@synapsor/runner 0.1.0-alpha.4 → 0.1.0-alpha.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +193 -25
- package/dist/cli.d.ts.map +1 -1
- package/dist/runner.mjs +903 -80
- package/docs/README.md +32 -54
- package/docs/getting-started-own-database.md +40 -8
- package/docs/http-mcp.md +200 -0
- package/docs/local-mode.md +40 -4
- package/docs/mcp-audit.md +0 -4
- package/docs/mcp-client-setup.md +40 -1
- package/examples/openai-agents-http/README.md +55 -0
- package/examples/openai-agents-http/agent.py +90 -0
- package/examples/openai-agents-http/requirements.txt +1 -0
- package/examples/openai-agents-stdio/README.md +62 -0
- package/examples/openai-agents-stdio/agent.py +70 -0
- package/examples/openai-agents-stdio/requirements.txt +1 -0
- package/package.json +3 -1
- package/docs/MCP_RUNNER_IMPLEMENTATION_PLAN.md +0 -187
- package/docs/architecture.md +0 -65
- package/docs/capability-config.md +0 -180
- package/docs/cloud-mode.md +0 -140
- package/docs/config-migrations.md +0 -67
- package/docs/demo-transcript.md +0 -161
- package/docs/dependency-license-inventory.md +0 -35
- package/docs/first-10-minutes.md +0 -172
- package/docs/licensing.md +0 -38
- package/docs/local-ui.md +0 -163
- package/docs/mcp-efficiency-benchmark.md +0 -84
- package/docs/open-source-feature-inventory.md +0 -254
- package/docs/operations.md +0 -38
- package/docs/own-db-20-minutes.md +0 -185
- package/docs/production-readiness.md +0 -39
- package/docs/protocol.md +0 -90
- package/docs/roadmap.md +0 -13
- package/docs/schema-inspection.md +0 -88
- package/docs/shadow-mode.md +0 -67
- package/docs/telemetry.md +0 -28
- package/docs/threat-model.md +0 -25
- package/docs/trusted-context.md +0 -70
package/docs/README.md
CHANGED
|
@@ -1,56 +1,34 @@
|
|
|
1
1
|
# Synapsor Runner Docs
|
|
2
2
|
|
|
3
|
-
Start with the
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
`mcp serve` and local UI commands.
|
|
36
|
-
|
|
37
|
-
For disposable dev RDS databases with local CA issues:
|
|
38
|
-
|
|
39
|
-
```bash
|
|
40
|
-
./scripts/use-your-db.sh --allow-insecure-ssl
|
|
41
|
-
```
|
|
42
|
-
|
|
43
|
-
Use certificate verification with the database CA bundle for real staging or
|
|
44
|
-
production-like databases.
|
|
45
|
-
|
|
46
|
-
Read: [Connect Your Own Database](getting-started-own-database.md).
|
|
47
|
-
|
|
48
|
-
## Important References
|
|
49
|
-
|
|
50
|
-
- [Schema Inspection](schema-inspection.md)
|
|
51
|
-
- [MCP Client Setup](mcp-client-setup.md)
|
|
52
|
-
- [Capability Config](capability-config.md)
|
|
53
|
-
- [Local UI](local-ui.md)
|
|
54
|
-
- [Writeback Executors](writeback-executors.md)
|
|
55
|
-
- [Security Boundary](security-boundary.md)
|
|
56
|
-
- [Current Scope And Limitations](limitations.md)
|
|
3
|
+
Start with the README. Use these docs only when you need the next level of
|
|
4
|
+
detail.
|
|
5
|
+
|
|
6
|
+
## First Setup
|
|
7
|
+
|
|
8
|
+
- [Connect Your Own Database](getting-started-own-database.md): inspect a
|
|
9
|
+
staging Postgres/MySQL database, generate `synapsor.runner.json`, preview
|
|
10
|
+
semantic tools, and serve them over MCP.
|
|
11
|
+
- [MCP Client Setup](mcp-client-setup.md): connect Claude, Cursor, VS Code, or
|
|
12
|
+
another stdio MCP client.
|
|
13
|
+
- [HTTP MCP](http-mcp.md): run Synapsor Runner as an authenticated HTTP MCP
|
|
14
|
+
service for app/server agents.
|
|
15
|
+
|
|
16
|
+
## Safety And Operations
|
|
17
|
+
|
|
18
|
+
- [Security Boundary](security-boundary.md): what the model can and cannot see.
|
|
19
|
+
- [Current Limitations](limitations.md): current alpha scope.
|
|
20
|
+
- [Troubleshooting First Run](troubleshooting-first-run.md): common setup
|
|
21
|
+
failures and fixes.
|
|
22
|
+
- [Local Mode](local-mode.md): local store, proposals, approval, replay, and
|
|
23
|
+
writeback flow.
|
|
24
|
+
|
|
25
|
+
## Features
|
|
26
|
+
|
|
27
|
+
- [MCP Audit](mcp-audit.md): static risk review for database MCP tools.
|
|
28
|
+
- [Recipes](recipes.md): starter business-capability templates.
|
|
29
|
+
- [Writeback Executors](writeback-executors.md): app-owned writeback handlers
|
|
30
|
+
for approved proposals.
|
|
31
|
+
|
|
32
|
+
The public docs intentionally stay small. Historical implementation reports,
|
|
33
|
+
release checklists, and internal planning notes are not part of the public
|
|
34
|
+
getting-started path.
|
|
@@ -7,6 +7,11 @@ Do not start with your most sensitive production database. The current alpha
|
|
|
7
7
|
runner is a local commit-safety runtime for reviewed single-row business
|
|
8
8
|
actions, not a production certification.
|
|
9
9
|
|
|
10
|
+
If you only ran `synapsor demo --quick`, you have tested the fixture-only
|
|
11
|
+
teaching path and local ledger commands. This page is the real own-database
|
|
12
|
+
path: it inspects your Postgres/MySQL metadata and generates reviewed semantic
|
|
13
|
+
tools from your selections.
|
|
14
|
+
|
|
10
15
|
## Fast path
|
|
11
16
|
|
|
12
17
|
Set one read-only database URL and run the wrapper from this repo:
|
|
@@ -128,10 +133,17 @@ In an interactive terminal, run the guided wizard:
|
|
|
128
133
|
npx -y -p @synapsor/runner@alpha synapsor init --from-env DATABASE_URL --mode read_only --wizard
|
|
129
134
|
```
|
|
130
135
|
|
|
131
|
-
The generated capabilities are based on your selections. Synapsor
|
|
132
|
-
not force billing, support, order, or any other built-in domain.
|
|
133
|
-
|
|
134
|
-
|
|
136
|
+
The generated context and capabilities are based on your selections. Synapsor
|
|
137
|
+
Runner does not force billing, support, order, or any other built-in domain.
|
|
138
|
+
The local shape is:
|
|
139
|
+
|
|
140
|
+
```text
|
|
141
|
+
trusted context -> capability -> MCP tool
|
|
142
|
+
```
|
|
143
|
+
|
|
144
|
+
You choose the source object, trusted tenant/principal bindings, namespace,
|
|
145
|
+
object name, lookup argument, visible fields, proposal fields, guards, and
|
|
146
|
+
approval role.
|
|
135
147
|
|
|
136
148
|
Start with `read_only` to prove safe database reads first. Use `--mode review`
|
|
137
149
|
when you are ready to create proposal tools and guarded writeback setup.
|
|
@@ -141,9 +153,10 @@ The wizard:
|
|
|
141
153
|
- asks for the engine and read URL environment-variable name;
|
|
142
154
|
- tests read connectivity through schema inspection;
|
|
143
155
|
- lists discovered schemas and tables/views;
|
|
144
|
-
- asks
|
|
145
|
-
|
|
146
|
-
|
|
156
|
+
- asks which source object backs the local context;
|
|
157
|
+
- asks which tenant/scope column and backend session env vars are trusted;
|
|
158
|
+
- asks you to confirm primary key, conflict/version column, visible columns,
|
|
159
|
+
mode, semantic capability names, and proposal patch mappings;
|
|
147
160
|
- previews the MCP tools and what is not exposed;
|
|
148
161
|
- writes the generated config, `.env.example`, and MCP client snippets only
|
|
149
162
|
after final confirmation.
|
|
@@ -302,12 +315,31 @@ npx -y -p @synapsor/runner@alpha synapsor doctor --config synapsor.runner.json -
|
|
|
302
315
|
|
|
303
316
|
## 8. Serve semantic MCP tools
|
|
304
317
|
|
|
318
|
+
Use stdio when a local MCP client can launch Synapsor Runner:
|
|
319
|
+
|
|
305
320
|
```bash
|
|
306
321
|
export SYNAPSOR_TENANT_ID="acme"
|
|
307
322
|
export SYNAPSOR_PRINCIPAL="local_operator"
|
|
308
323
|
npx -y -p @synapsor/runner@alpha synapsor mcp serve --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
309
324
|
```
|
|
310
325
|
|
|
326
|
+
Use HTTP when an app/server agent connects to a long-running Runner process:
|
|
327
|
+
|
|
328
|
+
```bash
|
|
329
|
+
export SYNAPSOR_TENANT_ID="acme"
|
|
330
|
+
export SYNAPSOR_PRINCIPAL="local_operator"
|
|
331
|
+
export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-local-token"
|
|
332
|
+
|
|
333
|
+
npx -y -p @synapsor/runner@alpha synapsor mcp serve-http \
|
|
334
|
+
--config ./synapsor.runner.json \
|
|
335
|
+
--store ./.synapsor/local.db \
|
|
336
|
+
--auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
|
|
337
|
+
```
|
|
338
|
+
|
|
339
|
+
HTTP defaults to `127.0.0.1:8765` and requires bearer auth by default. Use
|
|
340
|
+
private networking/TLS before exposing it beyond localhost. See
|
|
341
|
+
[HTTP MCP](http-mcp.md).
|
|
342
|
+
|
|
311
343
|
The model-facing MCP server exposes semantic tools such as:
|
|
312
344
|
|
|
313
345
|
```text
|
|
@@ -349,7 +381,7 @@ payload, not arbitrary model SQL:
|
|
|
349
381
|
npx -y -p @synapsor/runner@alpha synapsor apply --proposal wrp_123 --config synapsor.runner.json --store ./.synapsor/local.db
|
|
350
382
|
```
|
|
351
383
|
|
|
352
|
-
See
|
|
384
|
+
See [Writeback Executors](writeback-executors.md).
|
|
353
385
|
|
|
354
386
|
Replay afterward:
|
|
355
387
|
|
package/docs/http-mcp.md
ADDED
|
@@ -0,0 +1,200 @@
|
|
|
1
|
+
# HTTP MCP
|
|
2
|
+
|
|
3
|
+
Use HTTP MCP when an app, server-side agent, container, or Python/Node process
|
|
4
|
+
needs to connect to a long-running Synapsor Runner service.
|
|
5
|
+
|
|
6
|
+
Use stdio MCP when a local MCP client such as Claude Desktop, Cursor, or a
|
|
7
|
+
local agent tool can launch Synapsor Runner directly.
|
|
8
|
+
|
|
9
|
+
## Start The HTTP Server
|
|
10
|
+
|
|
11
|
+
```bash
|
|
12
|
+
export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-local-token"
|
|
13
|
+
|
|
14
|
+
synapsor mcp serve-http \
|
|
15
|
+
--host 127.0.0.1 \
|
|
16
|
+
--port 8765 \
|
|
17
|
+
--config ./synapsor.runner.json \
|
|
18
|
+
--store ./.synapsor/local.db \
|
|
19
|
+
--auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
Defaults:
|
|
23
|
+
|
|
24
|
+
```text
|
|
25
|
+
host: 127.0.0.1
|
|
26
|
+
port: 8765
|
|
27
|
+
auth: bearer token required
|
|
28
|
+
cors: disabled
|
|
29
|
+
```
|
|
30
|
+
|
|
31
|
+
Startup output prints the URL, config path, store path, and token environment
|
|
32
|
+
variable name. It does not print token values or database URLs.
|
|
33
|
+
|
|
34
|
+
## Health Check
|
|
35
|
+
|
|
36
|
+
```bash
|
|
37
|
+
curl -i http://127.0.0.1:8765/healthz
|
|
38
|
+
```
|
|
39
|
+
|
|
40
|
+
The health endpoint is secret-free:
|
|
41
|
+
|
|
42
|
+
```json
|
|
43
|
+
{
|
|
44
|
+
"ok": true,
|
|
45
|
+
"transport": "http",
|
|
46
|
+
"tools": 1,
|
|
47
|
+
"mode": "read_only"
|
|
48
|
+
}
|
|
49
|
+
```
|
|
50
|
+
|
|
51
|
+
## List Tools
|
|
52
|
+
|
|
53
|
+
Unauthorized requests fail:
|
|
54
|
+
|
|
55
|
+
```bash
|
|
56
|
+
curl -i \
|
|
57
|
+
-H "Content-Type: application/json" \
|
|
58
|
+
-d '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}' \
|
|
59
|
+
http://127.0.0.1:8765/mcp
|
|
60
|
+
```
|
|
61
|
+
|
|
62
|
+
Authorized requests include the bearer token:
|
|
63
|
+
|
|
64
|
+
```bash
|
|
65
|
+
curl -i \
|
|
66
|
+
-H "Authorization: Bearer dev-local-token" \
|
|
67
|
+
-H "Content-Type: application/json" \
|
|
68
|
+
-d '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}' \
|
|
69
|
+
http://127.0.0.1:8765/mcp
|
|
70
|
+
```
|
|
71
|
+
|
|
72
|
+
The tool catalog should contain semantic tools such as:
|
|
73
|
+
|
|
74
|
+
```text
|
|
75
|
+
billing.inspect_invoice
|
|
76
|
+
billing.propose_late_fee_waiver
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
It should not contain:
|
|
80
|
+
|
|
81
|
+
```text
|
|
82
|
+
execute_sql
|
|
83
|
+
raw_sql
|
|
84
|
+
approval tools
|
|
85
|
+
commit/apply tools
|
|
86
|
+
database URLs
|
|
87
|
+
write credentials
|
|
88
|
+
model-controlled tenant authority
|
|
89
|
+
arbitrary table or column names
|
|
90
|
+
```
|
|
91
|
+
|
|
92
|
+
## Call A Tool
|
|
93
|
+
|
|
94
|
+
```bash
|
|
95
|
+
curl -i \
|
|
96
|
+
-H "Authorization: Bearer dev-local-token" \
|
|
97
|
+
-H "Content-Type: application/json" \
|
|
98
|
+
-d '{
|
|
99
|
+
"jsonrpc": "2.0",
|
|
100
|
+
"id": 2,
|
|
101
|
+
"method": "tools/call",
|
|
102
|
+
"params": {
|
|
103
|
+
"name": "billing.inspect_invoice",
|
|
104
|
+
"arguments": { "invoice_id": "INV-3001" }
|
|
105
|
+
}
|
|
106
|
+
}' \
|
|
107
|
+
http://127.0.0.1:8765/mcp
|
|
108
|
+
```
|
|
109
|
+
|
|
110
|
+
The response includes scoped data, trusted context, evidence handles, and
|
|
111
|
+
`source_database_mutated: false`. The agent still does not receive SQL,
|
|
112
|
+
database credentials, or approval/commit authority.
|
|
113
|
+
|
|
114
|
+
## Read Evidence Or Replay Resources
|
|
115
|
+
|
|
116
|
+
Use `resources/read` with a `synapsor://...` handle returned by a tool call:
|
|
117
|
+
|
|
118
|
+
```bash
|
|
119
|
+
curl -i \
|
|
120
|
+
-H "Authorization: Bearer dev-local-token" \
|
|
121
|
+
-H "Content-Type: application/json" \
|
|
122
|
+
-d '{
|
|
123
|
+
"jsonrpc": "2.0",
|
|
124
|
+
"id": 3,
|
|
125
|
+
"method": "resources/read",
|
|
126
|
+
"params": { "uri": "synapsor://evidence/ev_..." }
|
|
127
|
+
}' \
|
|
128
|
+
http://127.0.0.1:8765/mcp
|
|
129
|
+
```
|
|
130
|
+
|
|
131
|
+
## CORS
|
|
132
|
+
|
|
133
|
+
CORS is disabled by default. If a local browser app needs access during
|
|
134
|
+
development, allow one explicit origin:
|
|
135
|
+
|
|
136
|
+
```bash
|
|
137
|
+
synapsor mcp serve-http \
|
|
138
|
+
--config ./synapsor.runner.json \
|
|
139
|
+
--store ./.synapsor/local.db \
|
|
140
|
+
--cors-origin http://localhost:3000
|
|
141
|
+
```
|
|
142
|
+
|
|
143
|
+
Do not use wildcard CORS for a model-facing database tool service.
|
|
144
|
+
|
|
145
|
+
## Network Exposure
|
|
146
|
+
|
|
147
|
+
Synapsor Runner binds to `127.0.0.1` by default.
|
|
148
|
+
|
|
149
|
+
If you explicitly bind to all interfaces:
|
|
150
|
+
|
|
151
|
+
```bash
|
|
152
|
+
synapsor mcp serve-http --host 0.0.0.0
|
|
153
|
+
```
|
|
154
|
+
|
|
155
|
+
the CLI prints a warning. Treat this as a production-like service:
|
|
156
|
+
|
|
157
|
+
- keep bearer auth enabled;
|
|
158
|
+
- use TLS or a trusted reverse proxy;
|
|
159
|
+
- prefer private networking;
|
|
160
|
+
- add rate limits and request-size limits at the edge;
|
|
161
|
+
- do not log request bodies by default;
|
|
162
|
+
- rotate the bearer token if it is exposed.
|
|
163
|
+
|
|
164
|
+
`--dev-no-auth` is accepted only on `localhost` or `127.0.0.1`. It fails closed
|
|
165
|
+
with `--host 0.0.0.0`.
|
|
166
|
+
|
|
167
|
+
## Trusted Context
|
|
168
|
+
|
|
169
|
+
Tenant and principal values must come from trusted configuration such as
|
|
170
|
+
environment variables or a server-side session. HTTP request arguments cannot
|
|
171
|
+
override trusted fields such as:
|
|
172
|
+
|
|
173
|
+
```text
|
|
174
|
+
tenant_id
|
|
175
|
+
principal
|
|
176
|
+
principal_id
|
|
177
|
+
project_id
|
|
178
|
+
source_id
|
|
179
|
+
allowed_columns
|
|
180
|
+
approval_identity
|
|
181
|
+
```
|
|
182
|
+
|
|
183
|
+
Use `read_only` mode first. Proposal/review mode should use a separate trusted
|
|
184
|
+
write path and a separate write credential. The model-facing HTTP MCP endpoint
|
|
185
|
+
must not receive write credentials.
|
|
186
|
+
|
|
187
|
+
## OpenAI Agents SDK
|
|
188
|
+
|
|
189
|
+
See:
|
|
190
|
+
|
|
191
|
+
```text
|
|
192
|
+
examples/openai-agents-http/
|
|
193
|
+
examples/openai-agents-stdio/
|
|
194
|
+
```
|
|
195
|
+
|
|
196
|
+
The stdio example uses the MCP client integration from the OpenAI Agents SDK
|
|
197
|
+
when available. The HTTP example uses a minimal JSON-RPC client wrapped as an
|
|
198
|
+
OpenAI function tool because native HTTP MCP client support can vary by SDK
|
|
199
|
+
version. The boundary is the same: the agent calls a semantic Synapsor tool,
|
|
200
|
+
not raw SQL.
|
package/docs/local-mode.md
CHANGED
|
@@ -9,6 +9,14 @@ Command model:
|
|
|
9
9
|
- From a source checkout, use `./bin/synapsor <command>` if the global binary is
|
|
10
10
|
not linked yet.
|
|
11
11
|
|
|
12
|
+
`synapsor demo --quick` creates a fixture ledger for learning and CLI
|
|
13
|
+
verification. In a terminal it walks through the safety model step by step; in
|
|
14
|
+
CI or piped output it prints a short summary and exits without waiting for
|
|
15
|
+
Enter. It does not read or write external Postgres/MySQL. Local mode with
|
|
16
|
+
`synapsor mcp serve`, `synapsor demo`, or an own generated config is the real
|
|
17
|
+
Postgres/MySQL path. Use `synapsor demo inspect` to print the follow-up
|
|
18
|
+
commands for the quick-demo fixture.
|
|
19
|
+
|
|
12
20
|
Current local-mode foundation:
|
|
13
21
|
|
|
14
22
|
- strict JSON capability config validation in `packages/config`;
|
|
@@ -17,6 +25,7 @@ Current local-mode foundation:
|
|
|
17
25
|
- local localhost proposal review UI through `synapsor ui`;
|
|
18
26
|
- static MCP database risk review with `synapsor audit`;
|
|
19
27
|
- local stdio MCP server with semantic read/proposal tools;
|
|
28
|
+
- authenticated HTTP MCP server for app/server agents;
|
|
20
29
|
- MCP resource reads for `synapsor://proposals/*`, `synapsor://evidence/*`, and `synapsor://replay/*`;
|
|
21
30
|
- local approved proposal to `synapsor.writeback-job.v1` job generation;
|
|
22
31
|
- guarded Postgres/MySQL writeback adapters for approved structured jobs.
|
|
@@ -29,10 +38,6 @@ engine requirement and the CLI exits early with a clear message on older Node
|
|
|
29
38
|
versions. The Docker-backed demo remains the recommended path when you do not
|
|
30
39
|
want to change your host Node version.
|
|
31
40
|
|
|
32
|
-
Commands in this page that use local ledger search/export or `synapsor store`
|
|
33
|
-
require this checkout or package version `0.1.0-alpha.4` or newer while npm
|
|
34
|
-
`@alpha` still points to an older alpha.
|
|
35
|
-
|
|
36
41
|
## Initialize a config
|
|
37
42
|
|
|
38
43
|
Create a starter config without putting credentials in the file:
|
|
@@ -65,6 +70,31 @@ npx -y -p @synapsor/runner@alpha synapsor doctor --config synapsor.runner.json
|
|
|
65
70
|
read/write credential separation, metadata visibility for configured targets,
|
|
66
71
|
and the semantic MCP tool boundary without printing credential values.
|
|
67
72
|
|
|
73
|
+
## Stdio Vs HTTP MCP
|
|
74
|
+
|
|
75
|
+
Use stdio for local MCP clients that launch Synapsor Runner:
|
|
76
|
+
|
|
77
|
+
```bash
|
|
78
|
+
npx -y -p @synapsor/runner@alpha synapsor mcp serve \
|
|
79
|
+
--config ./synapsor.runner.json \
|
|
80
|
+
--store ./.synapsor/local.db
|
|
81
|
+
```
|
|
82
|
+
|
|
83
|
+
Use HTTP when your app/server agent connects to a long-running Runner process:
|
|
84
|
+
|
|
85
|
+
```bash
|
|
86
|
+
export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-local-token"
|
|
87
|
+
|
|
88
|
+
npx -y -p @synapsor/runner@alpha synapsor mcp serve-http \
|
|
89
|
+
--config ./synapsor.runner.json \
|
|
90
|
+
--store ./.synapsor/local.db \
|
|
91
|
+
--auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
|
|
92
|
+
```
|
|
93
|
+
|
|
94
|
+
HTTP defaults to `127.0.0.1:8765`, requires bearer auth by default, and should
|
|
95
|
+
run behind private networking/TLS before production-like exposure. Details:
|
|
96
|
+
[HTTP MCP](http-mcp.md).
|
|
97
|
+
|
|
68
98
|
## Local safety modes
|
|
69
99
|
|
|
70
100
|
The local runner modes are intentionally narrow:
|
|
@@ -191,6 +221,8 @@ npx -y -p @synapsor/runner@alpha synapsor replay export --proposal wrp_123 \
|
|
|
191
221
|
```
|
|
192
222
|
|
|
193
223
|
Replay records include proposal metadata, before/after diff, events, writeback receipts, evidence summaries, and query audit rows currently stored for the proposal.
|
|
224
|
+
Human output is concise by default. Use `--details` for reviewer metadata or
|
|
225
|
+
`--json` for complete machine-readable records.
|
|
194
226
|
|
|
195
227
|
## Local evidence, query audit, and receipts
|
|
196
228
|
|
|
@@ -215,6 +247,10 @@ synapsor receipts list --proposal wrp_123 --store ./.synapsor/local.db
|
|
|
215
247
|
synapsor receipts show <receipt_id> --store ./.synapsor/local.db
|
|
216
248
|
```
|
|
217
249
|
|
|
250
|
+
Default inspection output is intentionally short. Add `--details` when you need
|
|
251
|
+
target URIs, primary keys, proposal hash/version, conflict guards, query
|
|
252
|
+
fingerprints, event timestamps, or receipt internals.
|
|
253
|
+
|
|
218
254
|
Read-only MCP tools record evidence bundles and query-audit rows and return an
|
|
219
255
|
evidence handle. Use `evidence show`, `evidence list`, and `query-audit list`
|
|
220
256
|
to inspect those captured rows and fingerprints later without rerunning the
|
package/docs/mcp-audit.md
CHANGED
|
@@ -26,10 +26,6 @@ Built-in database MCP risk example:
|
|
|
26
26
|
npx -y -p @synapsor/runner@alpha synapsor audit --example dangerous-db-mcp
|
|
27
27
|
```
|
|
28
28
|
|
|
29
|
-
Markdown output requires this checkout or package version `0.1.0-alpha.4` or
|
|
30
|
-
newer. Check `npm view @synapsor/runner@alpha version` before promoting npm
|
|
31
|
-
snippets publicly.
|
|
32
|
-
|
|
33
29
|
This bundled example does not require a source checkout or local examples file.
|
|
34
30
|
It audits a deliberately risky database MCP shape with `execute_sql`,
|
|
35
31
|
`run_query`, model-callable approval/update/delete tools, arbitrary
|
package/docs/mcp-client-setup.md
CHANGED
|
@@ -6,7 +6,10 @@ The primary local proof path is still the one-command Docker demo:
|
|
|
6
6
|
./scripts/demo-docker.sh
|
|
7
7
|
```
|
|
8
8
|
|
|
9
|
-
Use this page after that demo passes and you want to attach a local MCP client.
|
|
9
|
+
Use this page after that demo passes and you want to attach a local MCP client.
|
|
10
|
+
The tested local-client contract here is stdio. HTTP MCP is available for
|
|
11
|
+
app/server deployments where your agent connects to a long-running Runner
|
|
12
|
+
service.
|
|
10
13
|
|
|
11
14
|
Command examples use the published alpha package through `npx`. From a source
|
|
12
15
|
checkout, use `./bin/synapsor ...` only when you intentionally want the local
|
|
@@ -24,6 +27,31 @@ Validate them with:
|
|
|
24
27
|
corepack pnpm test:mcp-client-configs
|
|
25
28
|
```
|
|
26
29
|
|
|
30
|
+
## Stdio Vs HTTP MCP
|
|
31
|
+
|
|
32
|
+
| Mode | Use when | Command |
|
|
33
|
+
| --- | --- | --- |
|
|
34
|
+
| stdio | Claude Desktop, Cursor, VS Code, or another local MCP client can launch Synapsor Runner | `synapsor mcp serve` |
|
|
35
|
+
| HTTP | Your app/server, Python agent, Node service, or container connects to a long-running Runner service | `synapsor mcp serve-http` |
|
|
36
|
+
|
|
37
|
+
Stdio keeps the MCP protocol on process stdin/stdout and is the simplest local
|
|
38
|
+
developer path. HTTP uses JSON-RPC over an authenticated `/mcp` endpoint and is
|
|
39
|
+
better for app/server deployments.
|
|
40
|
+
|
|
41
|
+
HTTP requires bearer auth by default:
|
|
42
|
+
|
|
43
|
+
```bash
|
|
44
|
+
export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-local-token"
|
|
45
|
+
|
|
46
|
+
npx -y -p @synapsor/runner@alpha synapsor mcp serve-http \
|
|
47
|
+
--config ./synapsor.runner.json \
|
|
48
|
+
--store ./.synapsor/local.db \
|
|
49
|
+
--auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
|
|
50
|
+
```
|
|
51
|
+
|
|
52
|
+
Use private networking/TLS before exposing HTTP MCP beyond localhost. Details:
|
|
53
|
+
[HTTP MCP](http-mcp.md).
|
|
54
|
+
|
|
27
55
|
## Generate A Client Snippet
|
|
28
56
|
|
|
29
57
|
Print a snippet without modifying any client files:
|
|
@@ -77,6 +105,17 @@ npx -y -p @synapsor/runner@alpha synapsor mcp serve --config ./examples/mcp-post
|
|
|
77
105
|
|
|
78
106
|
For the alpha package, keep the package tag explicit in client configuration.
|
|
79
107
|
|
|
108
|
+
For app/server HTTP mode:
|
|
109
|
+
|
|
110
|
+
```bash
|
|
111
|
+
export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-local-token"
|
|
112
|
+
|
|
113
|
+
npx -y -p @synapsor/runner@alpha synapsor mcp serve-http \
|
|
114
|
+
--config ./examples/mcp-postgres-billing/synapsor.runner.json \
|
|
115
|
+
--store ./.synapsor/local.db \
|
|
116
|
+
--auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
|
|
117
|
+
```
|
|
118
|
+
|
|
80
119
|
## Generic stdio Client
|
|
81
120
|
|
|
82
121
|
```json
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
# OpenAI Agents SDK + Synapsor Runner over HTTP
|
|
2
|
+
|
|
3
|
+
This example shows an OpenAI Agents SDK app calling a long-running Synapsor
|
|
4
|
+
Runner HTTP MCP service.
|
|
5
|
+
|
|
6
|
+
Use HTTP when your agent runs as an app/server and should connect to Runner
|
|
7
|
+
over a local/private network endpoint instead of launching a stdio child
|
|
8
|
+
process.
|
|
9
|
+
|
|
10
|
+
Native HTTP MCP client support can vary by SDK version. This example is honest
|
|
11
|
+
about that: it uses the OpenAI Agents SDK for the agent and wraps Synapsor's
|
|
12
|
+
HTTP MCP JSON-RPC endpoint as an OpenAI function tool.
|
|
13
|
+
|
|
14
|
+
The model still sees a semantic action. It does not receive raw SQL, database
|
|
15
|
+
URLs, write credentials, approval tools, or commit tools.
|
|
16
|
+
|
|
17
|
+
## Terminal 1: Start Synapsor Runner HTTP MCP
|
|
18
|
+
|
|
19
|
+
```bash
|
|
20
|
+
export DATABASE_URL="<postgres-or-mysql-read-url>"
|
|
21
|
+
export SYNAPSOR_TENANT_ID="acme"
|
|
22
|
+
export SYNAPSOR_PRINCIPAL="openai_agent_demo"
|
|
23
|
+
export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-token"
|
|
24
|
+
|
|
25
|
+
npx -y -p @synapsor/runner@alpha synapsor mcp serve-http \
|
|
26
|
+
--config ./synapsor.runner.json \
|
|
27
|
+
--store ./.synapsor/local.db \
|
|
28
|
+
--auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
|
|
29
|
+
```
|
|
30
|
+
|
|
31
|
+
## Terminal 2: Run The Agent
|
|
32
|
+
|
|
33
|
+
```bash
|
|
34
|
+
python -m venv .venv
|
|
35
|
+
. .venv/bin/activate
|
|
36
|
+
pip install -r requirements.txt
|
|
37
|
+
|
|
38
|
+
export OPENAI_API_KEY="..."
|
|
39
|
+
export SYNAPSOR_RUNNER_HTTP_URL="http://127.0.0.1:8765/mcp"
|
|
40
|
+
export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-token"
|
|
41
|
+
export SYNAPSOR_INVOICE_ID="INV-3001"
|
|
42
|
+
|
|
43
|
+
python agent.py
|
|
44
|
+
```
|
|
45
|
+
|
|
46
|
+
Expected behavior:
|
|
47
|
+
|
|
48
|
+
- the agent calls `billing.inspect_invoice` through Synapsor HTTP MCP;
|
|
49
|
+
- Synapsor applies trusted tenant/principal context from the server process;
|
|
50
|
+
- the response includes scoped data and evidence handles;
|
|
51
|
+
- no SQL/write/approval tool is exposed to the model;
|
|
52
|
+
- evidence/query audit are saved in the local Runner store.
|
|
53
|
+
|
|
54
|
+
For production-like deployment, keep HTTP MCP behind private networking/TLS,
|
|
55
|
+
bearer auth, and rate limits. See [HTTP MCP](../../docs/http-mcp.md).
|
|
@@ -0,0 +1,90 @@
|
|
|
1
|
+
import asyncio
|
|
2
|
+
import json
|
|
3
|
+
import os
|
|
4
|
+
import sys
|
|
5
|
+
import urllib.error
|
|
6
|
+
import urllib.request
|
|
7
|
+
|
|
8
|
+
try:
|
|
9
|
+
from agents import Agent, Runner, function_tool
|
|
10
|
+
except ImportError as exc:
|
|
11
|
+
raise SystemExit(
|
|
12
|
+
"This example requires the OpenAI Agents SDK. "
|
|
13
|
+
"Install with: pip install -r requirements.txt"
|
|
14
|
+
) from exc
|
|
15
|
+
|
|
16
|
+
|
|
17
|
+
def call_synapsor_http_mcp(method: str, params: dict) -> dict:
|
|
18
|
+
url = os.environ.get("SYNAPSOR_RUNNER_HTTP_URL", "http://127.0.0.1:8765/mcp")
|
|
19
|
+
token = os.environ.get("SYNAPSOR_RUNNER_HTTP_TOKEN")
|
|
20
|
+
if not token:
|
|
21
|
+
raise RuntimeError("SYNAPSOR_RUNNER_HTTP_TOKEN is not set")
|
|
22
|
+
|
|
23
|
+
payload = json.dumps({
|
|
24
|
+
"jsonrpc": "2.0",
|
|
25
|
+
"id": 1,
|
|
26
|
+
"method": method,
|
|
27
|
+
"params": params,
|
|
28
|
+
}).encode("utf-8")
|
|
29
|
+
request = urllib.request.Request(
|
|
30
|
+
url,
|
|
31
|
+
data=payload,
|
|
32
|
+
method="POST",
|
|
33
|
+
headers={
|
|
34
|
+
"authorization": f"Bearer {token}",
|
|
35
|
+
"content-type": "application/json",
|
|
36
|
+
},
|
|
37
|
+
)
|
|
38
|
+
try:
|
|
39
|
+
with urllib.request.urlopen(request, timeout=15) as response:
|
|
40
|
+
body = response.read().decode("utf-8")
|
|
41
|
+
except urllib.error.HTTPError as exc:
|
|
42
|
+
body = exc.read().decode("utf-8")
|
|
43
|
+
raise RuntimeError(f"Synapsor HTTP MCP returned HTTP {exc.code}: {body}") from exc
|
|
44
|
+
|
|
45
|
+
parsed = json.loads(body)
|
|
46
|
+
if "error" in parsed:
|
|
47
|
+
raise RuntimeError(f"Synapsor HTTP MCP error: {parsed['error']}")
|
|
48
|
+
return parsed["result"]
|
|
49
|
+
|
|
50
|
+
|
|
51
|
+
@function_tool
|
|
52
|
+
def billing_inspect_invoice(invoice_id: str) -> str:
|
|
53
|
+
"""Inspect one scoped invoice through Synapsor Runner HTTP MCP."""
|
|
54
|
+
result = call_synapsor_http_mcp("tools/call", {
|
|
55
|
+
"name": "billing.inspect_invoice",
|
|
56
|
+
"arguments": {"invoice_id": invoice_id},
|
|
57
|
+
})
|
|
58
|
+
return json.dumps(result.get("structuredContent", result), indent=2)
|
|
59
|
+
|
|
60
|
+
|
|
61
|
+
async def main() -> None:
|
|
62
|
+
required = ["OPENAI_API_KEY", "SYNAPSOR_RUNNER_HTTP_URL", "SYNAPSOR_RUNNER_HTTP_TOKEN"]
|
|
63
|
+
missing = [name for name in required if not os.environ.get(name)]
|
|
64
|
+
if missing:
|
|
65
|
+
raise SystemExit(f"Missing required environment variables: {', '.join(missing)}")
|
|
66
|
+
|
|
67
|
+
invoice_id = os.environ.get("SYNAPSOR_INVOICE_ID", "INV-3001")
|
|
68
|
+
agent = Agent(
|
|
69
|
+
name="Synapsor HTTP MCP demo agent",
|
|
70
|
+
instructions=(
|
|
71
|
+
"Use the billing_inspect_invoice tool to inspect scoped invoice data. "
|
|
72
|
+
"Do not claim that you can run SQL, approve proposals, or commit writes."
|
|
73
|
+
),
|
|
74
|
+
tools=[billing_inspect_invoice],
|
|
75
|
+
)
|
|
76
|
+
result = await Runner.run(
|
|
77
|
+
agent,
|
|
78
|
+
(
|
|
79
|
+
f"Inspect invoice {invoice_id} using Synapsor. "
|
|
80
|
+
"Explain what you saw and whether you have write authority."
|
|
81
|
+
),
|
|
82
|
+
)
|
|
83
|
+
print(result.final_output)
|
|
84
|
+
|
|
85
|
+
|
|
86
|
+
if __name__ == "__main__":
|
|
87
|
+
try:
|
|
88
|
+
asyncio.run(main())
|
|
89
|
+
except KeyboardInterrupt:
|
|
90
|
+
sys.exit(130)
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
openai-agents>=0.1.0
|