@synapsor/runner 0.1.0-alpha.4 → 0.1.0-alpha.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. package/README.md +193 -25
  2. package/dist/cli.d.ts.map +1 -1
  3. package/dist/runner.mjs +903 -80
  4. package/docs/README.md +32 -54
  5. package/docs/getting-started-own-database.md +40 -8
  6. package/docs/http-mcp.md +200 -0
  7. package/docs/local-mode.md +40 -4
  8. package/docs/mcp-audit.md +0 -4
  9. package/docs/mcp-client-setup.md +40 -1
  10. package/examples/openai-agents-http/README.md +55 -0
  11. package/examples/openai-agents-http/agent.py +90 -0
  12. package/examples/openai-agents-http/requirements.txt +1 -0
  13. package/examples/openai-agents-stdio/README.md +62 -0
  14. package/examples/openai-agents-stdio/agent.py +70 -0
  15. package/examples/openai-agents-stdio/requirements.txt +1 -0
  16. package/package.json +3 -1
  17. package/docs/MCP_RUNNER_IMPLEMENTATION_PLAN.md +0 -187
  18. package/docs/architecture.md +0 -65
  19. package/docs/capability-config.md +0 -180
  20. package/docs/cloud-mode.md +0 -140
  21. package/docs/config-migrations.md +0 -67
  22. package/docs/demo-transcript.md +0 -161
  23. package/docs/dependency-license-inventory.md +0 -35
  24. package/docs/first-10-minutes.md +0 -172
  25. package/docs/licensing.md +0 -38
  26. package/docs/local-ui.md +0 -163
  27. package/docs/mcp-efficiency-benchmark.md +0 -84
  28. package/docs/open-source-feature-inventory.md +0 -254
  29. package/docs/operations.md +0 -38
  30. package/docs/own-db-20-minutes.md +0 -185
  31. package/docs/production-readiness.md +0 -39
  32. package/docs/protocol.md +0 -90
  33. package/docs/roadmap.md +0 -13
  34. package/docs/schema-inspection.md +0 -88
  35. package/docs/shadow-mode.md +0 -67
  36. package/docs/telemetry.md +0 -28
  37. package/docs/threat-model.md +0 -25
  38. package/docs/trusted-context.md +0 -70
package/docs/README.md CHANGED
@@ -1,56 +1,34 @@
1
1
  # Synapsor Runner Docs
2
2
 
3
- Start with the practical paths, not the internals.
4
-
5
- ## Try The Local Trust Loop
6
-
7
- ```bash
8
- ./scripts/try-synapsor.sh
9
- ```
10
-
11
- This runs disposable Postgres/MySQL fixtures and proves the core loop:
12
-
13
- ```text
14
- MCP tool call
15
- -> trusted context
16
- -> scoped read
17
- -> evidence
18
- -> proposal diff
19
- -> approval outside MCP
20
- -> guarded commit or stale-row conflict
21
- -> receipt/replay
22
- ```
23
-
24
- Read: [First 10 Minutes](first-10-minutes.md).
25
-
26
- ## Use Your Own Staging Postgres/MySQL
27
-
28
- ```bash
29
- export DATABASE_URL="<postgres-or-mysql-read-url>"
30
- ./scripts/use-your-db.sh
31
- ```
32
-
33
- This inspects your schema, opens the guided setup, generates
34
- `synapsor.runner.json`, previews the semantic MCP tools, and prints the
35
- `mcp serve` and local UI commands.
36
-
37
- For disposable dev RDS databases with local CA issues:
38
-
39
- ```bash
40
- ./scripts/use-your-db.sh --allow-insecure-ssl
41
- ```
42
-
43
- Use certificate verification with the database CA bundle for real staging or
44
- production-like databases.
45
-
46
- Read: [Connect Your Own Database](getting-started-own-database.md).
47
-
48
- ## Important References
49
-
50
- - [Schema Inspection](schema-inspection.md)
51
- - [MCP Client Setup](mcp-client-setup.md)
52
- - [Capability Config](capability-config.md)
53
- - [Local UI](local-ui.md)
54
- - [Writeback Executors](writeback-executors.md)
55
- - [Security Boundary](security-boundary.md)
56
- - [Current Scope And Limitations](limitations.md)
3
+ Start with the README. Use these docs only when you need the next level of
4
+ detail.
5
+
6
+ ## First Setup
7
+
8
+ - [Connect Your Own Database](getting-started-own-database.md): inspect a
9
+ staging Postgres/MySQL database, generate `synapsor.runner.json`, preview
10
+ semantic tools, and serve them over MCP.
11
+ - [MCP Client Setup](mcp-client-setup.md): connect Claude, Cursor, VS Code, or
12
+ another stdio MCP client.
13
+ - [HTTP MCP](http-mcp.md): run Synapsor Runner as an authenticated HTTP MCP
14
+ service for app/server agents.
15
+
16
+ ## Safety And Operations
17
+
18
+ - [Security Boundary](security-boundary.md): what the model can and cannot see.
19
+ - [Current Limitations](limitations.md): current alpha scope.
20
+ - [Troubleshooting First Run](troubleshooting-first-run.md): common setup
21
+ failures and fixes.
22
+ - [Local Mode](local-mode.md): local store, proposals, approval, replay, and
23
+ writeback flow.
24
+
25
+ ## Features
26
+
27
+ - [MCP Audit](mcp-audit.md): static risk review for database MCP tools.
28
+ - [Recipes](recipes.md): starter business-capability templates.
29
+ - [Writeback Executors](writeback-executors.md): app-owned writeback handlers
30
+ for approved proposals.
31
+
32
+ The public docs intentionally stay small. Historical implementation reports,
33
+ release checklists, and internal planning notes are not part of the public
34
+ getting-started path.
@@ -7,6 +7,11 @@ Do not start with your most sensitive production database. The current alpha
7
7
  runner is a local commit-safety runtime for reviewed single-row business
8
8
  actions, not a production certification.
9
9
 
10
+ If you only ran `synapsor demo --quick`, you have tested the fixture-only
11
+ teaching path and local ledger commands. This page is the real own-database
12
+ path: it inspects your Postgres/MySQL metadata and generates reviewed semantic
13
+ tools from your selections.
14
+
10
15
  ## Fast path
11
16
 
12
17
  Set one read-only database URL and run the wrapper from this repo:
@@ -128,10 +133,17 @@ In an interactive terminal, run the guided wizard:
128
133
  npx -y -p @synapsor/runner@alpha synapsor init --from-env DATABASE_URL --mode read_only --wizard
129
134
  ```
130
135
 
131
- The generated capabilities are based on your selections. Synapsor Runner does
132
- not force billing, support, order, or any other built-in domain. You choose the
133
- namespace, object name, lookup argument, visible fields, proposal fields, guards,
134
- and approval role.
136
+ The generated context and capabilities are based on your selections. Synapsor
137
+ Runner does not force billing, support, order, or any other built-in domain.
138
+ The local shape is:
139
+
140
+ ```text
141
+ trusted context -> capability -> MCP tool
142
+ ```
143
+
144
+ You choose the source object, trusted tenant/principal bindings, namespace,
145
+ object name, lookup argument, visible fields, proposal fields, guards, and
146
+ approval role.
135
147
 
136
148
  Start with `read_only` to prove safe database reads first. Use `--mode review`
137
149
  when you are ready to create proposal tools and guarded writeback setup.
@@ -141,9 +153,10 @@ The wizard:
141
153
  - asks for the engine and read URL environment-variable name;
142
154
  - tests read connectivity through schema inspection;
143
155
  - lists discovered schemas and tables/views;
144
- - asks you to confirm primary key, tenant/scope column, conflict/version
145
- column, visible columns, mode, semantic names, trusted context env vars, and
146
- proposal patch mappings;
156
+ - asks which source object backs the local context;
157
+ - asks which tenant/scope column and backend session env vars are trusted;
158
+ - asks you to confirm primary key, conflict/version column, visible columns,
159
+ mode, semantic capability names, and proposal patch mappings;
147
160
  - previews the MCP tools and what is not exposed;
148
161
  - writes the generated config, `.env.example`, and MCP client snippets only
149
162
  after final confirmation.
@@ -302,12 +315,31 @@ npx -y -p @synapsor/runner@alpha synapsor doctor --config synapsor.runner.json -
302
315
 
303
316
  ## 8. Serve semantic MCP tools
304
317
 
318
+ Use stdio when a local MCP client can launch Synapsor Runner:
319
+
305
320
  ```bash
306
321
  export SYNAPSOR_TENANT_ID="acme"
307
322
  export SYNAPSOR_PRINCIPAL="local_operator"
308
323
  npx -y -p @synapsor/runner@alpha synapsor mcp serve --config ./synapsor.runner.json --store ./.synapsor/local.db
309
324
  ```
310
325
 
326
+ Use HTTP when an app/server agent connects to a long-running Runner process:
327
+
328
+ ```bash
329
+ export SYNAPSOR_TENANT_ID="acme"
330
+ export SYNAPSOR_PRINCIPAL="local_operator"
331
+ export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-local-token"
332
+
333
+ npx -y -p @synapsor/runner@alpha synapsor mcp serve-http \
334
+ --config ./synapsor.runner.json \
335
+ --store ./.synapsor/local.db \
336
+ --auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
337
+ ```
338
+
339
+ HTTP defaults to `127.0.0.1:8765` and requires bearer auth by default. Use
340
+ private networking/TLS before exposing it beyond localhost. See
341
+ [HTTP MCP](http-mcp.md).
342
+
311
343
  The model-facing MCP server exposes semantic tools such as:
312
344
 
313
345
  ```text
@@ -349,7 +381,7 @@ payload, not arbitrary model SQL:
349
381
  npx -y -p @synapsor/runner@alpha synapsor apply --proposal wrp_123 --config synapsor.runner.json --store ./.synapsor/local.db
350
382
  ```
351
383
 
352
- See `docs/writeback-executors.md`.
384
+ See [Writeback Executors](writeback-executors.md).
353
385
 
354
386
  Replay afterward:
355
387
 
@@ -0,0 +1,200 @@
1
+ # HTTP MCP
2
+
3
+ Use HTTP MCP when an app, server-side agent, container, or Python/Node process
4
+ needs to connect to a long-running Synapsor Runner service.
5
+
6
+ Use stdio MCP when a local MCP client such as Claude Desktop, Cursor, or a
7
+ local agent tool can launch Synapsor Runner directly.
8
+
9
+ ## Start The HTTP Server
10
+
11
+ ```bash
12
+ export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-local-token"
13
+
14
+ synapsor mcp serve-http \
15
+ --host 127.0.0.1 \
16
+ --port 8765 \
17
+ --config ./synapsor.runner.json \
18
+ --store ./.synapsor/local.db \
19
+ --auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
20
+ ```
21
+
22
+ Defaults:
23
+
24
+ ```text
25
+ host: 127.0.0.1
26
+ port: 8765
27
+ auth: bearer token required
28
+ cors: disabled
29
+ ```
30
+
31
+ Startup output prints the URL, config path, store path, and token environment
32
+ variable name. It does not print token values or database URLs.
33
+
34
+ ## Health Check
35
+
36
+ ```bash
37
+ curl -i http://127.0.0.1:8765/healthz
38
+ ```
39
+
40
+ The health endpoint is secret-free:
41
+
42
+ ```json
43
+ {
44
+ "ok": true,
45
+ "transport": "http",
46
+ "tools": 1,
47
+ "mode": "read_only"
48
+ }
49
+ ```
50
+
51
+ ## List Tools
52
+
53
+ Unauthorized requests fail:
54
+
55
+ ```bash
56
+ curl -i \
57
+ -H "Content-Type: application/json" \
58
+ -d '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}' \
59
+ http://127.0.0.1:8765/mcp
60
+ ```
61
+
62
+ Authorized requests include the bearer token:
63
+
64
+ ```bash
65
+ curl -i \
66
+ -H "Authorization: Bearer dev-local-token" \
67
+ -H "Content-Type: application/json" \
68
+ -d '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}' \
69
+ http://127.0.0.1:8765/mcp
70
+ ```
71
+
72
+ The tool catalog should contain semantic tools such as:
73
+
74
+ ```text
75
+ billing.inspect_invoice
76
+ billing.propose_late_fee_waiver
77
+ ```
78
+
79
+ It should not contain:
80
+
81
+ ```text
82
+ execute_sql
83
+ raw_sql
84
+ approval tools
85
+ commit/apply tools
86
+ database URLs
87
+ write credentials
88
+ model-controlled tenant authority
89
+ arbitrary table or column names
90
+ ```
91
+
92
+ ## Call A Tool
93
+
94
+ ```bash
95
+ curl -i \
96
+ -H "Authorization: Bearer dev-local-token" \
97
+ -H "Content-Type: application/json" \
98
+ -d '{
99
+ "jsonrpc": "2.0",
100
+ "id": 2,
101
+ "method": "tools/call",
102
+ "params": {
103
+ "name": "billing.inspect_invoice",
104
+ "arguments": { "invoice_id": "INV-3001" }
105
+ }
106
+ }' \
107
+ http://127.0.0.1:8765/mcp
108
+ ```
109
+
110
+ The response includes scoped data, trusted context, evidence handles, and
111
+ `source_database_mutated: false`. The agent still does not receive SQL,
112
+ database credentials, or approval/commit authority.
113
+
114
+ ## Read Evidence Or Replay Resources
115
+
116
+ Use `resources/read` with a `synapsor://...` handle returned by a tool call:
117
+
118
+ ```bash
119
+ curl -i \
120
+ -H "Authorization: Bearer dev-local-token" \
121
+ -H "Content-Type: application/json" \
122
+ -d '{
123
+ "jsonrpc": "2.0",
124
+ "id": 3,
125
+ "method": "resources/read",
126
+ "params": { "uri": "synapsor://evidence/ev_..." }
127
+ }' \
128
+ http://127.0.0.1:8765/mcp
129
+ ```
130
+
131
+ ## CORS
132
+
133
+ CORS is disabled by default. If a local browser app needs access during
134
+ development, allow one explicit origin:
135
+
136
+ ```bash
137
+ synapsor mcp serve-http \
138
+ --config ./synapsor.runner.json \
139
+ --store ./.synapsor/local.db \
140
+ --cors-origin http://localhost:3000
141
+ ```
142
+
143
+ Do not use wildcard CORS for a model-facing database tool service.
144
+
145
+ ## Network Exposure
146
+
147
+ Synapsor Runner binds to `127.0.0.1` by default.
148
+
149
+ If you explicitly bind to all interfaces:
150
+
151
+ ```bash
152
+ synapsor mcp serve-http --host 0.0.0.0
153
+ ```
154
+
155
+ the CLI prints a warning. Treat this as a production-like service:
156
+
157
+ - keep bearer auth enabled;
158
+ - use TLS or a trusted reverse proxy;
159
+ - prefer private networking;
160
+ - add rate limits and request-size limits at the edge;
161
+ - do not log request bodies by default;
162
+ - rotate the bearer token if it is exposed.
163
+
164
+ `--dev-no-auth` is accepted only on `localhost` or `127.0.0.1`. It fails closed
165
+ with `--host 0.0.0.0`.
166
+
167
+ ## Trusted Context
168
+
169
+ Tenant and principal values must come from trusted configuration such as
170
+ environment variables or a server-side session. HTTP request arguments cannot
171
+ override trusted fields such as:
172
+
173
+ ```text
174
+ tenant_id
175
+ principal
176
+ principal_id
177
+ project_id
178
+ source_id
179
+ allowed_columns
180
+ approval_identity
181
+ ```
182
+
183
+ Use `read_only` mode first. Proposal/review mode should use a separate trusted
184
+ write path and a separate write credential. The model-facing HTTP MCP endpoint
185
+ must not receive write credentials.
186
+
187
+ ## OpenAI Agents SDK
188
+
189
+ See:
190
+
191
+ ```text
192
+ examples/openai-agents-http/
193
+ examples/openai-agents-stdio/
194
+ ```
195
+
196
+ The stdio example uses the MCP client integration from the OpenAI Agents SDK
197
+ when available. The HTTP example uses a minimal JSON-RPC client wrapped as an
198
+ OpenAI function tool because native HTTP MCP client support can vary by SDK
199
+ version. The boundary is the same: the agent calls a semantic Synapsor tool,
200
+ not raw SQL.
@@ -9,6 +9,14 @@ Command model:
9
9
  - From a source checkout, use `./bin/synapsor <command>` if the global binary is
10
10
  not linked yet.
11
11
 
12
+ `synapsor demo --quick` creates a fixture ledger for learning and CLI
13
+ verification. In a terminal it walks through the safety model step by step; in
14
+ CI or piped output it prints a short summary and exits without waiting for
15
+ Enter. It does not read or write external Postgres/MySQL. Local mode with
16
+ `synapsor mcp serve`, `synapsor demo`, or an own generated config is the real
17
+ Postgres/MySQL path. Use `synapsor demo inspect` to print the follow-up
18
+ commands for the quick-demo fixture.
19
+
12
20
  Current local-mode foundation:
13
21
 
14
22
  - strict JSON capability config validation in `packages/config`;
@@ -17,6 +25,7 @@ Current local-mode foundation:
17
25
  - local localhost proposal review UI through `synapsor ui`;
18
26
  - static MCP database risk review with `synapsor audit`;
19
27
  - local stdio MCP server with semantic read/proposal tools;
28
+ - authenticated HTTP MCP server for app/server agents;
20
29
  - MCP resource reads for `synapsor://proposals/*`, `synapsor://evidence/*`, and `synapsor://replay/*`;
21
30
  - local approved proposal to `synapsor.writeback-job.v1` job generation;
22
31
  - guarded Postgres/MySQL writeback adapters for approved structured jobs.
@@ -29,10 +38,6 @@ engine requirement and the CLI exits early with a clear message on older Node
29
38
  versions. The Docker-backed demo remains the recommended path when you do not
30
39
  want to change your host Node version.
31
40
 
32
- Commands in this page that use local ledger search/export or `synapsor store`
33
- require this checkout or package version `0.1.0-alpha.4` or newer while npm
34
- `@alpha` still points to an older alpha.
35
-
36
41
  ## Initialize a config
37
42
 
38
43
  Create a starter config without putting credentials in the file:
@@ -65,6 +70,31 @@ npx -y -p @synapsor/runner@alpha synapsor doctor --config synapsor.runner.json
65
70
  read/write credential separation, metadata visibility for configured targets,
66
71
  and the semantic MCP tool boundary without printing credential values.
67
72
 
73
+ ## Stdio Vs HTTP MCP
74
+
75
+ Use stdio for local MCP clients that launch Synapsor Runner:
76
+
77
+ ```bash
78
+ npx -y -p @synapsor/runner@alpha synapsor mcp serve \
79
+ --config ./synapsor.runner.json \
80
+ --store ./.synapsor/local.db
81
+ ```
82
+
83
+ Use HTTP when your app/server agent connects to a long-running Runner process:
84
+
85
+ ```bash
86
+ export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-local-token"
87
+
88
+ npx -y -p @synapsor/runner@alpha synapsor mcp serve-http \
89
+ --config ./synapsor.runner.json \
90
+ --store ./.synapsor/local.db \
91
+ --auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
92
+ ```
93
+
94
+ HTTP defaults to `127.0.0.1:8765`, requires bearer auth by default, and should
95
+ run behind private networking/TLS before production-like exposure. Details:
96
+ [HTTP MCP](http-mcp.md).
97
+
68
98
  ## Local safety modes
69
99
 
70
100
  The local runner modes are intentionally narrow:
@@ -191,6 +221,8 @@ npx -y -p @synapsor/runner@alpha synapsor replay export --proposal wrp_123 \
191
221
  ```
192
222
 
193
223
  Replay records include proposal metadata, before/after diff, events, writeback receipts, evidence summaries, and query audit rows currently stored for the proposal.
224
+ Human output is concise by default. Use `--details` for reviewer metadata or
225
+ `--json` for complete machine-readable records.
194
226
 
195
227
  ## Local evidence, query audit, and receipts
196
228
 
@@ -215,6 +247,10 @@ synapsor receipts list --proposal wrp_123 --store ./.synapsor/local.db
215
247
  synapsor receipts show <receipt_id> --store ./.synapsor/local.db
216
248
  ```
217
249
 
250
+ Default inspection output is intentionally short. Add `--details` when you need
251
+ target URIs, primary keys, proposal hash/version, conflict guards, query
252
+ fingerprints, event timestamps, or receipt internals.
253
+
218
254
  Read-only MCP tools record evidence bundles and query-audit rows and return an
219
255
  evidence handle. Use `evidence show`, `evidence list`, and `query-audit list`
220
256
  to inspect those captured rows and fingerprints later without rerunning the
package/docs/mcp-audit.md CHANGED
@@ -26,10 +26,6 @@ Built-in database MCP risk example:
26
26
  npx -y -p @synapsor/runner@alpha synapsor audit --example dangerous-db-mcp
27
27
  ```
28
28
 
29
- Markdown output requires this checkout or package version `0.1.0-alpha.4` or
30
- newer. Check `npm view @synapsor/runner@alpha version` before promoting npm
31
- snippets publicly.
32
-
33
29
  This bundled example does not require a source checkout or local examples file.
34
30
  It audits a deliberately risky database MCP shape with `execute_sql`,
35
31
  `run_query`, model-callable approval/update/delete tools, arbitrary
@@ -6,7 +6,10 @@ The primary local proof path is still the one-command Docker demo:
6
6
  ./scripts/demo-docker.sh
7
7
  ```
8
8
 
9
- Use this page after that demo passes and you want to attach a local MCP client. The tested integration contract here is stdio. Client-specific UIs change, so the checked-in examples verify config shape and `tools/list`, not every client screen.
9
+ Use this page after that demo passes and you want to attach a local MCP client.
10
+ The tested local-client contract here is stdio. HTTP MCP is available for
11
+ app/server deployments where your agent connects to a long-running Runner
12
+ service.
10
13
 
11
14
  Command examples use the published alpha package through `npx`. From a source
12
15
  checkout, use `./bin/synapsor ...` only when you intentionally want the local
@@ -24,6 +27,31 @@ Validate them with:
24
27
  corepack pnpm test:mcp-client-configs
25
28
  ```
26
29
 
30
+ ## Stdio Vs HTTP MCP
31
+
32
+ | Mode | Use when | Command |
33
+ | --- | --- | --- |
34
+ | stdio | Claude Desktop, Cursor, VS Code, or another local MCP client can launch Synapsor Runner | `synapsor mcp serve` |
35
+ | HTTP | Your app/server, Python agent, Node service, or container connects to a long-running Runner service | `synapsor mcp serve-http` |
36
+
37
+ Stdio keeps the MCP protocol on process stdin/stdout and is the simplest local
38
+ developer path. HTTP uses JSON-RPC over an authenticated `/mcp` endpoint and is
39
+ better for app/server deployments.
40
+
41
+ HTTP requires bearer auth by default:
42
+
43
+ ```bash
44
+ export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-local-token"
45
+
46
+ npx -y -p @synapsor/runner@alpha synapsor mcp serve-http \
47
+ --config ./synapsor.runner.json \
48
+ --store ./.synapsor/local.db \
49
+ --auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
50
+ ```
51
+
52
+ Use private networking/TLS before exposing HTTP MCP beyond localhost. Details:
53
+ [HTTP MCP](http-mcp.md).
54
+
27
55
  ## Generate A Client Snippet
28
56
 
29
57
  Print a snippet without modifying any client files:
@@ -77,6 +105,17 @@ npx -y -p @synapsor/runner@alpha synapsor mcp serve --config ./examples/mcp-post
77
105
 
78
106
  For the alpha package, keep the package tag explicit in client configuration.
79
107
 
108
+ For app/server HTTP mode:
109
+
110
+ ```bash
111
+ export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-local-token"
112
+
113
+ npx -y -p @synapsor/runner@alpha synapsor mcp serve-http \
114
+ --config ./examples/mcp-postgres-billing/synapsor.runner.json \
115
+ --store ./.synapsor/local.db \
116
+ --auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
117
+ ```
118
+
80
119
  ## Generic stdio Client
81
120
 
82
121
  ```json
@@ -0,0 +1,55 @@
1
+ # OpenAI Agents SDK + Synapsor Runner over HTTP
2
+
3
+ This example shows an OpenAI Agents SDK app calling a long-running Synapsor
4
+ Runner HTTP MCP service.
5
+
6
+ Use HTTP when your agent runs as an app/server and should connect to Runner
7
+ over a local/private network endpoint instead of launching a stdio child
8
+ process.
9
+
10
+ Native HTTP MCP client support can vary by SDK version. This example is honest
11
+ about that: it uses the OpenAI Agents SDK for the agent and wraps Synapsor's
12
+ HTTP MCP JSON-RPC endpoint as an OpenAI function tool.
13
+
14
+ The model still sees a semantic action. It does not receive raw SQL, database
15
+ URLs, write credentials, approval tools, or commit tools.
16
+
17
+ ## Terminal 1: Start Synapsor Runner HTTP MCP
18
+
19
+ ```bash
20
+ export DATABASE_URL="<postgres-or-mysql-read-url>"
21
+ export SYNAPSOR_TENANT_ID="acme"
22
+ export SYNAPSOR_PRINCIPAL="openai_agent_demo"
23
+ export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-token"
24
+
25
+ npx -y -p @synapsor/runner@alpha synapsor mcp serve-http \
26
+ --config ./synapsor.runner.json \
27
+ --store ./.synapsor/local.db \
28
+ --auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
29
+ ```
30
+
31
+ ## Terminal 2: Run The Agent
32
+
33
+ ```bash
34
+ python -m venv .venv
35
+ . .venv/bin/activate
36
+ pip install -r requirements.txt
37
+
38
+ export OPENAI_API_KEY="..."
39
+ export SYNAPSOR_RUNNER_HTTP_URL="http://127.0.0.1:8765/mcp"
40
+ export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-token"
41
+ export SYNAPSOR_INVOICE_ID="INV-3001"
42
+
43
+ python agent.py
44
+ ```
45
+
46
+ Expected behavior:
47
+
48
+ - the agent calls `billing.inspect_invoice` through Synapsor HTTP MCP;
49
+ - Synapsor applies trusted tenant/principal context from the server process;
50
+ - the response includes scoped data and evidence handles;
51
+ - no SQL/write/approval tool is exposed to the model;
52
+ - evidence/query audit are saved in the local Runner store.
53
+
54
+ For production-like deployment, keep HTTP MCP behind private networking/TLS,
55
+ bearer auth, and rate limits. See [HTTP MCP](../../docs/http-mcp.md).
@@ -0,0 +1,90 @@
1
+ import asyncio
2
+ import json
3
+ import os
4
+ import sys
5
+ import urllib.error
6
+ import urllib.request
7
+
8
+ try:
9
+ from agents import Agent, Runner, function_tool
10
+ except ImportError as exc:
11
+ raise SystemExit(
12
+ "This example requires the OpenAI Agents SDK. "
13
+ "Install with: pip install -r requirements.txt"
14
+ ) from exc
15
+
16
+
17
+ def call_synapsor_http_mcp(method: str, params: dict) -> dict:
18
+ url = os.environ.get("SYNAPSOR_RUNNER_HTTP_URL", "http://127.0.0.1:8765/mcp")
19
+ token = os.environ.get("SYNAPSOR_RUNNER_HTTP_TOKEN")
20
+ if not token:
21
+ raise RuntimeError("SYNAPSOR_RUNNER_HTTP_TOKEN is not set")
22
+
23
+ payload = json.dumps({
24
+ "jsonrpc": "2.0",
25
+ "id": 1,
26
+ "method": method,
27
+ "params": params,
28
+ }).encode("utf-8")
29
+ request = urllib.request.Request(
30
+ url,
31
+ data=payload,
32
+ method="POST",
33
+ headers={
34
+ "authorization": f"Bearer {token}",
35
+ "content-type": "application/json",
36
+ },
37
+ )
38
+ try:
39
+ with urllib.request.urlopen(request, timeout=15) as response:
40
+ body = response.read().decode("utf-8")
41
+ except urllib.error.HTTPError as exc:
42
+ body = exc.read().decode("utf-8")
43
+ raise RuntimeError(f"Synapsor HTTP MCP returned HTTP {exc.code}: {body}") from exc
44
+
45
+ parsed = json.loads(body)
46
+ if "error" in parsed:
47
+ raise RuntimeError(f"Synapsor HTTP MCP error: {parsed['error']}")
48
+ return parsed["result"]
49
+
50
+
51
+ @function_tool
52
+ def billing_inspect_invoice(invoice_id: str) -> str:
53
+ """Inspect one scoped invoice through Synapsor Runner HTTP MCP."""
54
+ result = call_synapsor_http_mcp("tools/call", {
55
+ "name": "billing.inspect_invoice",
56
+ "arguments": {"invoice_id": invoice_id},
57
+ })
58
+ return json.dumps(result.get("structuredContent", result), indent=2)
59
+
60
+
61
+ async def main() -> None:
62
+ required = ["OPENAI_API_KEY", "SYNAPSOR_RUNNER_HTTP_URL", "SYNAPSOR_RUNNER_HTTP_TOKEN"]
63
+ missing = [name for name in required if not os.environ.get(name)]
64
+ if missing:
65
+ raise SystemExit(f"Missing required environment variables: {', '.join(missing)}")
66
+
67
+ invoice_id = os.environ.get("SYNAPSOR_INVOICE_ID", "INV-3001")
68
+ agent = Agent(
69
+ name="Synapsor HTTP MCP demo agent",
70
+ instructions=(
71
+ "Use the billing_inspect_invoice tool to inspect scoped invoice data. "
72
+ "Do not claim that you can run SQL, approve proposals, or commit writes."
73
+ ),
74
+ tools=[billing_inspect_invoice],
75
+ )
76
+ result = await Runner.run(
77
+ agent,
78
+ (
79
+ f"Inspect invoice {invoice_id} using Synapsor. "
80
+ "Explain what you saw and whether you have write authority."
81
+ ),
82
+ )
83
+ print(result.final_output)
84
+
85
+
86
+ if __name__ == "__main__":
87
+ try:
88
+ asyncio.run(main())
89
+ except KeyboardInterrupt:
90
+ sys.exit(130)
@@ -0,0 +1 @@
1
+ openai-agents>=0.1.0