmp/reference-support-billing/replay.json
|
|
72
72
|
```
|
|
73
73
|
|
|
74
74
|
To inspect locally in a browser:
|
|
75
75
|
|
|
76
76
|
```bash
|
|
77
|
-
npx -y -p @synapsor/runner@alpha synapsor
|
|
77
|
+
npx -y -p @synapsor/runner@alpha synapsor ui \
|
|
78
78
|
--config examples/reference-support-billing-app/synapsor.runner.json \
|
|
79
79
|
--store ./tmp/reference-support-billing/local.db
|
|
80
80
|
```
|