@synapsor/runner 0.1.0-alpha.4 → 0.1.0-alpha.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +211 -43
- package/dist/cli.d.ts.map +1 -1
- package/dist/runner.mjs +912 -90
- package/docs/README.md +32 -54
- package/docs/getting-started-own-database.md +68 -36
- package/docs/http-mcp.md +200 -0
- package/docs/local-mode.md +71 -35
- package/docs/mcp-audit.md +11 -15
- package/docs/mcp-client-setup.md +48 -9
- package/docs/recipes.md +6 -6
- package/docs/security-boundary.md +1 -1
- package/docs/troubleshooting-first-run.md +6 -6
- package/docs/writeback-executors.md +1 -1
- package/examples/openai-agents-http/README.md +55 -0
- package/examples/openai-agents-http/agent.py +90 -0
- package/examples/openai-agents-http/requirements.txt +1 -0
- package/examples/openai-agents-stdio/README.md +62 -0
- package/examples/openai-agents-stdio/agent.py +70 -0
- package/examples/openai-agents-stdio/requirements.txt +1 -0
- package/examples/reference-support-billing-app/README.md +17 -17
- package/package.json +3 -2
- package/docs/MCP_RUNNER_IMPLEMENTATION_PLAN.md +0 -187
- package/docs/architecture.md +0 -65
- package/docs/capability-config.md +0 -180
- package/docs/cloud-mode.md +0 -140
- package/docs/config-migrations.md +0 -67
- package/docs/demo-transcript.md +0 -161
- package/docs/dependency-license-inventory.md +0 -35
- package/docs/first-10-minutes.md +0 -172
- package/docs/licensing.md +0 -38
- package/docs/local-ui.md +0 -163
- package/docs/mcp-efficiency-benchmark.md +0 -84
- package/docs/open-source-feature-inventory.md +0 -254
- package/docs/operations.md +0 -38
- package/docs/own-db-20-minutes.md +0 -185
- package/docs/production-readiness.md +0 -39
- package/docs/protocol.md +0 -90
- package/docs/roadmap.md +0 -13
- package/docs/schema-inspection.md +0 -88
- package/docs/shadow-mode.md +0 -67
- package/docs/telemetry.md +0 -28
- package/docs/threat-model.md +0 -25
- package/docs/trusted-context.md +0 -70
package/README.md
CHANGED
|
@@ -7,46 +7,180 @@ Runner lets an MCP agent inspect scoped data and request database-backed
|
|
|
7
7
|
business actions without receiving raw SQL, write credentials, approval tools,
|
|
8
8
|
or commit tools.
|
|
9
9
|
|
|
10
|
-
|
|
10
|
+
```text
|
|
11
|
+
AI agent or MCP client
|
|
12
|
+
(Claude, Cursor, OpenAI Agents SDK, LangGraph)
|
|
13
|
+
|
|
|
14
|
+
| calls reviewed MCP tool
|
|
15
|
+
v
|
|
16
|
+
+--------------------------------+
|
|
17
|
+
| Synapsor Runner MCP |
|
|
18
|
+
| semantic capabilities only |
|
|
19
|
+
| trusted tenant/principal ctx |
|
|
20
|
+
| evidence + query audit |
|
|
21
|
+
+--------------------------------+
|
|
22
|
+
|
|
|
23
|
+
| scoped read / guarded proposal
|
|
24
|
+
v
|
|
25
|
+
+--------------------------------+
|
|
26
|
+
| Your Postgres or MySQL |
|
|
27
|
+
| source of truth |
|
|
28
|
+
+--------------------------------+
|
|
29
|
+
|
|
30
|
+
Local Runner store:
|
|
31
|
+
evidence · query audit · proposals · receipts · replay
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
Your database stays the source of truth. Synapsor Runner owns the
|
|
35
|
+
model-facing boundary: what the agent can read, what it can propose, what
|
|
36
|
+
evidence is saved, and what can later be reviewed or replayed.
|
|
37
|
+
|
|
38
|
+
## What Runner Does
|
|
39
|
+
|
|
40
|
+
When an agent uses Runner:
|
|
41
|
+
|
|
42
|
+
- the model gets reviewed capabilities, not raw database authority;
|
|
43
|
+
- reads produce evidence handles and query audit;
|
|
44
|
+
- writes become proposals, not direct mutations;
|
|
45
|
+
- approval and writeback happen outside the model-facing MCP surface;
|
|
46
|
+
- replay shows what the agent saw, proposed, and what was applied or blocked.
|
|
47
|
+
|
|
48
|
+
## Start Here
|
|
49
|
+
|
|
50
|
+
Run the guided quick demo first. It does not require Docker, a database, a
|
|
51
|
+
config file, an MCP client, or a Synapsor Cloud account.
|
|
11
52
|
|
|
12
53
|
```bash
|
|
13
|
-
npx -y -p @synapsor/runner@alpha synapsor --
|
|
14
|
-
npx -y -p @synapsor/runner@alpha synapsor demo --quick
|
|
15
|
-
npx -y -p @synapsor/runner@alpha synapsor audit --example dangerous-db-mcp
|
|
54
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner demo --quick
|
|
16
55
|
```
|
|
17
56
|
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
`npm view @synapsor/runner@alpha version` still reports an older alpha, use
|
|
22
|
-
`./bin/synapsor ...` from this checkout or wait for the next alpha publish
|
|
23
|
-
before relying on those npm examples.
|
|
57
|
+
In a terminal, it walks through the safety model step by step. In CI, piped
|
|
58
|
+
output, or other non-interactive mode, it prints a short summary and exits
|
|
59
|
+
without waiting for Enter.
|
|
24
60
|
|
|
25
|
-
|
|
26
|
-
|
|
61
|
+
That command creates a local ledger fixture at `./.synapsor/quick-demo.db`.
|
|
62
|
+
It does not prove database connectivity. It shows the proposal, evidence, and
|
|
63
|
+
replay flow without giving the runner a database URL.
|
|
27
64
|
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
65
|
+
```bash
|
|
66
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner demo inspect
|
|
67
|
+
```
|
|
31
68
|
|
|
32
|
-
|
|
69
|
+
Human output is concise by default. Use `--details` for reviewer metadata or
|
|
70
|
+
`--json` for complete machine-readable records.
|
|
71
|
+
|
|
72
|
+
Useful quick-demo modes:
|
|
33
73
|
|
|
34
74
|
```bash
|
|
35
|
-
synapsor
|
|
36
|
-
synapsor
|
|
37
|
-
synapsor
|
|
75
|
+
synapsor-runner demo --quick --guided
|
|
76
|
+
synapsor-runner demo --quick --no-interactive
|
|
77
|
+
synapsor-runner demo --quick --details
|
|
78
|
+
synapsor-runner demo inspect --npx
|
|
79
|
+
```
|
|
80
|
+
|
|
81
|
+
Then choose one path:
|
|
82
|
+
|
|
83
|
+
```text
|
|
84
|
+
Full disposable proof -> npx -y -p @synapsor/runner@alpha synapsor-runner demo
|
|
85
|
+
Your own staging DB -> export DATABASE_URL=... then run the inspect command below
|
|
86
|
+
MCP risk review -> npx -y -p @synapsor/runner@alpha synapsor-runner audit --example dangerous-db-mcp
|
|
38
87
|
```
|
|
39
88
|
|
|
40
|
-
|
|
89
|
+
`synapsor-runner` is the public command for this OSS runner. `synapsor` is
|
|
90
|
+
reserved for the Synapsor Cloud CLI.
|
|
91
|
+
|
|
92
|
+
## Connect Your Own Staging Database
|
|
93
|
+
|
|
94
|
+
Put a read-only connection string in the environment:
|
|
41
95
|
|
|
42
96
|
```bash
|
|
43
97
|
export DATABASE_URL="postgresql://readonly_user:password@localhost:5432/app"
|
|
44
|
-
synapsor inspect --engine auto --from-env DATABASE_URL --schema public
|
|
45
|
-
synapsor init --wizard --engine auto --from-env DATABASE_URL --schema public
|
|
46
|
-
synapsor tools preview
|
|
47
|
-
synapsor mcp serve
|
|
48
98
|
```
|
|
49
99
|
|
|
100
|
+
For disposable dev RDS fixtures only, use `sslmode=no-verify` if your local
|
|
101
|
+
Node/Postgres TLS stack cannot verify the test certificate chain. For real
|
|
102
|
+
staging or production-like databases, keep certificate verification enabled.
|
|
103
|
+
|
|
104
|
+
Inspect metadata:
|
|
105
|
+
|
|
106
|
+
```bash
|
|
107
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner inspect \
|
|
108
|
+
--engine auto \
|
|
109
|
+
--from-env DATABASE_URL \
|
|
110
|
+
--schema public
|
|
111
|
+
```
|
|
112
|
+
|
|
113
|
+
Generate a reviewed read-only config first. The wizard creates this local
|
|
114
|
+
flow:
|
|
115
|
+
|
|
116
|
+
```text
|
|
117
|
+
trusted context -> capability -> MCP tool
|
|
118
|
+
```
|
|
119
|
+
|
|
120
|
+
It asks which table/view backs the context, which tenant/scope column and
|
|
121
|
+
backend session env vars are trusted, which fields are visible, and what
|
|
122
|
+
semantic capability name to expose.
|
|
123
|
+
|
|
124
|
+
```bash
|
|
125
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner init \
|
|
126
|
+
--wizard \
|
|
127
|
+
--engine auto \
|
|
128
|
+
--from-env DATABASE_URL \
|
|
129
|
+
--schema public \
|
|
130
|
+
--mode read_only
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
Preview and serve the semantic tools:
|
|
134
|
+
|
|
135
|
+
```bash
|
|
136
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner tools preview \
|
|
137
|
+
--config ./synapsor.runner.json \
|
|
138
|
+
--store ./.synapsor/local.db
|
|
139
|
+
|
|
140
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner mcp serve \
|
|
141
|
+
--config ./synapsor.runner.json \
|
|
142
|
+
--store ./.synapsor/local.db
|
|
143
|
+
```
|
|
144
|
+
|
|
145
|
+
## Two Ways To Run MCP
|
|
146
|
+
|
|
147
|
+
Use stdio when the MCP client runs locally and can launch Synapsor Runner. Use
|
|
148
|
+
HTTP when your agent service runs as an app/server and connects to a
|
|
149
|
+
long-running Runner process.
|
|
150
|
+
|
|
151
|
+
Local MCP clients:
|
|
152
|
+
|
|
153
|
+
```bash
|
|
154
|
+
synapsor-runner mcp serve \
|
|
155
|
+
--config ./synapsor.runner.json \
|
|
156
|
+
--store ./.synapsor/local.db
|
|
157
|
+
```
|
|
158
|
+
|
|
159
|
+
App/server deployments:
|
|
160
|
+
|
|
161
|
+
```bash
|
|
162
|
+
export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-local-token"
|
|
163
|
+
|
|
164
|
+
synapsor-runner mcp serve-http \
|
|
165
|
+
--config ./synapsor.runner.json \
|
|
166
|
+
--store ./.synapsor/local.db \
|
|
167
|
+
--auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
|
|
168
|
+
```
|
|
169
|
+
|
|
170
|
+
HTTP defaults to `127.0.0.1:8765`, requires bearer auth by default, and should
|
|
171
|
+
use private networking, TLS, and rate limits before being exposed beyond a
|
|
172
|
+
local machine.
|
|
173
|
+
|
|
174
|
+
OpenAI Agents SDK examples:
|
|
175
|
+
|
|
176
|
+
```text
|
|
177
|
+
examples/openai-agents-stdio/
|
|
178
|
+
examples/openai-agents-http/
|
|
179
|
+
```
|
|
180
|
+
|
|
181
|
+
Use `--mode review` only when you are ready to create proposal tools and test
|
|
182
|
+
guarded writeback with a separate trusted write credential.
|
|
183
|
+
|
|
50
184
|
The disposable reference app includes proposal-first write examples for:
|
|
51
185
|
|
|
52
186
|
- `billing.propose_late_fee_waiver`
|
|
@@ -62,9 +196,10 @@ For a longer local session, you can install the alpha package explicitly:
|
|
|
62
196
|
npm install -g @synapsor/runner@alpha
|
|
63
197
|
```
|
|
64
198
|
|
|
65
|
-
##
|
|
199
|
+
## Runtime Flow
|
|
66
200
|
|
|
67
|
-
The local runner
|
|
201
|
+
The local runner keeps the model-facing tool call separate from approval and
|
|
202
|
+
writeback:
|
|
68
203
|
|
|
69
204
|
```text
|
|
70
205
|
MCP tool call
|
|
@@ -106,6 +241,35 @@ Use Synapsor Runner when you also want the agent-facing layer: semantic tools,
|
|
|
106
241
|
trusted context, evidence handles, query audit, local inspection, and
|
|
107
242
|
proposal-first writes.
|
|
108
243
|
|
|
244
|
+
## Fixture Benchmark
|
|
245
|
+
|
|
246
|
+
Run the included MCP efficiency fixture:
|
|
247
|
+
|
|
248
|
+
```bash
|
|
249
|
+
synapsor-runner benchmark mcp-efficiency
|
|
250
|
+
```
|
|
251
|
+
|
|
252
|
+
Current fixture result for the late-fee-waiver workflow:
|
|
253
|
+
|
|
254
|
+
```text
|
|
255
|
+
Generic database MCP reference:
|
|
256
|
+
exposed tools: 4
|
|
257
|
+
scripted tool calls: 5
|
|
258
|
+
raw SQL exposed: yes
|
|
259
|
+
approval separated: no
|
|
260
|
+
stale-row conflict checked: no
|
|
261
|
+
|
|
262
|
+
Synapsor Runner semantic path:
|
|
263
|
+
exposed tools: 2
|
|
264
|
+
scripted tool calls: 2
|
|
265
|
+
raw SQL exposed: no
|
|
266
|
+
approval separated: yes
|
|
267
|
+
stale-row conflict checked: yes
|
|
268
|
+
```
|
|
269
|
+
|
|
270
|
+
The fixture tokenizer is deterministic and repeatable for this package. It is
|
|
271
|
+
not a model billing tokenizer and not a universal token-savings claim.
|
|
272
|
+
|
|
109
273
|
## Find Evidence And Replay
|
|
110
274
|
|
|
111
275
|
The commands in this section require this checkout or an alpha package that
|
|
@@ -115,36 +279,40 @@ The runner stores a local SQLite evidence/replay ledger. Search it without
|
|
|
115
279
|
relying on `latest`:
|
|
116
280
|
|
|
117
281
|
```bash
|
|
118
|
-
synapsor activity search --tenant acme --object invoice:INV-3001
|
|
119
|
-
synapsor proposals list --tenant acme --object invoice:INV-3001 --status approved
|
|
120
|
-
synapsor evidence show ev_...
|
|
121
|
-
synapsor query-audit list --evidence ev_...
|
|
122
|
-
synapsor receipts list --proposal wrp_...
|
|
123
|
-
synapsor receipts show <receipt_id>
|
|
124
|
-
synapsor replay show --proposal wrp_...
|
|
125
|
-
synapsor replay show --replay replay_wrp_...
|
|
282
|
+
synapsor-runner activity search --tenant acme --object invoice:INV-3001
|
|
283
|
+
synapsor-runner proposals list --tenant acme --object invoice:INV-3001 --status approved
|
|
284
|
+
synapsor-runner evidence show ev_...
|
|
285
|
+
synapsor-runner query-audit list --evidence ev_...
|
|
286
|
+
synapsor-runner receipts list --proposal wrp_...
|
|
287
|
+
synapsor-runner receipts show <receipt_id>
|
|
288
|
+
synapsor-runner replay show --proposal wrp_...
|
|
289
|
+
synapsor-runner replay show --replay replay_wrp_...
|
|
126
290
|
```
|
|
127
291
|
|
|
292
|
+
Default inspection output is meant for first-run clarity. Add `--details` for
|
|
293
|
+
target URIs, primary keys, proposal hash/version, conflict guards, query
|
|
294
|
+
fingerprints, event timestamps, and receipt internals.
|
|
295
|
+
|
|
128
296
|
Export captured evidence or proposal replay:
|
|
129
297
|
|
|
130
298
|
```bash
|
|
131
|
-
synapsor evidence export ev_... --format markdown --output evidence.md
|
|
132
|
-
synapsor replay export --proposal wrp_... --format json --output replay.json
|
|
133
|
-
synapsor replay export --proposal wrp_... --format markdown --output replay.md
|
|
299
|
+
synapsor-runner evidence export ev_... --format markdown --output evidence.md
|
|
300
|
+
synapsor-runner replay export --proposal wrp_... --format json --output replay.json
|
|
301
|
+
synapsor-runner replay export --proposal wrp_... --format markdown --output replay.md
|
|
134
302
|
```
|
|
135
303
|
|
|
136
304
|
Create a redacted local diagnostic report:
|
|
137
305
|
|
|
138
306
|
```bash
|
|
139
|
-
synapsor doctor --config synapsor.runner.json --report --redact --output synapsor-doctor.md
|
|
307
|
+
synapsor-runner doctor --config synapsor.runner.json --report --redact --output synapsor-doctor.md
|
|
140
308
|
```
|
|
141
309
|
|
|
142
310
|
Inspect or compact the local ledger:
|
|
143
311
|
|
|
144
312
|
```bash
|
|
145
|
-
synapsor store stats --store ./.synapsor/local.db
|
|
146
|
-
synapsor store vacuum --store ./.synapsor/local.db
|
|
147
|
-
synapsor store prune --store ./.synapsor/local.db --older-than 30d --dry-run
|
|
313
|
+
synapsor-runner store stats --store ./.synapsor/local.db
|
|
314
|
+
synapsor-runner store vacuum --store ./.synapsor/local.db
|
|
315
|
+
synapsor-runner store prune --store ./.synapsor/local.db --older-than 30d --dry-run
|
|
148
316
|
```
|
|
149
317
|
|
|
150
318
|
This is local indexed search for local/dev/staging usage. It is not external
|
|
@@ -160,8 +328,8 @@ MCP, and the handler returns an applied/conflict/failed receipt for replay.
|
|
|
160
328
|
|
|
161
329
|
## Command Name
|
|
162
330
|
|
|
163
|
-
This package installs `synapsor` as the
|
|
164
|
-
|
|
331
|
+
This package installs `synapsor-runner` as the OSS runner binary. The `synapsor`
|
|
332
|
+
command is reserved for the Synapsor Cloud CLI.
|
|
165
333
|
|
|
166
334
|
## Scope
|
|
167
335
|
|
package/dist/cli.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";
|
|
1
|
+
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AA+BA,OAAO,EAOL,KAAK,gBAAgB,EAEtB,MAAM,mCAAmC,CAAC;AA4H3C,wBAAsB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CA8C1D;AA0DD,KAAK,SAAS,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE9E,wBAAsB,aAAa,CACjC,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,GAAE;IACP,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;CACvC,GACL,OAAO,CAAC,MAAM,CAAC,CAiLjB"}
|