@synapsor/runner 0.1.0-alpha.4 → 0.1.0-alpha.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +193 -25
- package/dist/cli.d.ts.map +1 -1
- package/dist/runner.mjs +903 -80
- package/docs/README.md +32 -54
- package/docs/getting-started-own-database.md +40 -8
- package/docs/http-mcp.md +200 -0
- package/docs/local-mode.md +40 -4
- package/docs/mcp-audit.md +0 -4
- package/docs/mcp-client-setup.md +40 -1
- package/examples/openai-agents-http/README.md +55 -0
- package/examples/openai-agents-http/agent.py +90 -0
- package/examples/openai-agents-http/requirements.txt +1 -0
- package/examples/openai-agents-stdio/README.md +62 -0
- package/examples/openai-agents-stdio/agent.py +70 -0
- package/examples/openai-agents-stdio/requirements.txt +1 -0
- package/package.json +3 -1
- package/docs/MCP_RUNNER_IMPLEMENTATION_PLAN.md +0 -187
- package/docs/architecture.md +0 -65
- package/docs/capability-config.md +0 -180
- package/docs/cloud-mode.md +0 -140
- package/docs/config-migrations.md +0 -67
- package/docs/demo-transcript.md +0 -161
- package/docs/dependency-license-inventory.md +0 -35
- package/docs/first-10-minutes.md +0 -172
- package/docs/licensing.md +0 -38
- package/docs/local-ui.md +0 -163
- package/docs/mcp-efficiency-benchmark.md +0 -84
- package/docs/open-source-feature-inventory.md +0 -254
- package/docs/operations.md +0 -38
- package/docs/own-db-20-minutes.md +0 -185
- package/docs/production-readiness.md +0 -39
- package/docs/protocol.md +0 -90
- package/docs/roadmap.md +0 -13
- package/docs/schema-inspection.md +0 -88
- package/docs/shadow-mode.md +0 -67
- package/docs/telemetry.md +0 -28
- package/docs/threat-model.md +0 -25
- package/docs/trusted-context.md +0 -70
package/README.md
CHANGED
|
@@ -7,46 +7,180 @@ Runner lets an MCP agent inspect scoped data and request database-backed
|
|
|
7
7
|
business actions without receiving raw SQL, write credentials, approval tools,
|
|
8
8
|
or commit tools.
|
|
9
9
|
|
|
10
|
-
|
|
10
|
+
```text
|
|
11
|
+
AI agent or MCP client
|
|
12
|
+
(Claude, Cursor, OpenAI Agents SDK, LangGraph)
|
|
13
|
+
|
|
|
14
|
+
| calls reviewed MCP tool
|
|
15
|
+
v
|
|
16
|
+
+--------------------------------+
|
|
17
|
+
| Synapsor Runner MCP |
|
|
18
|
+
| semantic capabilities only |
|
|
19
|
+
| trusted tenant/principal ctx |
|
|
20
|
+
| evidence + query audit |
|
|
21
|
+
+--------------------------------+
|
|
22
|
+
|
|
|
23
|
+
| scoped read / guarded proposal
|
|
24
|
+
v
|
|
25
|
+
+--------------------------------+
|
|
26
|
+
| Your Postgres or MySQL |
|
|
27
|
+
| source of truth |
|
|
28
|
+
+--------------------------------+
|
|
29
|
+
|
|
30
|
+
Local Runner store:
|
|
31
|
+
evidence · query audit · proposals · receipts · replay
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
Your database stays the source of truth. Synapsor Runner owns the
|
|
35
|
+
model-facing boundary: what the agent can read, what it can propose, what
|
|
36
|
+
evidence is saved, and what can later be reviewed or replayed.
|
|
37
|
+
|
|
38
|
+
## What Runner Does
|
|
39
|
+
|
|
40
|
+
When an agent uses Runner:
|
|
41
|
+
|
|
42
|
+
- the model gets reviewed capabilities, not raw database authority;
|
|
43
|
+
- reads produce evidence handles and query audit;
|
|
44
|
+
- writes become proposals, not direct mutations;
|
|
45
|
+
- approval and writeback happen outside the model-facing MCP surface;
|
|
46
|
+
- replay shows what the agent saw, proposed, and what was applied or blocked.
|
|
47
|
+
|
|
48
|
+
## Start Here
|
|
49
|
+
|
|
50
|
+
Run the guided quick demo first. It does not require Docker, a database, a
|
|
51
|
+
config file, an MCP client, or a Synapsor Cloud account.
|
|
11
52
|
|
|
12
53
|
```bash
|
|
13
|
-
npx -y -p @synapsor/runner@alpha synapsor --help
|
|
14
54
|
npx -y -p @synapsor/runner@alpha synapsor demo --quick
|
|
15
|
-
npx -y -p @synapsor/runner@alpha synapsor audit --example dangerous-db-mcp
|
|
16
55
|
```
|
|
17
56
|
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
`npm view @synapsor/runner@alpha version` still reports an older alpha, use
|
|
22
|
-
`./bin/synapsor ...` from this checkout or wait for the next alpha publish
|
|
23
|
-
before relying on those npm examples.
|
|
57
|
+
In a terminal, it walks through the safety model step by step. In CI, piped
|
|
58
|
+
output, or other non-interactive mode, it prints a short summary and exits
|
|
59
|
+
without waiting for Enter.
|
|
24
60
|
|
|
25
|
-
|
|
26
|
-
|
|
61
|
+
That command creates a local ledger fixture at `./.synapsor/quick-demo.db`.
|
|
62
|
+
It does not prove database connectivity. It shows the proposal, evidence, and
|
|
63
|
+
replay flow without giving the runner a database URL.
|
|
27
64
|
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
65
|
+
```bash
|
|
66
|
+
npx -y -p @synapsor/runner@alpha synapsor demo inspect
|
|
67
|
+
```
|
|
31
68
|
|
|
32
|
-
|
|
69
|
+
Human output is concise by default. Use `--details` for reviewer metadata or
|
|
70
|
+
`--json` for complete machine-readable records.
|
|
71
|
+
|
|
72
|
+
Useful quick-demo modes:
|
|
33
73
|
|
|
34
74
|
```bash
|
|
35
|
-
synapsor
|
|
36
|
-
synapsor
|
|
37
|
-
synapsor
|
|
75
|
+
synapsor demo --quick --guided
|
|
76
|
+
synapsor demo --quick --no-interactive
|
|
77
|
+
synapsor demo --quick --details
|
|
78
|
+
synapsor demo inspect --npx
|
|
79
|
+
```
|
|
80
|
+
|
|
81
|
+
Then choose one path:
|
|
82
|
+
|
|
83
|
+
```text
|
|
84
|
+
Full disposable proof -> npx -y -p @synapsor/runner@alpha synapsor demo
|
|
85
|
+
Your own staging DB -> export DATABASE_URL=... then run the inspect command below
|
|
86
|
+
MCP risk review -> npx -y -p @synapsor/runner@alpha synapsor audit --example dangerous-db-mcp
|
|
38
87
|
```
|
|
39
88
|
|
|
40
|
-
|
|
89
|
+
`synapsor` is the public command. `synapsor-runner` remains available as a
|
|
90
|
+
backward-compatible alias.
|
|
91
|
+
|
|
92
|
+
## Connect Your Own Staging Database
|
|
93
|
+
|
|
94
|
+
Put a read-only connection string in the environment:
|
|
41
95
|
|
|
42
96
|
```bash
|
|
43
97
|
export DATABASE_URL="postgresql://readonly_user:password@localhost:5432/app"
|
|
44
|
-
synapsor inspect --engine auto --from-env DATABASE_URL --schema public
|
|
45
|
-
synapsor init --wizard --engine auto --from-env DATABASE_URL --schema public
|
|
46
|
-
synapsor tools preview
|
|
47
|
-
synapsor mcp serve
|
|
48
98
|
```
|
|
49
99
|
|
|
100
|
+
For disposable dev RDS fixtures only, use `sslmode=no-verify` if your local
|
|
101
|
+
Node/Postgres TLS stack cannot verify the test certificate chain. For real
|
|
102
|
+
staging or production-like databases, keep certificate verification enabled.
|
|
103
|
+
|
|
104
|
+
Inspect metadata:
|
|
105
|
+
|
|
106
|
+
```bash
|
|
107
|
+
npx -y -p @synapsor/runner@alpha synapsor inspect \
|
|
108
|
+
--engine auto \
|
|
109
|
+
--from-env DATABASE_URL \
|
|
110
|
+
--schema public
|
|
111
|
+
```
|
|
112
|
+
|
|
113
|
+
Generate a reviewed read-only config first. The wizard creates this local
|
|
114
|
+
flow:
|
|
115
|
+
|
|
116
|
+
```text
|
|
117
|
+
trusted context -> capability -> MCP tool
|
|
118
|
+
```
|
|
119
|
+
|
|
120
|
+
It asks which table/view backs the context, which tenant/scope column and
|
|
121
|
+
backend session env vars are trusted, which fields are visible, and what
|
|
122
|
+
semantic capability name to expose.
|
|
123
|
+
|
|
124
|
+
```bash
|
|
125
|
+
npx -y -p @synapsor/runner@alpha synapsor init \
|
|
126
|
+
--wizard \
|
|
127
|
+
--engine auto \
|
|
128
|
+
--from-env DATABASE_URL \
|
|
129
|
+
--schema public \
|
|
130
|
+
--mode read_only
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
Preview and serve the semantic tools:
|
|
134
|
+
|
|
135
|
+
```bash
|
|
136
|
+
npx -y -p @synapsor/runner@alpha synapsor tools preview \
|
|
137
|
+
--config ./synapsor.runner.json \
|
|
138
|
+
--store ./.synapsor/local.db
|
|
139
|
+
|
|
140
|
+
npx -y -p @synapsor/runner@alpha synapsor mcp serve \
|
|
141
|
+
--config ./synapsor.runner.json \
|
|
142
|
+
--store ./.synapsor/local.db
|
|
143
|
+
```
|
|
144
|
+
|
|
145
|
+
## Two Ways To Run MCP
|
|
146
|
+
|
|
147
|
+
Use stdio when the MCP client runs locally and can launch Synapsor Runner. Use
|
|
148
|
+
HTTP when your agent service runs as an app/server and connects to a
|
|
149
|
+
long-running Runner process.
|
|
150
|
+
|
|
151
|
+
Local MCP clients:
|
|
152
|
+
|
|
153
|
+
```bash
|
|
154
|
+
synapsor mcp serve \
|
|
155
|
+
--config ./synapsor.runner.json \
|
|
156
|
+
--store ./.synapsor/local.db
|
|
157
|
+
```
|
|
158
|
+
|
|
159
|
+
App/server deployments:
|
|
160
|
+
|
|
161
|
+
```bash
|
|
162
|
+
export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-local-token"
|
|
163
|
+
|
|
164
|
+
synapsor mcp serve-http \
|
|
165
|
+
--config ./synapsor.runner.json \
|
|
166
|
+
--store ./.synapsor/local.db \
|
|
167
|
+
--auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
|
|
168
|
+
```
|
|
169
|
+
|
|
170
|
+
HTTP defaults to `127.0.0.1:8765`, requires bearer auth by default, and should
|
|
171
|
+
use private networking, TLS, and rate limits before being exposed beyond a
|
|
172
|
+
local machine.
|
|
173
|
+
|
|
174
|
+
OpenAI Agents SDK examples:
|
|
175
|
+
|
|
176
|
+
```text
|
|
177
|
+
examples/openai-agents-stdio/
|
|
178
|
+
examples/openai-agents-http/
|
|
179
|
+
```
|
|
180
|
+
|
|
181
|
+
Use `--mode review` only when you are ready to create proposal tools and test
|
|
182
|
+
guarded writeback with a separate trusted write credential.
|
|
183
|
+
|
|
50
184
|
The disposable reference app includes proposal-first write examples for:
|
|
51
185
|
|
|
52
186
|
- `billing.propose_late_fee_waiver`
|
|
@@ -62,9 +196,10 @@ For a longer local session, you can install the alpha package explicitly:
|
|
|
62
196
|
npm install -g @synapsor/runner@alpha
|
|
63
197
|
```
|
|
64
198
|
|
|
65
|
-
##
|
|
199
|
+
## Runtime Flow
|
|
66
200
|
|
|
67
|
-
The local runner
|
|
201
|
+
The local runner keeps the model-facing tool call separate from approval and
|
|
202
|
+
writeback:
|
|
68
203
|
|
|
69
204
|
```text
|
|
70
205
|
MCP tool call
|
|
@@ -106,6 +241,35 @@ Use Synapsor Runner when you also want the agent-facing layer: semantic tools,
|
|
|
106
241
|
trusted context, evidence handles, query audit, local inspection, and
|
|
107
242
|
proposal-first writes.
|
|
108
243
|
|
|
244
|
+
## Fixture Benchmark
|
|
245
|
+
|
|
246
|
+
Run the included MCP efficiency fixture:
|
|
247
|
+
|
|
248
|
+
```bash
|
|
249
|
+
synapsor benchmark mcp-efficiency
|
|
250
|
+
```
|
|
251
|
+
|
|
252
|
+
Current fixture result for the late-fee-waiver workflow:
|
|
253
|
+
|
|
254
|
+
```text
|
|
255
|
+
Generic database MCP reference:
|
|
256
|
+
exposed tools: 4
|
|
257
|
+
scripted tool calls: 5
|
|
258
|
+
raw SQL exposed: yes
|
|
259
|
+
approval separated: no
|
|
260
|
+
stale-row conflict checked: no
|
|
261
|
+
|
|
262
|
+
Synapsor Runner semantic path:
|
|
263
|
+
exposed tools: 2
|
|
264
|
+
scripted tool calls: 2
|
|
265
|
+
raw SQL exposed: no
|
|
266
|
+
approval separated: yes
|
|
267
|
+
stale-row conflict checked: yes
|
|
268
|
+
```
|
|
269
|
+
|
|
270
|
+
The fixture tokenizer is deterministic and repeatable for this package. It is
|
|
271
|
+
not a model billing tokenizer and not a universal token-savings claim.
|
|
272
|
+
|
|
109
273
|
## Find Evidence And Replay
|
|
110
274
|
|
|
111
275
|
The commands in this section require this checkout or an alpha package that
|
|
@@ -125,6 +289,10 @@ synapsor replay show --proposal wrp_...
|
|
|
125
289
|
synapsor replay show --replay replay_wrp_...
|
|
126
290
|
```
|
|
127
291
|
|
|
292
|
+
Default inspection output is meant for first-run clarity. Add `--details` for
|
|
293
|
+
target URIs, primary keys, proposal hash/version, conflict guards, query
|
|
294
|
+
fingerprints, event timestamps, and receipt internals.
|
|
295
|
+
|
|
128
296
|
Export captured evidence or proposal replay:
|
|
129
297
|
|
|
130
298
|
```bash
|
package/dist/cli.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";
|
|
1
|
+
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AA+BA,OAAO,EAOL,KAAK,gBAAgB,EAEtB,MAAM,mCAAmC,CAAC;AA4H3C,wBAAsB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CA8C1D;AA0DD,KAAK,SAAS,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE9E,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,GAAE;IACP,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;CACvC,GACL,OAAO,CAAC,MAAM,CAAC,CAiLjB"}
|