@synapsor/runner 0.1.0-alpha.4 → 0.1.0-alpha.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +211 -43
- package/dist/cli.d.ts.map +1 -1
- package/dist/runner.mjs +912 -90
- package/docs/README.md +32 -54
- package/docs/getting-started-own-database.md +68 -36
- package/docs/http-mcp.md +200 -0
- package/docs/local-mode.md +71 -35
- package/docs/mcp-audit.md +11 -15
- package/docs/mcp-client-setup.md +48 -9
- package/docs/recipes.md +6 -6
- package/docs/security-boundary.md +1 -1
- package/docs/troubleshooting-first-run.md +6 -6
- package/docs/writeback-executors.md +1 -1
- package/examples/openai-agents-http/README.md +55 -0
- package/examples/openai-agents-http/agent.py +90 -0
- package/examples/openai-agents-http/requirements.txt +1 -0
- package/examples/openai-agents-stdio/README.md +62 -0
- package/examples/openai-agents-stdio/agent.py +70 -0
- package/examples/openai-agents-stdio/requirements.txt +1 -0
- package/examples/reference-support-billing-app/README.md +17 -17
- package/package.json +3 -2
- package/docs/MCP_RUNNER_IMPLEMENTATION_PLAN.md +0 -187
- package/docs/architecture.md +0 -65
- package/docs/capability-config.md +0 -180
- package/docs/cloud-mode.md +0 -140
- package/docs/config-migrations.md +0 -67
- package/docs/demo-transcript.md +0 -161
- package/docs/dependency-license-inventory.md +0 -35
- package/docs/first-10-minutes.md +0 -172
- package/docs/licensing.md +0 -38
- package/docs/local-ui.md +0 -163
- package/docs/mcp-efficiency-benchmark.md +0 -84
- package/docs/open-source-feature-inventory.md +0 -254
- package/docs/operations.md +0 -38
- package/docs/own-db-20-minutes.md +0 -185
- package/docs/production-readiness.md +0 -39
- package/docs/protocol.md +0 -90
- package/docs/roadmap.md +0 -13
- package/docs/schema-inspection.md +0 -88
- package/docs/shadow-mode.md +0 -67
- package/docs/telemetry.md +0 -28
- package/docs/threat-model.md +0 -25
- package/docs/trusted-context.md +0 -70
package/docs/README.md
CHANGED
|
@@ -1,56 +1,34 @@
|
|
|
1
1
|
# Synapsor Runner Docs
|
|
2
2
|
|
|
3
|
-
Start with the
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
`mcp serve` and local UI commands.
|
|
36
|
-
|
|
37
|
-
For disposable dev RDS databases with local CA issues:
|
|
38
|
-
|
|
39
|
-
```bash
|
|
40
|
-
./scripts/use-your-db.sh --allow-insecure-ssl
|
|
41
|
-
```
|
|
42
|
-
|
|
43
|
-
Use certificate verification with the database CA bundle for real staging or
|
|
44
|
-
production-like databases.
|
|
45
|
-
|
|
46
|
-
Read: [Connect Your Own Database](getting-started-own-database.md).
|
|
47
|
-
|
|
48
|
-
## Important References
|
|
49
|
-
|
|
50
|
-
- [Schema Inspection](schema-inspection.md)
|
|
51
|
-
- [MCP Client Setup](mcp-client-setup.md)
|
|
52
|
-
- [Capability Config](capability-config.md)
|
|
53
|
-
- [Local UI](local-ui.md)
|
|
54
|
-
- [Writeback Executors](writeback-executors.md)
|
|
55
|
-
- [Security Boundary](security-boundary.md)
|
|
56
|
-
- [Current Scope And Limitations](limitations.md)
|
|
3
|
+
Start with the README. Use these docs only when you need the next level of
|
|
4
|
+
detail.
|
|
5
|
+
|
|
6
|
+
## First Setup
|
|
7
|
+
|
|
8
|
+
- [Connect Your Own Database](getting-started-own-database.md): inspect a
|
|
9
|
+
staging Postgres/MySQL database, generate `synapsor.runner.json`, preview
|
|
10
|
+
semantic tools, and serve them over MCP.
|
|
11
|
+
- [MCP Client Setup](mcp-client-setup.md): connect Claude, Cursor, VS Code, or
|
|
12
|
+
another stdio MCP client.
|
|
13
|
+
- [HTTP MCP](http-mcp.md): run Synapsor Runner as an authenticated HTTP MCP
|
|
14
|
+
service for app/server agents.
|
|
15
|
+
|
|
16
|
+
## Safety And Operations
|
|
17
|
+
|
|
18
|
+
- [Security Boundary](security-boundary.md): what the model can and cannot see.
|
|
19
|
+
- [Current Limitations](limitations.md): current alpha scope.
|
|
20
|
+
- [Troubleshooting First Run](troubleshooting-first-run.md): common setup
|
|
21
|
+
failures and fixes.
|
|
22
|
+
- [Local Mode](local-mode.md): local store, proposals, approval, replay, and
|
|
23
|
+
writeback flow.
|
|
24
|
+
|
|
25
|
+
## Features
|
|
26
|
+
|
|
27
|
+
- [MCP Audit](mcp-audit.md): static risk review for database MCP tools.
|
|
28
|
+
- [Recipes](recipes.md): starter business-capability templates.
|
|
29
|
+
- [Writeback Executors](writeback-executors.md): app-owned writeback handlers
|
|
30
|
+
for approved proposals.
|
|
31
|
+
|
|
32
|
+
The public docs intentionally stay small. Historical implementation reports,
|
|
33
|
+
release checklists, and internal planning notes are not part of the public
|
|
34
|
+
getting-started path.
|
|
@@ -7,6 +7,11 @@ Do not start with your most sensitive production database. The current alpha
|
|
|
7
7
|
runner is a local commit-safety runtime for reviewed single-row business
|
|
8
8
|
actions, not a production certification.
|
|
9
9
|
|
|
10
|
+
If you only ran `synapsor-runner demo --quick`, you have tested the fixture-only
|
|
11
|
+
teaching path and local ledger commands. This page is the real own-database
|
|
12
|
+
path: it inspects your Postgres/MySQL metadata and generates reviewed semantic
|
|
13
|
+
tools from your selections.
|
|
14
|
+
|
|
10
15
|
## Fast path
|
|
11
16
|
|
|
12
17
|
Set one read-only database URL and run the wrapper from this repo:
|
|
@@ -33,7 +38,7 @@ It does not print your database URL, put the URL in MCP client config, expose
|
|
|
33
38
|
credentials.
|
|
34
39
|
|
|
35
40
|
The rest of this page shows the same flow step by step using the public
|
|
36
|
-
`synapsor ...` CLI. From a source checkout, use `./bin/synapsor ...` if the
|
|
41
|
+
`synapsor-runner ...` CLI. From a source checkout, use `./bin/synapsor-runner ...` if the
|
|
37
42
|
global binary is not linked yet.
|
|
38
43
|
|
|
39
44
|
## 1. Put the read URL in an environment variable
|
|
@@ -76,7 +81,7 @@ other trusted database TLS setup.
|
|
|
76
81
|
## 2. Inspect metadata
|
|
77
82
|
|
|
78
83
|
```bash
|
|
79
|
-
npx -y -p @synapsor/runner@alpha synapsor inspect \
|
|
84
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner inspect \
|
|
80
85
|
--engine auto \
|
|
81
86
|
--from-env DATABASE_URL \
|
|
82
87
|
--schema public
|
|
@@ -85,13 +90,13 @@ npx -y -p @synapsor/runner@alpha synapsor inspect \
|
|
|
85
90
|
For a disposable staging URL, this also works:
|
|
86
91
|
|
|
87
92
|
```bash
|
|
88
|
-
npx -y -p @synapsor/runner@alpha synapsor inspect "$DATABASE_URL" --engine auto --schema public
|
|
93
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner inspect "$DATABASE_URL" --engine auto --schema public
|
|
89
94
|
```
|
|
90
95
|
|
|
91
96
|
For automation:
|
|
92
97
|
|
|
93
98
|
```bash
|
|
94
|
-
npx -y -p @synapsor/runner@alpha synapsor inspect \
|
|
99
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner inspect \
|
|
95
100
|
--engine postgres \
|
|
96
101
|
--from-env DATABASE_URL \
|
|
97
102
|
--schema public \
|
|
@@ -108,9 +113,9 @@ to your staging table, primary key, tenant key, conflict column, visible fields,
|
|
|
108
113
|
allowed write fields, and business limits.
|
|
109
114
|
|
|
110
115
|
```bash
|
|
111
|
-
npx -y -p @synapsor/runner@alpha synapsor recipes list
|
|
112
|
-
npx -y -p @synapsor/runner@alpha synapsor recipes show billing.late_fee_waiver
|
|
113
|
-
npx -y -p @synapsor/runner@alpha synapsor recipes init billing.late_fee_waiver --output synapsor.runner.json
|
|
116
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner recipes list
|
|
117
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner recipes show billing.late_fee_waiver
|
|
118
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner recipes init billing.late_fee_waiver --output synapsor.runner.json
|
|
114
119
|
```
|
|
115
120
|
|
|
116
121
|
Use a recipe when the shape is close. Use the guided wizard or explicit flags
|
|
@@ -125,13 +130,20 @@ only the capabilities in your generated `synapsor.runner.json`.
|
|
|
125
130
|
In an interactive terminal, run the guided wizard:
|
|
126
131
|
|
|
127
132
|
```bash
|
|
128
|
-
npx -y -p @synapsor/runner@alpha synapsor init --from-env DATABASE_URL --mode read_only --wizard
|
|
133
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner init --from-env DATABASE_URL --mode read_only --wizard
|
|
129
134
|
```
|
|
130
135
|
|
|
131
|
-
The generated capabilities are based on your selections. Synapsor
|
|
132
|
-
not force billing, support, order, or any other built-in domain.
|
|
133
|
-
|
|
134
|
-
|
|
136
|
+
The generated context and capabilities are based on your selections. Synapsor
|
|
137
|
+
Runner does not force billing, support, order, or any other built-in domain.
|
|
138
|
+
The local shape is:
|
|
139
|
+
|
|
140
|
+
```text
|
|
141
|
+
trusted context -> capability -> MCP tool
|
|
142
|
+
```
|
|
143
|
+
|
|
144
|
+
You choose the source object, trusted tenant/principal bindings, namespace,
|
|
145
|
+
object name, lookup argument, visible fields, proposal fields, guards, and
|
|
146
|
+
approval role.
|
|
135
147
|
|
|
136
148
|
Start with `read_only` to prove safe database reads first. Use `--mode review`
|
|
137
149
|
when you are ready to create proposal tools and guarded writeback setup.
|
|
@@ -141,9 +153,10 @@ The wizard:
|
|
|
141
153
|
- asks for the engine and read URL environment-variable name;
|
|
142
154
|
- tests read connectivity through schema inspection;
|
|
143
155
|
- lists discovered schemas and tables/views;
|
|
144
|
-
- asks
|
|
145
|
-
|
|
146
|
-
|
|
156
|
+
- asks which source object backs the local context;
|
|
157
|
+
- asks which tenant/scope column and backend session env vars are trusted;
|
|
158
|
+
- asks you to confirm primary key, conflict/version column, visible columns,
|
|
159
|
+
mode, semantic capability names, and proposal patch mappings;
|
|
147
160
|
- previews the MCP tools and what is not exposed;
|
|
148
161
|
- writes the generated config, `.env.example`, and MCP client snippets only
|
|
149
162
|
after final confirmation.
|
|
@@ -161,7 +174,7 @@ If you already know the reviewed table/action, generate config directly from
|
|
|
161
174
|
metadata and explicit flags:
|
|
162
175
|
|
|
163
176
|
```bash
|
|
164
|
-
npx -y -p @synapsor/runner@alpha synapsor init \
|
|
177
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner init \
|
|
165
178
|
--from-env DATABASE_URL \
|
|
166
179
|
--engine postgres \
|
|
167
180
|
--schema public \
|
|
@@ -180,7 +193,7 @@ npx -y -p @synapsor/runner@alpha synapsor init \
|
|
|
180
193
|
Or generate from a saved inspection snapshot without reconnecting:
|
|
181
194
|
|
|
182
195
|
```bash
|
|
183
|
-
npx -y -p @synapsor/runner@alpha synapsor init \
|
|
196
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner init \
|
|
184
197
|
--inspection-json schema-inspection.json \
|
|
185
198
|
--table invoices \
|
|
186
199
|
--namespace billing \
|
|
@@ -248,7 +261,7 @@ contain database URLs or passwords.
|
|
|
248
261
|
## 6. Generate runner files
|
|
249
262
|
|
|
250
263
|
```bash
|
|
251
|
-
npx -y -p @synapsor/runner@alpha synapsor init \
|
|
264
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner init \
|
|
252
265
|
--spec onboarding-selection.json \
|
|
253
266
|
--non-interactive
|
|
254
267
|
```
|
|
@@ -268,10 +281,10 @@ files.
|
|
|
268
281
|
Generate or refresh MCP client snippets later with:
|
|
269
282
|
|
|
270
283
|
```bash
|
|
271
|
-
npx -y -p @synapsor/runner@alpha synapsor mcp config generic --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
272
|
-
npx -y -p @synapsor/runner@alpha synapsor mcp config claude-desktop --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
273
|
-
npx -y -p @synapsor/runner@alpha synapsor mcp config cursor --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
274
|
-
npx -y -p @synapsor/runner@alpha synapsor tools preview --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
284
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner mcp config generic --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
285
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner mcp config claude-desktop --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
286
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner mcp config cursor --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
287
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner tools preview --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
275
288
|
```
|
|
276
289
|
|
|
277
290
|
The snippets contain the local command and args. They must not contain database
|
|
@@ -280,8 +293,8 @@ URLs, passwords, approval tools, commit tools, or write credentials.
|
|
|
280
293
|
## 7. Validate the config
|
|
281
294
|
|
|
282
295
|
```bash
|
|
283
|
-
npx -y -p @synapsor/runner@alpha synapsor config validate --config synapsor.runner.json
|
|
284
|
-
npx -y -p @synapsor/runner@alpha synapsor config show --config synapsor.runner.json --redacted
|
|
296
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner config validate --config synapsor.runner.json
|
|
297
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner config show --config synapsor.runner.json --redacted
|
|
285
298
|
```
|
|
286
299
|
|
|
287
300
|
The config stores environment-variable names, not connection-string values.
|
|
@@ -289,7 +302,7 @@ The config stores environment-variable names, not connection-string values.
|
|
|
289
302
|
Run doctor after setting the referenced environment variables:
|
|
290
303
|
|
|
291
304
|
```bash
|
|
292
|
-
npx -y -p @synapsor/runner@alpha synapsor doctor --config synapsor.runner.json
|
|
305
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner doctor --config synapsor.runner.json
|
|
293
306
|
```
|
|
294
307
|
|
|
295
308
|
Doctor validates config shape, trusted context env vars, source env vars,
|
|
@@ -297,17 +310,36 @@ read/write credential separation, table/column metadata when the read URL is
|
|
|
297
310
|
available, and the semantic MCP tool boundary. Use JSON for automation:
|
|
298
311
|
|
|
299
312
|
```bash
|
|
300
|
-
npx -y -p @synapsor/runner@alpha synapsor doctor --config synapsor.runner.json --json
|
|
313
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner doctor --config synapsor.runner.json --json
|
|
301
314
|
```
|
|
302
315
|
|
|
303
316
|
## 8. Serve semantic MCP tools
|
|
304
317
|
|
|
318
|
+
Use stdio when a local MCP client can launch Synapsor Runner:
|
|
319
|
+
|
|
320
|
+
```bash
|
|
321
|
+
export SYNAPSOR_TENANT_ID="acme"
|
|
322
|
+
export SYNAPSOR_PRINCIPAL="local_operator"
|
|
323
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner mcp serve --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
324
|
+
```
|
|
325
|
+
|
|
326
|
+
Use HTTP when an app/server agent connects to a long-running Runner process:
|
|
327
|
+
|
|
305
328
|
```bash
|
|
306
329
|
export SYNAPSOR_TENANT_ID="acme"
|
|
307
330
|
export SYNAPSOR_PRINCIPAL="local_operator"
|
|
308
|
-
|
|
331
|
+
export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-local-token"
|
|
332
|
+
|
|
333
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner mcp serve-http \
|
|
334
|
+
--config ./synapsor.runner.json \
|
|
335
|
+
--store ./.synapsor/local.db \
|
|
336
|
+
--auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
|
|
309
337
|
```
|
|
310
338
|
|
|
339
|
+
HTTP defaults to `127.0.0.1:8765` and requires bearer auth by default. Use
|
|
340
|
+
private networking/TLS before exposing it beyond localhost. See
|
|
341
|
+
[HTTP MCP](http-mcp.md).
|
|
342
|
+
|
|
311
343
|
The model-facing MCP server exposes semantic tools such as:
|
|
312
344
|
|
|
313
345
|
```text
|
|
@@ -325,10 +357,10 @@ tools, commit tools, database URLs, write credentials, or tenant authority.
|
|
|
325
357
|
Proposal tools leave the source database unchanged. Review locally:
|
|
326
358
|
|
|
327
359
|
```bash
|
|
328
|
-
npx -y -p @synapsor/runner@alpha synapsor proposals list --store ./.synapsor/local.db
|
|
329
|
-
npx -y -p @synapsor/runner@alpha synapsor proposals show wrp_123 --store ./.synapsor/local.db
|
|
330
|
-
npx -y -p @synapsor/runner@alpha synapsor proposals approve wrp_123 --store ./.synapsor/local.db --actor local_reviewer --yes
|
|
331
|
-
npx -y -p @synapsor/runner@alpha synapsor proposals writeback-job wrp_123 --store ./.synapsor/local.db --output job.json
|
|
360
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner proposals list --store ./.synapsor/local.db
|
|
361
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner proposals show wrp_123 --store ./.synapsor/local.db
|
|
362
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner proposals approve wrp_123 --store ./.synapsor/local.db --actor local_reviewer --yes
|
|
363
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner proposals writeback-job wrp_123 --store ./.synapsor/local.db --output job.json
|
|
332
364
|
```
|
|
333
365
|
|
|
334
366
|
Apply through the trusted worker path with a separate writer credential:
|
|
@@ -337,7 +369,7 @@ Apply through the trusted worker path with a separate writer credential:
|
|
|
337
369
|
export SYNAPSOR_DATABASE_WRITE_URL="<postgres-or-mysql-write-url>"
|
|
338
370
|
SYNAPSOR_ENGINE=postgres \
|
|
339
371
|
SYNAPSOR_DATABASE_URL="$SYNAPSOR_DATABASE_WRITE_URL" \
|
|
340
|
-
npx -y -p @synapsor/runner@alpha synapsor apply --job job.json --config synapsor.runner.json --store ./.synapsor/local.db
|
|
372
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner apply --job job.json --config synapsor.runner.json --store ./.synapsor/local.db
|
|
341
373
|
```
|
|
342
374
|
|
|
343
375
|
If your application/API should own the business write, use an `http_handler`
|
|
@@ -346,16 +378,16 @@ from environment variables, and the handler receives a structured proposal/job
|
|
|
346
378
|
payload, not arbitrary model SQL:
|
|
347
379
|
|
|
348
380
|
```bash
|
|
349
|
-
npx -y -p @synapsor/runner@alpha synapsor apply --proposal wrp_123 --config synapsor.runner.json --store ./.synapsor/local.db
|
|
381
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner apply --proposal wrp_123 --config synapsor.runner.json --store ./.synapsor/local.db
|
|
350
382
|
```
|
|
351
383
|
|
|
352
|
-
See
|
|
384
|
+
See [Writeback Executors](writeback-executors.md).
|
|
353
385
|
|
|
354
386
|
Replay afterward:
|
|
355
387
|
|
|
356
388
|
```bash
|
|
357
|
-
npx -y -p @synapsor/runner@alpha synapsor replay show wrp_123 --store ./.synapsor/local.db
|
|
358
|
-
npx -y -p @synapsor/runner@alpha synapsor replay export wrp_123 --store ./.synapsor/local.db --output replay.json
|
|
389
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner replay show wrp_123 --store ./.synapsor/local.db
|
|
390
|
+
npx -y -p @synapsor/runner@alpha synapsor-runner replay export wrp_123 --store ./.synapsor/local.db --output replay.json
|
|
359
391
|
```
|
|
360
392
|
|
|
361
393
|
## Boundary
|
package/docs/http-mcp.md
ADDED
|
@@ -0,0 +1,200 @@
|
|
|
1
|
+
# HTTP MCP
|
|
2
|
+
|
|
3
|
+
Use HTTP MCP when an app, server-side agent, container, or Python/Node process
|
|
4
|
+
needs to connect to a long-running Synapsor Runner service.
|
|
5
|
+
|
|
6
|
+
Use stdio MCP when a local MCP client such as Claude Desktop, Cursor, or a
|
|
7
|
+
local agent tool can launch Synapsor Runner directly.
|
|
8
|
+
|
|
9
|
+
## Start The HTTP Server
|
|
10
|
+
|
|
11
|
+
```bash
|
|
12
|
+
export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-local-token"
|
|
13
|
+
|
|
14
|
+
synapsor-runner mcp serve-http \
|
|
15
|
+
--host 127.0.0.1 \
|
|
16
|
+
--port 8765 \
|
|
17
|
+
--config ./synapsor.runner.json \
|
|
18
|
+
--store ./.synapsor/local.db \
|
|
19
|
+
--auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
Defaults:
|
|
23
|
+
|
|
24
|
+
```text
|
|
25
|
+
host: 127.0.0.1
|
|
26
|
+
port: 8765
|
|
27
|
+
auth: bearer token required
|
|
28
|
+
cors: disabled
|
|
29
|
+
```
|
|
30
|
+
|
|
31
|
+
Startup output prints the URL, config path, store path, and token environment
|
|
32
|
+
variable name. It does not print token values or database URLs.
|
|
33
|
+
|
|
34
|
+
## Health Check
|
|
35
|
+
|
|
36
|
+
```bash
|
|
37
|
+
curl -i http://127.0.0.1:8765/healthz
|
|
38
|
+
```
|
|
39
|
+
|
|
40
|
+
The health endpoint is secret-free:
|
|
41
|
+
|
|
42
|
+
```json
|
|
43
|
+
{
|
|
44
|
+
"ok": true,
|
|
45
|
+
"transport": "http",
|
|
46
|
+
"tools": 1,
|
|
47
|
+
"mode": "read_only"
|
|
48
|
+
}
|
|
49
|
+
```
|
|
50
|
+
|
|
51
|
+
## List Tools
|
|
52
|
+
|
|
53
|
+
Unauthorized requests fail:
|
|
54
|
+
|
|
55
|
+
```bash
|
|
56
|
+
curl -i \
|
|
57
|
+
-H "Content-Type: application/json" \
|
|
58
|
+
-d '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}' \
|
|
59
|
+
http://127.0.0.1:8765/mcp
|
|
60
|
+
```
|
|
61
|
+
|
|
62
|
+
Authorized requests include the bearer token:
|
|
63
|
+
|
|
64
|
+
```bash
|
|
65
|
+
curl -i \
|
|
66
|
+
-H "Authorization: Bearer dev-local-token" \
|
|
67
|
+
-H "Content-Type: application/json" \
|
|
68
|
+
-d '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}' \
|
|
69
|
+
http://127.0.0.1:8765/mcp
|
|
70
|
+
```
|
|
71
|
+
|
|
72
|
+
The tool catalog should contain semantic tools such as:
|
|
73
|
+
|
|
74
|
+
```text
|
|
75
|
+
billing.inspect_invoice
|
|
76
|
+
billing.propose_late_fee_waiver
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
It should not contain:
|
|
80
|
+
|
|
81
|
+
```text
|
|
82
|
+
execute_sql
|
|
83
|
+
raw_sql
|
|
84
|
+
approval tools
|
|
85
|
+
commit/apply tools
|
|
86
|
+
database URLs
|
|
87
|
+
write credentials
|
|
88
|
+
model-controlled tenant authority
|
|
89
|
+
arbitrary table or column names
|
|
90
|
+
```
|
|
91
|
+
|
|
92
|
+
## Call A Tool
|
|
93
|
+
|
|
94
|
+
```bash
|
|
95
|
+
curl -i \
|
|
96
|
+
-H "Authorization: Bearer dev-local-token" \
|
|
97
|
+
-H "Content-Type: application/json" \
|
|
98
|
+
-d '{
|
|
99
|
+
"jsonrpc": "2.0",
|
|
100
|
+
"id": 2,
|
|
101
|
+
"method": "tools/call",
|
|
102
|
+
"params": {
|
|
103
|
+
"name": "billing.inspect_invoice",
|
|
104
|
+
"arguments": { "invoice_id": "INV-3001" }
|
|
105
|
+
}
|
|
106
|
+
}' \
|
|
107
|
+
http://127.0.0.1:8765/mcp
|
|
108
|
+
```
|
|
109
|
+
|
|
110
|
+
The response includes scoped data, trusted context, evidence handles, and
|
|
111
|
+
`source_database_mutated: false`. The agent still does not receive SQL,
|
|
112
|
+
database credentials, or approval/commit authority.
|
|
113
|
+
|
|
114
|
+
## Read Evidence Or Replay Resources
|
|
115
|
+
|
|
116
|
+
Use `resources/read` with a `synapsor://...` handle returned by a tool call:
|
|
117
|
+
|
|
118
|
+
```bash
|
|
119
|
+
curl -i \
|
|
120
|
+
-H "Authorization: Bearer dev-local-token" \
|
|
121
|
+
-H "Content-Type: application/json" \
|
|
122
|
+
-d '{
|
|
123
|
+
"jsonrpc": "2.0",
|
|
124
|
+
"id": 3,
|
|
125
|
+
"method": "resources/read",
|
|
126
|
+
"params": { "uri": "synapsor://evidence/ev_..." }
|
|
127
|
+
}' \
|
|
128
|
+
http://127.0.0.1:8765/mcp
|
|
129
|
+
```
|
|
130
|
+
|
|
131
|
+
## CORS
|
|
132
|
+
|
|
133
|
+
CORS is disabled by default. If a local browser app needs access during
|
|
134
|
+
development, allow one explicit origin:
|
|
135
|
+
|
|
136
|
+
```bash
|
|
137
|
+
synapsor-runner mcp serve-http \
|
|
138
|
+
--config ./synapsor.runner.json \
|
|
139
|
+
--store ./.synapsor/local.db \
|
|
140
|
+
--cors-origin http://localhost:3000
|
|
141
|
+
```
|
|
142
|
+
|
|
143
|
+
Do not use wildcard CORS for a model-facing database tool service.
|
|
144
|
+
|
|
145
|
+
## Network Exposure
|
|
146
|
+
|
|
147
|
+
Synapsor Runner binds to `127.0.0.1` by default.
|
|
148
|
+
|
|
149
|
+
If you explicitly bind to all interfaces:
|
|
150
|
+
|
|
151
|
+
```bash
|
|
152
|
+
synapsor-runner mcp serve-http --host 0.0.0.0
|
|
153
|
+
```
|
|
154
|
+
|
|
155
|
+
the CLI prints a warning. Treat this as a production-like service:
|
|
156
|
+
|
|
157
|
+
- keep bearer auth enabled;
|
|
158
|
+
- use TLS or a trusted reverse proxy;
|
|
159
|
+
- prefer private networking;
|
|
160
|
+
- add rate limits and request-size limits at the edge;
|
|
161
|
+
- do not log request bodies by default;
|
|
162
|
+
- rotate the bearer token if it is exposed.
|
|
163
|
+
|
|
164
|
+
`--dev-no-auth` is accepted only on `localhost` or `127.0.0.1`. It fails closed
|
|
165
|
+
with `--host 0.0.0.0`.
|
|
166
|
+
|
|
167
|
+
## Trusted Context
|
|
168
|
+
|
|
169
|
+
Tenant and principal values must come from trusted configuration such as
|
|
170
|
+
environment variables or a server-side session. HTTP request arguments cannot
|
|
171
|
+
override trusted fields such as:
|
|
172
|
+
|
|
173
|
+
```text
|
|
174
|
+
tenant_id
|
|
175
|
+
principal
|
|
176
|
+
principal_id
|
|
177
|
+
project_id
|
|
178
|
+
source_id
|
|
179
|
+
allowed_columns
|
|
180
|
+
approval_identity
|
|
181
|
+
```
|
|
182
|
+
|
|
183
|
+
Use `read_only` mode first. Proposal/review mode should use a separate trusted
|
|
184
|
+
write path and a separate write credential. The model-facing HTTP MCP endpoint
|
|
185
|
+
must not receive write credentials.
|
|
186
|
+
|
|
187
|
+
## OpenAI Agents SDK
|
|
188
|
+
|
|
189
|
+
See:
|
|
190
|
+
|
|
191
|
+
```text
|
|
192
|
+
examples/openai-agents-http/
|
|
193
|
+
examples/openai-agents-stdio/
|
|
194
|
+
```
|
|
195
|
+
|
|
196
|
+
The stdio example uses the MCP client integration from the OpenAI Agents SDK
|
|
197
|
+
when available. The HTTP example uses a minimal JSON-RPC client wrapped as an
|
|
198
|
+
OpenAI function tool because native HTTP MCP client support can vary by SDK
|
|
199
|
+
version. The boundary is the same: the agent calls a semantic Synapsor tool,
|
|
200
|
+
not raw SQL.
|