@synapsor/runner 0.1.0-alpha.4 → 0.1.0-alpha.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. package/README.md +211 -43
  2. package/dist/cli.d.ts.map +1 -1
  3. package/dist/runner.mjs +912 -90
  4. package/docs/README.md +32 -54
  5. package/docs/getting-started-own-database.md +68 -36
  6. package/docs/http-mcp.md +200 -0
  7. package/docs/local-mode.md +71 -35
  8. package/docs/mcp-audit.md +11 -15
  9. package/docs/mcp-client-setup.md +48 -9
  10. package/docs/recipes.md +6 -6
  11. package/docs/security-boundary.md +1 -1
  12. package/docs/troubleshooting-first-run.md +6 -6
  13. package/docs/writeback-executors.md +1 -1
  14. package/examples/openai-agents-http/README.md +55 -0
  15. package/examples/openai-agents-http/agent.py +90 -0
  16. package/examples/openai-agents-http/requirements.txt +1 -0
  17. package/examples/openai-agents-stdio/README.md +62 -0
  18. package/examples/openai-agents-stdio/agent.py +70 -0
  19. package/examples/openai-agents-stdio/requirements.txt +1 -0
  20. package/examples/reference-support-billing-app/README.md +17 -17
  21. package/package.json +3 -2
  22. package/docs/MCP_RUNNER_IMPLEMENTATION_PLAN.md +0 -187
  23. package/docs/architecture.md +0 -65
  24. package/docs/capability-config.md +0 -180
  25. package/docs/cloud-mode.md +0 -140
  26. package/docs/config-migrations.md +0 -67
  27. package/docs/demo-transcript.md +0 -161
  28. package/docs/dependency-license-inventory.md +0 -35
  29. package/docs/first-10-minutes.md +0 -172
  30. package/docs/licensing.md +0 -38
  31. package/docs/local-ui.md +0 -163
  32. package/docs/mcp-efficiency-benchmark.md +0 -84
  33. package/docs/open-source-feature-inventory.md +0 -254
  34. package/docs/operations.md +0 -38
  35. package/docs/own-db-20-minutes.md +0 -185
  36. package/docs/production-readiness.md +0 -39
  37. package/docs/protocol.md +0 -90
  38. package/docs/roadmap.md +0 -13
  39. package/docs/schema-inspection.md +0 -88
  40. package/docs/shadow-mode.md +0 -67
  41. package/docs/telemetry.md +0 -28
  42. package/docs/threat-model.md +0 -25
  43. package/docs/trusted-context.md +0 -70
package/README.md CHANGED
@@ -7,46 +7,180 @@ Runner lets an MCP agent inspect scoped data and request database-backed
7
7
  business actions without receiving raw SQL, write credentials, approval tools,
8
8
  or commit tools.
9
9
 
10
- ## Run The Alpha
10
+ ```text
11
+ AI agent or MCP client
12
+ (Claude, Cursor, OpenAI Agents SDK, LangGraph)
13
+ |
14
+ | calls reviewed MCP tool
15
+ v
16
+ +--------------------------------+
17
+ | Synapsor Runner MCP |
18
+ | semantic capabilities only |
19
+ | trusted tenant/principal ctx |
20
+ | evidence + query audit |
21
+ +--------------------------------+
22
+ |
23
+ | scoped read / guarded proposal
24
+ v
25
+ +--------------------------------+
26
+ | Your Postgres or MySQL |
27
+ | source of truth |
28
+ +--------------------------------+
29
+
30
+ Local Runner store:
31
+ evidence · query audit · proposals · receipts · replay
32
+ ```
33
+
34
+ Your database stays the source of truth. Synapsor Runner owns the
35
+ model-facing boundary: what the agent can read, what it can propose, what
36
+ evidence is saved, and what can later be reviewed or replayed.
37
+
38
+ ## What Runner Does
39
+
40
+ When an agent uses Runner:
41
+
42
+ - the model gets reviewed capabilities, not raw database authority;
43
+ - reads produce evidence handles and query audit;
44
+ - writes become proposals, not direct mutations;
45
+ - approval and writeback happen outside the model-facing MCP surface;
46
+ - replay shows what the agent saw, proposed, and what was applied or blocked.
47
+
48
+ ## Start Here
49
+
50
+ Run the guided quick demo first. It does not require Docker, a database, a
51
+ config file, an MCP client, or a Synapsor Cloud account.
11
52
 
12
53
  ```bash
13
- npx -y -p @synapsor/runner@alpha synapsor --help
14
- npx -y -p @synapsor/runner@alpha synapsor demo --quick
15
- npx -y -p @synapsor/runner@alpha synapsor audit --example dangerous-db-mcp
54
+ npx -y -p @synapsor/runner@alpha synapsor-runner demo --quick
16
55
  ```
17
56
 
18
- The local-ledger quick fixture, audit `--format markdown`, local evidence
19
- search, and store maintenance commands are in this checkout and package version
20
- `0.1.0-alpha.4`. If
21
- `npm view @synapsor/runner@alpha version` still reports an older alpha, use
22
- `./bin/synapsor ...` from this checkout or wait for the next alpha publish
23
- before relying on those npm examples.
57
+ In a terminal, it walks through the safety model step by step. In CI, piped
58
+ output, or other non-interactive mode, it prints a short summary and exits
59
+ without waiting for Enter.
24
60
 
25
- `synapsor` is the public command. `synapsor-runner` remains available as a
26
- backward-compatible alias for earlier alpha commands.
61
+ That command creates a local ledger fixture at `./.synapsor/quick-demo.db`.
62
+ It does not prove database connectivity. It shows the proposal, evidence, and
63
+ replay flow without giving the runner a database URL.
27
64
 
28
- `synapsor demo --quick` is fixture-only, does not require Docker, and writes an
29
- inspectable local ledger fixture to `./.synapsor/quick-demo.db`. Use
30
- `synapsor demo` for the disposable local Postgres-backed demo.
65
+ ```bash
66
+ npx -y -p @synapsor/runner@alpha synapsor-runner demo inspect
67
+ ```
31
68
 
32
- Inspect the quick fixture:
69
+ Human output is concise by default. Use `--details` for reviewer metadata or
70
+ `--json` for complete machine-readable records.
71
+
72
+ Useful quick-demo modes:
33
73
 
34
74
  ```bash
35
- synapsor proposals show latest --store ./.synapsor/quick-demo.db
36
- synapsor activity search --object invoice:INV-3001 --store ./.synapsor/quick-demo.db
37
- synapsor replay show latest --store ./.synapsor/quick-demo.db
75
+ synapsor-runner demo --quick --guided
76
+ synapsor-runner demo --quick --no-interactive
77
+ synapsor-runner demo --quick --details
78
+ synapsor-runner demo inspect --npx
79
+ ```
80
+
81
+ Then choose one path:
82
+
83
+ ```text
84
+ Full disposable proof -> npx -y -p @synapsor/runner@alpha synapsor-runner demo
85
+ Your own staging DB -> export DATABASE_URL=... then run the inspect command below
86
+ MCP risk review -> npx -y -p @synapsor/runner@alpha synapsor-runner audit --example dangerous-db-mcp
38
87
  ```
39
88
 
40
- Use it with a local or staging database:
89
+ `synapsor-runner` is the public command for this OSS runner. `synapsor` is
90
+ reserved for the Synapsor Cloud CLI.
91
+
92
+ ## Connect Your Own Staging Database
93
+
94
+ Put a read-only connection string in the environment:
41
95
 
42
96
  ```bash
43
97
  export DATABASE_URL="postgresql://readonly_user:password@localhost:5432/app"
44
- synapsor inspect --engine auto --from-env DATABASE_URL --schema public
45
- synapsor init --wizard --engine auto --from-env DATABASE_URL --schema public
46
- synapsor tools preview
47
- synapsor mcp serve
48
98
  ```
49
99
 
100
+ For disposable dev RDS fixtures only, use `sslmode=no-verify` if your local
101
+ Node/Postgres TLS stack cannot verify the test certificate chain. For real
102
+ staging or production-like databases, keep certificate verification enabled.
103
+
104
+ Inspect metadata:
105
+
106
+ ```bash
107
+ npx -y -p @synapsor/runner@alpha synapsor-runner inspect \
108
+ --engine auto \
109
+ --from-env DATABASE_URL \
110
+ --schema public
111
+ ```
112
+
113
+ Generate a reviewed read-only config first. The wizard creates this local
114
+ flow:
115
+
116
+ ```text
117
+ trusted context -> capability -> MCP tool
118
+ ```
119
+
120
+ It asks which table/view backs the context, which tenant/scope column and
121
+ backend session env vars are trusted, which fields are visible, and what
122
+ semantic capability name to expose.
123
+
124
+ ```bash
125
+ npx -y -p @synapsor/runner@alpha synapsor-runner init \
126
+ --wizard \
127
+ --engine auto \
128
+ --from-env DATABASE_URL \
129
+ --schema public \
130
+ --mode read_only
131
+ ```
132
+
133
+ Preview and serve the semantic tools:
134
+
135
+ ```bash
136
+ npx -y -p @synapsor/runner@alpha synapsor-runner tools preview \
137
+ --config ./synapsor.runner.json \
138
+ --store ./.synapsor/local.db
139
+
140
+ npx -y -p @synapsor/runner@alpha synapsor-runner mcp serve \
141
+ --config ./synapsor.runner.json \
142
+ --store ./.synapsor/local.db
143
+ ```
144
+
145
+ ## Two Ways To Run MCP
146
+
147
+ Use stdio when the MCP client runs locally and can launch Synapsor Runner. Use
148
+ HTTP when your agent service runs as an app/server and connects to a
149
+ long-running Runner process.
150
+
151
+ Local MCP clients:
152
+
153
+ ```bash
154
+ synapsor-runner mcp serve \
155
+ --config ./synapsor.runner.json \
156
+ --store ./.synapsor/local.db
157
+ ```
158
+
159
+ App/server deployments:
160
+
161
+ ```bash
162
+ export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-local-token"
163
+
164
+ synapsor-runner mcp serve-http \
165
+ --config ./synapsor.runner.json \
166
+ --store ./.synapsor/local.db \
167
+ --auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
168
+ ```
169
+
170
+ HTTP defaults to `127.0.0.1:8765`, requires bearer auth by default, and should
171
+ use private networking, TLS, and rate limits before being exposed beyond a
172
+ local machine.
173
+
174
+ OpenAI Agents SDK examples:
175
+
176
+ ```text
177
+ examples/openai-agents-stdio/
178
+ examples/openai-agents-http/
179
+ ```
180
+
181
+ Use `--mode review` only when you are ready to create proposal tools and test
182
+ guarded writeback with a separate trusted write credential.
183
+
50
184
  The disposable reference app includes proposal-first write examples for:
51
185
 
52
186
  - `billing.propose_late_fee_waiver`
@@ -62,9 +196,10 @@ For a longer local session, you can install the alpha package explicitly:
62
196
  npm install -g @synapsor/runner@alpha
63
197
  ```
64
198
 
65
- ## What It Does
199
+ ## Runtime Flow
66
200
 
67
- The local runner implements a small Synapsor-style trust loop:
201
+ The local runner keeps the model-facing tool call separate from approval and
202
+ writeback:
68
203
 
69
204
  ```text
70
205
  MCP tool call
@@ -106,6 +241,35 @@ Use Synapsor Runner when you also want the agent-facing layer: semantic tools,
106
241
  trusted context, evidence handles, query audit, local inspection, and
107
242
  proposal-first writes.
108
243
 
244
+ ## Fixture Benchmark
245
+
246
+ Run the included MCP efficiency fixture:
247
+
248
+ ```bash
249
+ synapsor-runner benchmark mcp-efficiency
250
+ ```
251
+
252
+ Current fixture result for the late-fee-waiver workflow:
253
+
254
+ ```text
255
+ Generic database MCP reference:
256
+ exposed tools: 4
257
+ scripted tool calls: 5
258
+ raw SQL exposed: yes
259
+ approval separated: no
260
+ stale-row conflict checked: no
261
+
262
+ Synapsor Runner semantic path:
263
+ exposed tools: 2
264
+ scripted tool calls: 2
265
+ raw SQL exposed: no
266
+ approval separated: yes
267
+ stale-row conflict checked: yes
268
+ ```
269
+
270
+ The fixture tokenizer is deterministic and repeatable for this package. It is
271
+ not a model billing tokenizer and not a universal token-savings claim.
272
+
109
273
  ## Find Evidence And Replay
110
274
 
111
275
  The commands in this section require this checkout or an alpha package that
@@ -115,36 +279,40 @@ The runner stores a local SQLite evidence/replay ledger. Search it without
115
279
  relying on `latest`:
116
280
 
117
281
  ```bash
118
- synapsor activity search --tenant acme --object invoice:INV-3001
119
- synapsor proposals list --tenant acme --object invoice:INV-3001 --status approved
120
- synapsor evidence show ev_...
121
- synapsor query-audit list --evidence ev_...
122
- synapsor receipts list --proposal wrp_...
123
- synapsor receipts show <receipt_id>
124
- synapsor replay show --proposal wrp_...
125
- synapsor replay show --replay replay_wrp_...
282
+ synapsor-runner activity search --tenant acme --object invoice:INV-3001
283
+ synapsor-runner proposals list --tenant acme --object invoice:INV-3001 --status approved
284
+ synapsor-runner evidence show ev_...
285
+ synapsor-runner query-audit list --evidence ev_...
286
+ synapsor-runner receipts list --proposal wrp_...
287
+ synapsor-runner receipts show <receipt_id>
288
+ synapsor-runner replay show --proposal wrp_...
289
+ synapsor-runner replay show --replay replay_wrp_...
126
290
  ```
127
291
 
292
+ Default inspection output is meant for first-run clarity. Add `--details` for
293
+ target URIs, primary keys, proposal hash/version, conflict guards, query
294
+ fingerprints, event timestamps, and receipt internals.
295
+
128
296
  Export captured evidence or proposal replay:
129
297
 
130
298
  ```bash
131
- synapsor evidence export ev_... --format markdown --output evidence.md
132
- synapsor replay export --proposal wrp_... --format json --output replay.json
133
- synapsor replay export --proposal wrp_... --format markdown --output replay.md
299
+ synapsor-runner evidence export ev_... --format markdown --output evidence.md
300
+ synapsor-runner replay export --proposal wrp_... --format json --output replay.json
301
+ synapsor-runner replay export --proposal wrp_... --format markdown --output replay.md
134
302
  ```
135
303
 
136
304
  Create a redacted local diagnostic report:
137
305
 
138
306
  ```bash
139
- synapsor doctor --config synapsor.runner.json --report --redact --output synapsor-doctor.md
307
+ synapsor-runner doctor --config synapsor.runner.json --report --redact --output synapsor-doctor.md
140
308
  ```
141
309
 
142
310
  Inspect or compact the local ledger:
143
311
 
144
312
  ```bash
145
- synapsor store stats --store ./.synapsor/local.db
146
- synapsor store vacuum --store ./.synapsor/local.db
147
- synapsor store prune --store ./.synapsor/local.db --older-than 30d --dry-run
313
+ synapsor-runner store stats --store ./.synapsor/local.db
314
+ synapsor-runner store vacuum --store ./.synapsor/local.db
315
+ synapsor-runner store prune --store ./.synapsor/local.db --older-than 30d --dry-run
148
316
  ```
149
317
 
150
318
  This is local indexed search for local/dev/staging usage. It is not external
@@ -160,8 +328,8 @@ MCP, and the handler returns an applied/conflict/failed receipt for replay.
160
328
 
161
329
  ## Command Name
162
330
 
163
- This package installs `synapsor` as the primary binary and `synapsor-runner` as
164
- a backward-compatible alias.
331
+ This package installs `synapsor-runner` as the OSS runner binary. The `synapsor`
332
+ command is reserved for the Synapsor Cloud CLI.
165
333
 
166
334
  ## Scope
167
335
 
package/dist/cli.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AA8BA,OAAO,EAOL,KAAK,gBAAgB,EAEtB,MAAM,mCAAmC,CAAC;AA4H3C,wBAAsB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CA8C1D;AA0DD,KAAK,SAAS,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE9E,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,GAAE;IACP,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;CACvC,GACL,OAAO,CAAC,MAAM,CAAC,CA0KjB"}
1
+ {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AA+BA,OAAO,EAOL,KAAK,gBAAgB,EAEtB,MAAM,mCAAmC,CAAC;AA4H3C,wBAAsB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CA8C1D;AA0DD,KAAK,SAAS,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE9E,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,GAAE;IACP,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;CACvC,GACL,OAAO,CAAC,MAAM,CAAC,CAiLjB"}