@synapsor/runner 0.1.0-alpha.3 → 0.1.0-alpha.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +284 -13
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +5 -0
- package/dist/runner.mjs +2982 -127
- package/docs/README.md +32 -54
- package/docs/getting-started-own-database.md +40 -8
- package/docs/http-mcp.md +200 -0
- package/docs/limitations.md +20 -0
- package/docs/local-mode.md +101 -2
- package/docs/mcp-audit.md +10 -4
- package/docs/mcp-client-setup.md +40 -1
- package/docs/security-boundary.md +17 -0
- package/examples/openai-agents-http/README.md +55 -0
- package/examples/openai-agents-http/agent.py +90 -0
- package/examples/openai-agents-http/requirements.txt +1 -0
- package/examples/openai-agents-stdio/README.md +62 -0
- package/examples/openai-agents-stdio/agent.py +70 -0
- package/examples/openai-agents-stdio/requirements.txt +1 -0
- package/examples/reference-support-billing-app/README.md +51 -0
- package/examples/reference-support-billing-app/schema.sql +14 -1
- package/examples/reference-support-billing-app/seed.sql +12 -5
- package/examples/reference-support-billing-app/synapsor.runner.json +105 -0
- package/package.json +3 -1
- package/docs/MCP_RUNNER_IMPLEMENTATION_PLAN.md +0 -187
- package/docs/architecture.md +0 -65
- package/docs/capability-config.md +0 -180
- package/docs/cloud-mode.md +0 -140
- package/docs/config-migrations.md +0 -67
- package/docs/demo-transcript.md +0 -73
- package/docs/dependency-license-inventory.md +0 -35
- package/docs/first-10-minutes.md +0 -147
- package/docs/licensing.md +0 -38
- package/docs/local-ui.md +0 -163
- package/docs/mcp-efficiency-benchmark.md +0 -84
- package/docs/operations.md +0 -38
- package/docs/own-db-20-minutes.md +0 -185
- package/docs/production-readiness.md +0 -39
- package/docs/protocol.md +0 -90
- package/docs/roadmap.md +0 -13
- package/docs/schema-inspection.md +0 -88
- package/docs/shadow-mode.md +0 -67
- package/docs/telemetry.md +0 -28
- package/docs/threat-model.md +0 -25
- package/docs/trusted-context.md +0 -70
package/docs/demo-transcript.md
DELETED
|
@@ -1,73 +0,0 @@
|
|
|
1
|
-
# First-Run Demo Transcript
|
|
2
|
-
|
|
3
|
-
This is the expected high-level transcript for:
|
|
4
|
-
|
|
5
|
-
```bash
|
|
6
|
-
./scripts/try-synapsor.sh
|
|
7
|
-
```
|
|
8
|
-
|
|
9
|
-
Exact timings and log paths vary.
|
|
10
|
-
|
|
11
|
-
```text
|
|
12
|
-
Synapsor Runner first-run demo
|
|
13
|
-
|
|
14
|
-
You are about to see an MCP agent propose a database change without receiving SQL or write credentials.
|
|
15
|
-
Full logs will be written to: ./.synapsor/logs/try-synapsor-<timestamp>.log
|
|
16
|
-
|
|
17
|
-
Step 1: MCP tools exposed
|
|
18
|
-
In this fixture, the model sees semantic tools such as billing.inspect_invoice and billing.propose_late_fee_waiver.
|
|
19
|
-
|
|
20
|
-
Step 2: Agent inspects business object
|
|
21
|
-
Step 3: Agent proposes change
|
|
22
|
-
Step 4: Source DB changed: No
|
|
23
|
-
Step 5: Human approval outside MCP
|
|
24
|
-
Step 6: Trusted runner applies guarded writeback
|
|
25
|
-
Step 7: Replay explains what happened
|
|
26
|
-
Step 8: Extra safety checks catch stale rows and unsafe tools
|
|
27
|
-
|
|
28
|
-
Running the disposable Docker proof. This can take a few minutes...
|
|
29
|
-
|
|
30
|
-
Success. You saw the Synapsor commit boundary.
|
|
31
|
-
|
|
32
|
-
In the included fixture, the model got:
|
|
33
|
-
* billing.inspect_invoice
|
|
34
|
-
* billing.propose_late_fee_waiver
|
|
35
|
-
|
|
36
|
-
The model did not get:
|
|
37
|
-
* execute_sql
|
|
38
|
-
* write credentials
|
|
39
|
-
* approve/commit tools
|
|
40
|
-
|
|
41
|
-
Next:
|
|
42
|
-
|
|
43
|
-
1. Open proposal UI:
|
|
44
|
-
npx -y -p @synapsor/runner@alpha synapsor ui --tour --config ./examples/mcp-postgres-billing/synapsor.runner.json --store ./.synapsor/local.db
|
|
45
|
-
|
|
46
|
-
2. Run the reference app:
|
|
47
|
-
corepack pnpm demo:reference
|
|
48
|
-
|
|
49
|
-
3. Generate MCP client config:
|
|
50
|
-
npx -y -p @synapsor/runner@alpha synapsor mcp config --absolute-paths --config ./examples/mcp-postgres-billing/synapsor.runner.json --store ./.synapsor/local.db
|
|
51
|
-
|
|
52
|
-
4. Use your own staging Postgres/MySQL:
|
|
53
|
-
export DATABASE_URL='<postgres-or-mysql-read-url>'
|
|
54
|
-
npx -y -p @synapsor/runner@alpha synapsor inspect --from-env DATABASE_URL
|
|
55
|
-
npx -y -p @synapsor/runner@alpha synapsor init --wizard --from-env DATABASE_URL
|
|
56
|
-
```
|
|
57
|
-
|
|
58
|
-
The full log should include the lower-level proof:
|
|
59
|
-
|
|
60
|
-
- local MCP Postgres example passed;
|
|
61
|
-
- local MCP MySQL example passed;
|
|
62
|
-
- `ACCEPT semantic tools present`;
|
|
63
|
-
- `ACCEPT execute_sql approval and commit tools absent`;
|
|
64
|
-
- `ACCEPT proposal created successfully`;
|
|
65
|
-
- `ACCEPT source row unchanged after proposal`;
|
|
66
|
-
- `ACCEPT approval happened outside MCP`;
|
|
67
|
-
- `ACCEPT guarded writeback applied`;
|
|
68
|
-
- retry was idempotent;
|
|
69
|
-
- `ACCEPT stale-row conflict detected`;
|
|
70
|
-
- `ACCEPT replay export contains applied receipt`.
|
|
71
|
-
|
|
72
|
-
The first-run script fails if the log appears to contain database URLs,
|
|
73
|
-
fixture passwords, or bearer tokens.
|
|
@@ -1,35 +0,0 @@
|
|
|
1
|
-
# Dependency License Inventory
|
|
2
|
-
|
|
3
|
-
Generated during the ELv2 migration with:
|
|
4
|
-
|
|
5
|
-
```bash
|
|
6
|
-
corepack pnpm licenses list --json
|
|
7
|
-
```
|
|
8
|
-
|
|
9
|
-
Summary from the current lockfile/install:
|
|
10
|
-
|
|
11
|
-
| License | Package entries |
|
|
12
|
-
| --- | ---: |
|
|
13
|
-
| MIT | 149 |
|
|
14
|
-
| Apache-2.0 | 4 |
|
|
15
|
-
| BSD-3-Clause | 3 |
|
|
16
|
-
| BSD-2-Clause | 1 |
|
|
17
|
-
| ISC | 11 |
|
|
18
|
-
|
|
19
|
-
Apache-2.0 dependency entries reported by pnpm:
|
|
20
|
-
|
|
21
|
-
- `denque@2.1.0`
|
|
22
|
-
- `expect-type@1.3.0`
|
|
23
|
-
- `long@5.3.2`
|
|
24
|
-
- `typescript@5.9.3`
|
|
25
|
-
|
|
26
|
-
This file is an inventory summary, not a replacement for dependency license
|
|
27
|
-
review. Third-party dependency licenses and notices are not changed by the
|
|
28
|
-
first-party Synapsor Runner ELv2 migration.
|
|
29
|
-
|
|
30
|
-
Before public release:
|
|
31
|
-
|
|
32
|
-
- regenerate this inventory from a clean install;
|
|
33
|
-
- review dependency notices with counsel or the release owner;
|
|
34
|
-
- keep third-party notices separate from the first-party Synapsor Runner
|
|
35
|
-
license.
|
package/docs/first-10-minutes.md
DELETED
|
@@ -1,147 +0,0 @@
|
|
|
1
|
-
# First 10 Minutes
|
|
2
|
-
|
|
3
|
-
This path is for a developer who cloned Synapsor Runner and wants to understand
|
|
4
|
-
the product without reading the full docs first.
|
|
5
|
-
|
|
6
|
-
## What You Need
|
|
7
|
-
|
|
8
|
-
- Docker CLI.
|
|
9
|
-
- Reachable Docker daemon.
|
|
10
|
-
- Free local ports: `55433`, `55434`, `55435`, and `53307`.
|
|
11
|
-
- A few GB of free disk for the local demo image and disposable databases.
|
|
12
|
-
|
|
13
|
-
You do not need:
|
|
14
|
-
|
|
15
|
-
- Synapsor Cloud account.
|
|
16
|
-
- API key.
|
|
17
|
-
- Hosted workspace.
|
|
18
|
-
- Host Node/Corepack setup for the first command.
|
|
19
|
-
- Database credentials.
|
|
20
|
-
|
|
21
|
-
## Run One Command
|
|
22
|
-
|
|
23
|
-
```bash
|
|
24
|
-
./scripts/try-synapsor.sh
|
|
25
|
-
```
|
|
26
|
-
|
|
27
|
-
The script writes noisy logs to:
|
|
28
|
-
|
|
29
|
-
```text
|
|
30
|
-
./.synapsor/logs/try-synapsor-<timestamp>.log
|
|
31
|
-
```
|
|
32
|
-
|
|
33
|
-
If something fails, it prints the failing check and the log path.
|
|
34
|
-
|
|
35
|
-
## What The Script Proves
|
|
36
|
-
|
|
37
|
-
The script runs disposable Postgres and MySQL MCP examples and checks that the
|
|
38
|
-
demo actually proves the Synapsor boundary:
|
|
39
|
-
|
|
40
|
-
- MCP `tools/list` contains semantic tools.
|
|
41
|
-
- MCP `tools/list` does not contain `execute_sql`.
|
|
42
|
-
- The agent inspects one business row through trusted tenant scope.
|
|
43
|
-
- The agent creates a proposal with an exact before/after diff.
|
|
44
|
-
- The source row is unchanged after proposal creation.
|
|
45
|
-
- Approval happens outside the model-facing MCP tool surface.
|
|
46
|
-
- The trusted runner applies a reviewed single-row writeback or blocks a stale
|
|
47
|
-
row conflict.
|
|
48
|
-
- Replay exists for the proposal, evidence, approval, receipt, and conflict
|
|
49
|
-
decision.
|
|
50
|
-
- The first-run log does not contain database URLs, passwords, bearer tokens, or
|
|
51
|
-
write credentials.
|
|
52
|
-
|
|
53
|
-
## The Mental Model
|
|
54
|
-
|
|
55
|
-
```text
|
|
56
|
-
MCP client
|
|
57
|
-
-> semantic business tool
|
|
58
|
-
-> trusted tenant/principal context
|
|
59
|
-
-> scoped read from Postgres/MySQL
|
|
60
|
-
-> evidence and exact proposal diff
|
|
61
|
-
-> local approval outside MCP
|
|
62
|
-
-> guarded single-row writeback
|
|
63
|
-
-> applied/conflict/failed receipt
|
|
64
|
-
-> local replay
|
|
65
|
-
```
|
|
66
|
-
|
|
67
|
-
The model gets inspect/propose authority. The trusted runner owns commit
|
|
68
|
-
authority.
|
|
69
|
-
|
|
70
|
-
## Next Command 1: Open The Local UI
|
|
71
|
-
|
|
72
|
-
```bash
|
|
73
|
-
npx -y -p @synapsor/runner@alpha synapsor ui --tour \
|
|
74
|
-
--config ./examples/mcp-postgres-billing/synapsor.runner.json \
|
|
75
|
-
--store ./.synapsor/local.db
|
|
76
|
-
```
|
|
77
|
-
|
|
78
|
-
The UI binds to `127.0.0.1`, prints a local URL with a per-run token, and shows
|
|
79
|
-
the proposal/evidence/replay loop. Approval and rejection require CSRF
|
|
80
|
-
protection.
|
|
81
|
-
|
|
82
|
-
## Next Command 2: Run The Reference App
|
|
83
|
-
|
|
84
|
-
```bash
|
|
85
|
-
corepack pnpm demo:reference
|
|
86
|
-
```
|
|
87
|
-
|
|
88
|
-
The reference app uses a disposable support/billing Postgres database and proves:
|
|
89
|
-
|
|
90
|
-
- semantic MCP tools;
|
|
91
|
-
- source DB unchanged after proposal;
|
|
92
|
-
- approval outside MCP;
|
|
93
|
-
- guarded writeback;
|
|
94
|
-
- stale-row conflict;
|
|
95
|
-
- replay export.
|
|
96
|
-
|
|
97
|
-
## Next Command 3: Generate MCP Client Config
|
|
98
|
-
|
|
99
|
-
```bash
|
|
100
|
-
npx -y -p @synapsor/runner@alpha synapsor mcp config claude-desktop \
|
|
101
|
-
--absolute-paths \
|
|
102
|
-
--config ./examples/mcp-postgres-billing/synapsor.runner.json \
|
|
103
|
-
--store ./.synapsor/local.db
|
|
104
|
-
```
|
|
105
|
-
|
|
106
|
-
Paste the printed JSON into your MCP client settings. The config contains
|
|
107
|
-
command paths only. It must not contain database URLs, passwords, approval
|
|
108
|
-
tools, commit tools, or write credentials.
|
|
109
|
-
|
|
110
|
-
Verify the configured tool boundary with:
|
|
111
|
-
|
|
112
|
-
```bash
|
|
113
|
-
npx -y -p @synapsor/runner@alpha synapsor tools preview \
|
|
114
|
-
--config ./examples/mcp-postgres-billing/synapsor.runner.json \
|
|
115
|
-
--store ./.synapsor/local.db
|
|
116
|
-
```
|
|
117
|
-
|
|
118
|
-
## Next Command 4: Use Your Own Staging Database
|
|
119
|
-
|
|
120
|
-
After the fixture demo makes sense, point the local runtime at one staging
|
|
121
|
-
Postgres/MySQL database:
|
|
122
|
-
|
|
123
|
-
```bash
|
|
124
|
-
export DATABASE_URL="<postgres-or-mysql-read-url>"
|
|
125
|
-
./scripts/use-your-db.sh
|
|
126
|
-
```
|
|
127
|
-
|
|
128
|
-
The wrapper inspects metadata, opens the guided config wizard, previews the MCP
|
|
129
|
-
tool boundary, and prints the serve/UI commands. It does not print your
|
|
130
|
-
database URL or write credentials.
|
|
131
|
-
|
|
132
|
-
## Reset
|
|
133
|
-
|
|
134
|
-
If a prior run left stale containers, ports, logs, or local stores:
|
|
135
|
-
|
|
136
|
-
```bash
|
|
137
|
-
./scripts/try-synapsor.sh --reset
|
|
138
|
-
```
|
|
139
|
-
|
|
140
|
-
For noninteractive cleanup in CI:
|
|
141
|
-
|
|
142
|
-
```bash
|
|
143
|
-
./scripts/try-synapsor.sh --reset --yes
|
|
144
|
-
```
|
|
145
|
-
|
|
146
|
-
The reset path removes demo containers, demo volumes, temporary local stores,
|
|
147
|
-
generated MCP snippets under `.synapsor/mcp`, and first-run logs.
|
package/docs/licensing.md
DELETED
|
@@ -1,38 +0,0 @@
|
|
|
1
|
-
# Licensing
|
|
2
|
-
|
|
3
|
-
Synapsor Runner is open source under the Apache License 2.0 (`Apache-2.0`).
|
|
4
|
-
|
|
5
|
-
This page is a plain-English summary, not legal advice. If this summary
|
|
6
|
-
conflicts with `../LICENSE`, the `LICENSE` file controls.
|
|
7
|
-
|
|
8
|
-
Apache-2.0 applies to the code in this runner repository. It grants copyright
|
|
9
|
-
and patent rights under the license terms.
|
|
10
|
-
|
|
11
|
-
Apache-2.0 does not grant trademark rights. The Synapsor name, Synapsor Runner
|
|
12
|
-
name, logos, hosted Cloud service, and proprietary Synapsor platform features
|
|
13
|
-
remain separate. See `../TRADEMARKS.md`.
|
|
14
|
-
|
|
15
|
-
This license change applies only to `synapsor-runner`.
|
|
16
|
-
|
|
17
|
-
It does not open source:
|
|
18
|
-
|
|
19
|
-
- Synapsor Cloud;
|
|
20
|
-
- the hosted control plane;
|
|
21
|
-
- hosted capability registry;
|
|
22
|
-
- advanced policy/capability compiler;
|
|
23
|
-
- team approvals, RBAC, or SSO;
|
|
24
|
-
- hosted audit/evidence ledger;
|
|
25
|
-
- managed runners;
|
|
26
|
-
- production writeback orchestration;
|
|
27
|
-
- workflow builder;
|
|
28
|
-
- native Synapsor engine;
|
|
29
|
-
- C++/DBMS internals;
|
|
30
|
-
- branching, time travel, or settlement;
|
|
31
|
-
- compliance exports or production support/SLA.
|
|
32
|
-
|
|
33
|
-
Synapsor Cloud is a separate hosted commercial service. Use Cloud when your team
|
|
34
|
-
needs shared approvals, RBAC, hosted evidence/replay search, runner fleet
|
|
35
|
-
status, leases, retention, audit visibility, enterprise controls, and support.
|
|
36
|
-
|
|
37
|
-
Before public release, license and trademark text must be reviewed by qualified
|
|
38
|
-
counsel.
|
package/docs/local-ui.md
DELETED
|
@@ -1,163 +0,0 @@
|
|
|
1
|
-
# Local UI
|
|
2
|
-
|
|
3
|
-
`synapsor ui` starts a lightweight browser review surface for a local Runner
|
|
4
|
-
store.
|
|
5
|
-
|
|
6
|
-
From a source checkout, use `./bin/synapsor ui ...` if the global binary is not
|
|
7
|
-
linked yet.
|
|
8
|
-
|
|
9
|
-
```bash
|
|
10
|
-
npx -y -p @synapsor/runner@alpha synapsor ui --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
11
|
-
```
|
|
12
|
-
|
|
13
|
-
By default it binds to localhost only and prints a per-run URL:
|
|
14
|
-
|
|
15
|
-
```text
|
|
16
|
-
Synapsor Runner local UI: http://127.0.0.1:51234/?token=...
|
|
17
|
-
```
|
|
18
|
-
|
|
19
|
-
Use the UI after `synapsor mcp serve` has created local proposals. The UI is a
|
|
20
|
-
review surface; it is not a raw SQL console and it does not serve MCP tools.
|
|
21
|
-
|
|
22
|
-
## The Review Console
|
|
23
|
-
|
|
24
|
-
Selecting a proposal opens a **Review** tab that tells the story of what
|
|
25
|
-
happened, step by step, instead of leading with raw JSON:
|
|
26
|
-
|
|
27
|
-
1. **Agent requested a change** — the semantic tool that was called and the
|
|
28
|
-
object it targeted (for example `billing.propose_late_fee_waiver for
|
|
29
|
-
INV-3001`). The model could request, but had no SQL, approve, or commit
|
|
30
|
-
tools.
|
|
31
|
-
2. **Synapsor Runner created a proposal** — proposal id, tenant, and principal.
|
|
32
|
-
3. **The proposed change** — an exact before/proposed field diff.
|
|
33
|
-
4. **Safety result** — `Source database changed: No/Yes`.
|
|
34
|
-
5. **Approval boundary** — “Approval happened outside MCP. The model did not get
|
|
35
|
-
approve or commit tools,” plus the current approval status.
|
|
36
|
-
6. **Commit result** — the terminal outcome in plain language, e.g. “Conflict:
|
|
37
|
-
the row changed after the proposal. No write applied,” with an expandable
|
|
38
|
-
guard checklist.
|
|
39
|
-
7. **Replay** — a timeline of evidence, proposal, approval, writeback receipt,
|
|
40
|
-
and conflict events.
|
|
41
|
-
|
|
42
|
-
A second **View raw JSON** tab exposes the full proposal, events, receipts, and
|
|
43
|
-
evidence payloads for developers who want the underlying records. Each
|
|
44
|
-
configuration card also keeps its raw JSON behind a per-card drawer.
|
|
45
|
-
|
|
46
|
-
## What It Shows
|
|
47
|
-
|
|
48
|
-
The setup summary shows:
|
|
49
|
-
|
|
50
|
-
- config path and local store path;
|
|
51
|
-
- Runner mode;
|
|
52
|
-
- source engine and environment-variable names;
|
|
53
|
-
- trusted context binding;
|
|
54
|
-
- selected table/view targets;
|
|
55
|
-
- semantic capabilities;
|
|
56
|
-
- config validation status;
|
|
57
|
-
- whether forbidden model-facing tools such as raw SQL or approval/commit tools
|
|
58
|
-
are present.
|
|
59
|
-
|
|
60
|
-
The tools view shows:
|
|
61
|
-
|
|
62
|
-
- semantic tool names;
|
|
63
|
-
- read/proposal labels;
|
|
64
|
-
- target table/view;
|
|
65
|
-
- input schema;
|
|
66
|
-
- hidden trusted bindings;
|
|
67
|
-
- visible columns;
|
|
68
|
-
- allowed patch columns;
|
|
69
|
-
- conflict guard;
|
|
70
|
-
- clear “No raw SQL” status.
|
|
71
|
-
|
|
72
|
-
The proposals view shows:
|
|
73
|
-
|
|
74
|
-
- pending, approved, rejected, applied, conflict, and failed states;
|
|
75
|
-
- tenant/object/principal;
|
|
76
|
-
- source database changed: yes/no;
|
|
77
|
-
- source row before approval/writeback;
|
|
78
|
-
- proposed patch values;
|
|
79
|
-
- expected version guard;
|
|
80
|
-
- exact before/proposed field diff;
|
|
81
|
-
- evidence handle and summary;
|
|
82
|
-
- receipts when present.
|
|
83
|
-
|
|
84
|
-
The review panel lets a local reviewer:
|
|
85
|
-
|
|
86
|
-
- approve outside the model-facing MCP tool surface;
|
|
87
|
-
- reject with a reason;
|
|
88
|
-
- see the message “The model can propose this change. It cannot approve or
|
|
89
|
-
commit it.” before execution;
|
|
90
|
-
- see “Commit executed by trusted runner” after terminal writeback;
|
|
91
|
-
- see “Conflict: source row changed after proposal” for stale-row cases;
|
|
92
|
-
- inspect the guard checklist for tenant scope, allowed columns, primary key,
|
|
93
|
-
conflict/version column, idempotency key, and affected-row count;
|
|
94
|
-
- inspect writeback mode and executor status;
|
|
95
|
-
- inspect replay for the selected proposal.
|
|
96
|
-
|
|
97
|
-
Approval and rejection record the reviewer identity against the exact proposal
|
|
98
|
-
hash/version in the local SQLite proposal store.
|
|
99
|
-
|
|
100
|
-
## Security Boundary
|
|
101
|
-
|
|
102
|
-
The local UI keeps the same authority split as the CLI:
|
|
103
|
-
|
|
104
|
-
```text
|
|
105
|
-
MCP tool call = request/proposal authority
|
|
106
|
-
Trusted local UI/CLI reviewer = approval authority
|
|
107
|
-
Trusted runner apply path = execution authority
|
|
108
|
-
```
|
|
109
|
-
|
|
110
|
-
Security behavior:
|
|
111
|
-
|
|
112
|
-
- binds to `127.0.0.1` by default;
|
|
113
|
-
- refuses non-localhost binding unless `--allow-remote-bind` is explicitly
|
|
114
|
-
passed;
|
|
115
|
-
- requires a per-run local session token;
|
|
116
|
-
- sets the local session token in an HttpOnly SameSite cookie after the first
|
|
117
|
-
token URL load;
|
|
118
|
-
- requires a CSRF token for approve/reject actions;
|
|
119
|
-
- does not expose database URLs, passwords, bearer tokens, runner tokens, or
|
|
120
|
-
obvious secret strings in JSON API responses;
|
|
121
|
-
- does not expose a raw SQL editor;
|
|
122
|
-
- does not expose approval, commit, or writeback tools through MCP;
|
|
123
|
-
- does not allow widening configured tables, columns, or mutable fields from the
|
|
124
|
-
browser.
|
|
125
|
-
|
|
126
|
-
The UI displays proposal business data from the local store, so use reviewed
|
|
127
|
-
visible columns and denied-column rules before creating proposals. Obvious
|
|
128
|
-
secret-looking fields and connection strings are redacted defensively, but the
|
|
129
|
-
UI is not a replacement for selecting safe capability projections.
|
|
130
|
-
|
|
131
|
-
## Remote Binding
|
|
132
|
-
|
|
133
|
-
For normal use, do not bind the UI to anything except localhost.
|
|
134
|
-
|
|
135
|
-
For a deliberate trusted local-network demo:
|
|
136
|
-
|
|
137
|
-
```bash
|
|
138
|
-
npx -y -p @synapsor/runner@alpha synapsor ui --host 0.0.0.0 --allow-remote-bind
|
|
139
|
-
```
|
|
140
|
-
|
|
141
|
-
Do this only in an isolated environment. The local UI is not a hosted
|
|
142
|
-
multi-user approval product; use Synapsor Cloud when a team needs shared RBAC,
|
|
143
|
-
approval queues, audit retention, and hosted replay search.
|
|
144
|
-
|
|
145
|
-
## Current Limits
|
|
146
|
-
|
|
147
|
-
The UI is intentionally small in the current alpha:
|
|
148
|
-
|
|
149
|
-
- proposal review and replay only;
|
|
150
|
-
- no graphical capability builder;
|
|
151
|
-
- no raw SQL editor;
|
|
152
|
-
- no direct writeback apply button;
|
|
153
|
-
- no hosted/team auth;
|
|
154
|
-
- no Cloud approval queue replacement.
|
|
155
|
-
|
|
156
|
-
Use the CLI apply path after approval:
|
|
157
|
-
|
|
158
|
-
```bash
|
|
159
|
-
npx -y -p @synapsor/runner@alpha synapsor proposals writeback-job wrp_123 --store ./.synapsor/local.db --output job.json
|
|
160
|
-
SYNAPSOR_ENGINE=postgres \
|
|
161
|
-
SYNAPSOR_DATABASE_URL="$SYNAPSOR_DATABASE_WRITE_URL" \
|
|
162
|
-
npx -y -p @synapsor/runner@alpha synapsor apply --job job.json --config synapsor.runner.json --store ./.synapsor/local.db
|
|
163
|
-
```
|
|
@@ -1,84 +0,0 @@
|
|
|
1
|
-
# MCP Efficiency Benchmark
|
|
2
|
-
|
|
3
|
-
Run:
|
|
4
|
-
|
|
5
|
-
From a source checkout, use `corepack pnpm runner benchmark mcp-efficiency`.
|
|
6
|
-
The global `synapsor` command is only needed after installing or linking the
|
|
7
|
-
CLI.
|
|
8
|
-
|
|
9
|
-
```bash
|
|
10
|
-
npx -y -p @synapsor/runner@alpha synapsor benchmark mcp-efficiency
|
|
11
|
-
```
|
|
12
|
-
|
|
13
|
-
For machine-readable output:
|
|
14
|
-
|
|
15
|
-
```bash
|
|
16
|
-
npx -y -p @synapsor/runner@alpha synapsor benchmark mcp-efficiency --json
|
|
17
|
-
```
|
|
18
|
-
|
|
19
|
-
The benchmark compares an included fixture, not universal model behavior.
|
|
20
|
-
|
|
21
|
-
Current fixture:
|
|
22
|
-
|
|
23
|
-
```text
|
|
24
|
-
late-fee-waiver
|
|
25
|
-
```
|
|
26
|
-
|
|
27
|
-
Checked-in snapshots:
|
|
28
|
-
|
|
29
|
-
```text
|
|
30
|
-
fixtures/benchmark/mcp-efficiency.txt
|
|
31
|
-
fixtures/benchmark/mcp-efficiency.json
|
|
32
|
-
```
|
|
33
|
-
|
|
34
|
-
The CLI tests compare both human-readable and machine-readable output against
|
|
35
|
-
those snapshots, so changes to the fixture, tokenizer, measurements, or wording
|
|
36
|
-
are reviewable.
|
|
37
|
-
|
|
38
|
-
Reference path:
|
|
39
|
-
|
|
40
|
-
```text
|
|
41
|
-
list_tables
|
|
42
|
-
describe_table invoices
|
|
43
|
-
query_database SELECT invoice
|
|
44
|
-
formulate raw UPDATE
|
|
45
|
-
execute_sql UPDATE invoice
|
|
46
|
-
```
|
|
47
|
-
|
|
48
|
-
Synapsor Runner semantic path:
|
|
49
|
-
|
|
50
|
-
```text
|
|
51
|
-
billing.inspect_invoice
|
|
52
|
-
billing.propose_late_fee_waiver
|
|
53
|
-
```
|
|
54
|
-
|
|
55
|
-
It measures:
|
|
56
|
-
|
|
57
|
-
- number of exposed tools;
|
|
58
|
-
- serialized `tools/list` bytes;
|
|
59
|
-
- token count with a pinned deterministic fixture tokenizer;
|
|
60
|
-
- scripted tool-call count;
|
|
61
|
-
- schema/context bytes and tokens exposed;
|
|
62
|
-
- business result bytes and tokens;
|
|
63
|
-
- whether raw SQL is exposed;
|
|
64
|
-
- whether write credentials are exposed;
|
|
65
|
-
- whether approval is separated;
|
|
66
|
-
- whether stale-row conflict is checked.
|
|
67
|
-
|
|
68
|
-
Tokenizer:
|
|
69
|
-
|
|
70
|
-
```text
|
|
71
|
-
synapsor-fixture-tokenizer-v1
|
|
72
|
-
```
|
|
73
|
-
|
|
74
|
-
This tokenizer is a deterministic regex tokenizer used only for repeatable
|
|
75
|
-
fixture comparison. It is not a model billing tokenizer.
|
|
76
|
-
|
|
77
|
-
Allowed README phrasing after implementation:
|
|
78
|
-
|
|
79
|
-
> In the included fixture, semantic capabilities replace generic schema
|
|
80
|
-
> exploration and raw SQL with two compact business tools. Run the benchmark to
|
|
81
|
-
> inspect tool definitions, reference tool-call count, and tokenized context
|
|
82
|
-
> size.
|
|
83
|
-
|
|
84
|
-
Do not claim guaranteed percentage savings across workloads.
|
package/docs/operations.md
DELETED
|
@@ -1,38 +0,0 @@
|
|
|
1
|
-
# Operations
|
|
2
|
-
|
|
3
|
-
## Required configuration
|
|
4
|
-
|
|
5
|
-
- `SYNAPSOR_CONTROL_PLANE_URL`
|
|
6
|
-
- `SYNAPSOR_RUNNER_TOKEN`
|
|
7
|
-
- `SYNAPSOR_RUNNER_ID`
|
|
8
|
-
- `SYNAPSOR_SOURCE_ID`
|
|
9
|
-
- `SYNAPSOR_DATABASE_URL`
|
|
10
|
-
- `SYNAPSOR_ENGINE=postgres|mysql`
|
|
11
|
-
|
|
12
|
-
## Routine checks
|
|
13
|
-
|
|
14
|
-
```bash
|
|
15
|
-
npx -y -p @synapsor/runner@alpha synapsor doctor
|
|
16
|
-
npx -y -p @synapsor/runner@alpha synapsor validate --job examples/postgres-support/job.approved.json
|
|
17
|
-
npx -y -p @synapsor/runner@alpha synapsor validate --job examples/mysql-orders/job.approved.json
|
|
18
|
-
```
|
|
19
|
-
|
|
20
|
-
`doctor` validates local configuration, calls Synapsor's runner-token doctor endpoint, confirms the token is authenticated for the configured source, checks database reachability and engine version, creates/verifies `synapsor_writeback_receipts`, and performs a rollback-only receipt insert to prove the configured credential can write runner receipts. It does not mutate business tables.
|
|
21
|
-
|
|
22
|
-
## Local fixture smoke
|
|
23
|
-
|
|
24
|
-
Run this before cutting a release or changing the adapters:
|
|
25
|
-
|
|
26
|
-
```bash
|
|
27
|
-
corepack pnpm test:docker
|
|
28
|
-
```
|
|
29
|
-
|
|
30
|
-
The smoke starts the local Postgres and MySQL fixtures, validates approved jobs, applies one guarded single-row update, retries the same idempotency key, verifies stale-version conflict, verifies tenant mismatch rejection, verifies disallowed-column validation, and tears down the containers with volumes.
|
|
31
|
-
|
|
32
|
-
## Shutdown
|
|
33
|
-
|
|
34
|
-
The runner handles `SIGINT` and `SIGTERM` by stopping the poll loop. In-flight database transactions complete or roll back through the adapter.
|
|
35
|
-
|
|
36
|
-
## Logs
|
|
37
|
-
|
|
38
|
-
Default logs include runner id, job id, proposal id, source id, engine, schema/table names, patch column names, status/error code, and durations. Logs must not include database URL/password, runner token, full patch values, full source rows, or customer data.
|