@synapsor/runner 0.1.0-alpha.3 → 0.1.0-alpha.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +104 -1
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +5 -0
- package/dist/runner.mjs +2113 -81
- package/docs/MCP_RUNNER_IMPLEMENTATION_PLAN.md +1 -1
- package/docs/cloud-mode.md +1 -1
- package/docs/demo-transcript.md +140 -52
- package/docs/first-10-minutes.md +27 -2
- package/docs/limitations.md +20 -0
- package/docs/local-mode.md +65 -2
- package/docs/mcp-audit.md +14 -4
- package/docs/open-source-feature-inventory.md +254 -0
- package/docs/security-boundary.md +17 -0
- package/examples/reference-support-billing-app/README.md +51 -0
- package/examples/reference-support-billing-app/schema.sql +14 -1
- package/examples/reference-support-billing-app/seed.sql +12 -5
- package/examples/reference-support-billing-app/synapsor.runner.json +105 -0
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -15,12 +15,28 @@ npx -y -p @synapsor/runner@alpha synapsor demo --quick
|
|
|
15
15
|
npx -y -p @synapsor/runner@alpha synapsor audit --example dangerous-db-mcp
|
|
16
16
|
```
|
|
17
17
|
|
|
18
|
+
The local-ledger quick fixture, audit `--format markdown`, local evidence
|
|
19
|
+
search, and store maintenance commands are in this checkout and package version
|
|
20
|
+
`0.1.0-alpha.4`. If
|
|
21
|
+
`npm view @synapsor/runner@alpha version` still reports an older alpha, use
|
|
22
|
+
`./bin/synapsor ...` from this checkout or wait for the next alpha publish
|
|
23
|
+
before relying on those npm examples.
|
|
24
|
+
|
|
18
25
|
`synapsor` is the public command. `synapsor-runner` remains available as a
|
|
19
26
|
backward-compatible alias for earlier alpha commands.
|
|
20
27
|
|
|
21
|
-
`synapsor demo --quick` is fixture-only
|
|
28
|
+
`synapsor demo --quick` is fixture-only, does not require Docker, and writes an
|
|
29
|
+
inspectable local ledger fixture to `./.synapsor/quick-demo.db`. Use
|
|
22
30
|
`synapsor demo` for the disposable local Postgres-backed demo.
|
|
23
31
|
|
|
32
|
+
Inspect the quick fixture:
|
|
33
|
+
|
|
34
|
+
```bash
|
|
35
|
+
synapsor proposals show latest --store ./.synapsor/quick-demo.db
|
|
36
|
+
synapsor activity search --object invoice:INV-3001 --store ./.synapsor/quick-demo.db
|
|
37
|
+
synapsor replay show latest --store ./.synapsor/quick-demo.db
|
|
38
|
+
```
|
|
39
|
+
|
|
24
40
|
Use it with a local or staging database:
|
|
25
41
|
|
|
26
42
|
```bash
|
|
@@ -31,6 +47,15 @@ synapsor tools preview
|
|
|
31
47
|
synapsor mcp serve
|
|
32
48
|
```
|
|
33
49
|
|
|
50
|
+
The disposable reference app includes proposal-first write examples for:
|
|
51
|
+
|
|
52
|
+
- `billing.propose_late_fee_waiver`
|
|
53
|
+
- `support.propose_plan_credit`
|
|
54
|
+
- `orders.propose_status_change`
|
|
55
|
+
|
|
56
|
+
Each tool creates evidence, a before/after diff, and a proposal. The source
|
|
57
|
+
database remains unchanged until approval outside MCP and guarded writeback.
|
|
58
|
+
|
|
34
59
|
For a longer local session, you can install the alpha package explicitly:
|
|
35
60
|
|
|
36
61
|
```bash
|
|
@@ -55,6 +80,84 @@ MCP tool call
|
|
|
55
80
|
Your Postgres/MySQL database remains the source of truth. The runner stores
|
|
56
81
|
local proposals, evidence, receipts, and replay data in a local SQLite store.
|
|
57
82
|
|
|
83
|
+
## Why Not Just Use A Read-Only Database User?
|
|
84
|
+
|
|
85
|
+
You should use one.
|
|
86
|
+
|
|
87
|
+
Synapsor Runner is not a replacement for least-privilege database permissions.
|
|
88
|
+
Start with a read-only user, restricted views, row-level security, and staging
|
|
89
|
+
data where appropriate.
|
|
90
|
+
|
|
91
|
+
The difference is that database permissions protect the connection. Synapsor
|
|
92
|
+
Runner shapes the model-facing interface.
|
|
93
|
+
|
|
94
|
+
Instead of exposing `execute_sql`, `query_database`, table names, or
|
|
95
|
+
model-controlled tenant filters, Synapsor exposes reviewed business
|
|
96
|
+
capabilities such as `billing.inspect_invoice` and
|
|
97
|
+
`billing.propose_late_fee_waiver`.
|
|
98
|
+
|
|
99
|
+
For read-only use cases, Runner provides scoped semantic tools, trusted context
|
|
100
|
+
binding, evidence handles, query audit, and local inspection. Proposal
|
|
101
|
+
workflows add full replay across evidence, approval, writeback receipts, and
|
|
102
|
+
events.
|
|
103
|
+
|
|
104
|
+
If all you need is restricted reads, database permissions are a good start.
|
|
105
|
+
Use Synapsor Runner when you also want the agent-facing layer: semantic tools,
|
|
106
|
+
trusted context, evidence handles, query audit, local inspection, and
|
|
107
|
+
proposal-first writes.
|
|
108
|
+
|
|
109
|
+
## Find Evidence And Replay
|
|
110
|
+
|
|
111
|
+
The commands in this section require this checkout or an alpha package that
|
|
112
|
+
includes the local-ledger CLI surface.
|
|
113
|
+
|
|
114
|
+
The runner stores a local SQLite evidence/replay ledger. Search it without
|
|
115
|
+
relying on `latest`:
|
|
116
|
+
|
|
117
|
+
```bash
|
|
118
|
+
synapsor activity search --tenant acme --object invoice:INV-3001
|
|
119
|
+
synapsor proposals list --tenant acme --object invoice:INV-3001 --status approved
|
|
120
|
+
synapsor evidence show ev_...
|
|
121
|
+
synapsor query-audit list --evidence ev_...
|
|
122
|
+
synapsor receipts list --proposal wrp_...
|
|
123
|
+
synapsor receipts show <receipt_id>
|
|
124
|
+
synapsor replay show --proposal wrp_...
|
|
125
|
+
synapsor replay show --replay replay_wrp_...
|
|
126
|
+
```
|
|
127
|
+
|
|
128
|
+
Export captured evidence or proposal replay:
|
|
129
|
+
|
|
130
|
+
```bash
|
|
131
|
+
synapsor evidence export ev_... --format markdown --output evidence.md
|
|
132
|
+
synapsor replay export --proposal wrp_... --format json --output replay.json
|
|
133
|
+
synapsor replay export --proposal wrp_... --format markdown --output replay.md
|
|
134
|
+
```
|
|
135
|
+
|
|
136
|
+
Create a redacted local diagnostic report:
|
|
137
|
+
|
|
138
|
+
```bash
|
|
139
|
+
synapsor doctor --config synapsor.runner.json --report --redact --output synapsor-doctor.md
|
|
140
|
+
```
|
|
141
|
+
|
|
142
|
+
Inspect or compact the local ledger:
|
|
143
|
+
|
|
144
|
+
```bash
|
|
145
|
+
synapsor store stats --store ./.synapsor/local.db
|
|
146
|
+
synapsor store vacuum --store ./.synapsor/local.db
|
|
147
|
+
synapsor store prune --store ./.synapsor/local.db --older-than 30d --dry-run
|
|
148
|
+
```
|
|
149
|
+
|
|
150
|
+
This is local indexed search for local/dev/staging usage. It is not external
|
|
151
|
+
database time travel, not cross-runner search, and not hosted compliance
|
|
152
|
+
retention.
|
|
153
|
+
|
|
154
|
+
## App-Owned Writeback
|
|
155
|
+
|
|
156
|
+
Use direct guarded DB writeback for simple local/staging single-row updates. If
|
|
157
|
+
your application service already owns business writes, configure an
|
|
158
|
+
`http_handler` or `command_handler` executor. Approval still happens outside
|
|
159
|
+
MCP, and the handler returns an applied/conflict/failed receipt for replay.
|
|
160
|
+
|
|
58
161
|
## Command Name
|
|
59
162
|
|
|
60
163
|
This package installs `synapsor` as the primary binary and `synapsor-runner` as
|
package/dist/cli.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";
|
|
1
|
+
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AA8BA,OAAO,EAOL,KAAK,gBAAgB,EAEtB,MAAM,mCAAmC,CAAC;AA4H3C,wBAAsB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CA8C1D;AA0DD,KAAK,SAAS,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE9E,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,GAAE;IACP,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;CACvC,GACL,OAAO,CAAC,MAAM,CAAC,CA0KjB"}
|
package/dist/cli.js
CHANGED
|
@@ -6,6 +6,11 @@ import { fileURLToPath } from 'node:url';
|
|
|
6
6
|
const __dirname = dirname(fileURLToPath(import.meta.url));
|
|
7
7
|
const invoked = basename(process.argv[1] || 'synapsor');
|
|
8
8
|
const commandName = invoked === 'synapsor-runner' ? 'synapsor-runner' : 'synapsor';
|
|
9
|
+
const [major, minor] = process.versions.node.split('.').map(Number);
|
|
10
|
+
if (!(major > 22 || (major === 22 && minor >= 5))) {
|
|
11
|
+
console.error(`Synapsor Runner requires Node >= 22.5.0 because the local ledger uses Node's node:sqlite runtime. Current Node: ${process.versions.node}. Upgrade Node or use the Docker demo from a source checkout.`);
|
|
12
|
+
process.exit(1);
|
|
13
|
+
}
|
|
9
14
|
const result = spawnSync(process.execPath, ['--no-warnings', join(__dirname, 'runner.mjs'), ...process.argv.slice(2)], {
|
|
10
15
|
stdio: 'inherit',
|
|
11
16
|
env: { ...process.env, NODE_NO_WARNINGS: '1', SYNAPSOR_RUNNER_COMMAND_NAME: commandName },
|