@synapsor/runner 0.1.0-alpha.4 → 0.1.0-alpha.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. package/README.md +211 -43
  2. package/dist/cli.d.ts.map +1 -1
  3. package/dist/runner.mjs +912 -90
  4. package/docs/README.md +32 -54
  5. package/docs/getting-started-own-database.md +68 -36
  6. package/docs/http-mcp.md +200 -0
  7. package/docs/local-mode.md +71 -35
  8. package/docs/mcp-audit.md +11 -15
  9. package/docs/mcp-client-setup.md +48 -9
  10. package/docs/recipes.md +6 -6
  11. package/docs/security-boundary.md +1 -1
  12. package/docs/troubleshooting-first-run.md +6 -6
  13. package/docs/writeback-executors.md +1 -1
  14. package/examples/openai-agents-http/README.md +55 -0
  15. package/examples/openai-agents-http/agent.py +90 -0
  16. package/examples/openai-agents-http/requirements.txt +1 -0
  17. package/examples/openai-agents-stdio/README.md +62 -0
  18. package/examples/openai-agents-stdio/agent.py +70 -0
  19. package/examples/openai-agents-stdio/requirements.txt +1 -0
  20. package/examples/reference-support-billing-app/README.md +17 -17
  21. package/package.json +3 -2
  22. package/docs/MCP_RUNNER_IMPLEMENTATION_PLAN.md +0 -187
  23. package/docs/architecture.md +0 -65
  24. package/docs/capability-config.md +0 -180
  25. package/docs/cloud-mode.md +0 -140
  26. package/docs/config-migrations.md +0 -67
  27. package/docs/demo-transcript.md +0 -161
  28. package/docs/dependency-license-inventory.md +0 -35
  29. package/docs/first-10-minutes.md +0 -172
  30. package/docs/licensing.md +0 -38
  31. package/docs/local-ui.md +0 -163
  32. package/docs/mcp-efficiency-benchmark.md +0 -84
  33. package/docs/open-source-feature-inventory.md +0 -254
  34. package/docs/operations.md +0 -38
  35. package/docs/own-db-20-minutes.md +0 -185
  36. package/docs/production-readiness.md +0 -39
  37. package/docs/protocol.md +0 -90
  38. package/docs/roadmap.md +0 -13
  39. package/docs/schema-inspection.md +0 -88
  40. package/docs/shadow-mode.md +0 -67
  41. package/docs/telemetry.md +0 -28
  42. package/docs/threat-model.md +0 -25
  43. package/docs/trusted-context.md +0 -70
@@ -1,180 +0,0 @@
1
- # Local capability config
2
-
3
- Synapsor Runner uses a strict JSON capability config for local MCP/database safety work.
4
-
5
- YAML can be added later, but the first supported format is JSON so the runtime can validate untrusted config without adding a parser dependency.
6
-
7
- Capabilities are not hardcoded into the runtime. The MCP server exposes only
8
- the reviewed `capabilities` listed in `synapsor.runner.json`, or the tool
9
- catalog returned by Synapsor Cloud in `cloud` mode. The billing examples in
10
- this document are examples only; use your own namespace, object names, tables,
11
- columns, patch mappings, and approval roles.
12
-
13
- Synapsor Runner does not implement full Synapsor workflows or
14
- `CREATE AGENT WORKFLOW` in v0.1. It models the local commit-safety loop for
15
- reviewed read/proposal capabilities.
16
-
17
- ## Goals
18
-
19
- The config defines reviewed semantic capabilities. It must not define arbitrary SQL tools.
20
-
21
- The validator rejects:
22
-
23
- - raw SQL fields such as `sql`, `raw_sql`, `statement`, or `query_sql`;
24
- - inline database URLs or connection strings;
25
- - model-facing args named like `tenant_id`, `principal`, `source_id`, `allowed_columns`, `row_version`, `schema`, `table`, or `column`;
26
- - missing primary-key target;
27
- - missing tenant guard unless `target.single_tenant_dev` is explicitly true;
28
- - proposal capabilities with no `allowed_columns`;
29
- - proposal capabilities with no fixed patch mapping;
30
- - proposal capabilities with no conflict guard unless a weak-guard exception is explicitly acknowledged;
31
- - unknown fields when strict mode is enabled.
32
-
33
- ## Example
34
-
35
- ```json
36
- {
37
- "version": 1,
38
- "mode": "review",
39
- "storage": {
40
- "sqlite_path": "./.synapsor/local.db"
41
- },
42
- "sources": {
43
- "app_postgres": {
44
- "engine": "postgres",
45
- "read_url_env": "APP_POSTGRES_READ_URL",
46
- "write_url_env": "APP_POSTGRES_WRITE_URL",
47
- "statement_timeout_ms": 3000
48
- }
49
- },
50
- "trusted_context": {
51
- "provider": "environment",
52
- "values": {
53
- "tenant_id_env": "SYNAPSOR_TENANT_ID",
54
- "principal_env": "SYNAPSOR_PRINCIPAL"
55
- }
56
- },
57
- "contexts": {
58
- "local_billing_operator": {
59
- "provider": "environment",
60
- "values": {
61
- "tenant_id_env": "SYNAPSOR_TENANT_ID",
62
- "principal_env": "SYNAPSOR_PRINCIPAL"
63
- }
64
- }
65
- },
66
- "executors": {
67
- "billing_api": {
68
- "type": "http_handler",
69
- "url_env": "SYNAPSOR_BILLING_HANDLER_URL",
70
- "method": "POST",
71
- "auth": {
72
- "type": "bearer_env",
73
- "token_env": "SYNAPSOR_BILLING_HANDLER_TOKEN"
74
- },
75
- "timeout_ms": 5000
76
- }
77
- },
78
- "capabilities": [
79
- {
80
- "name": "billing.inspect_invoice",
81
- "kind": "read",
82
- "source": "app_postgres",
83
- "context": "local_billing_operator",
84
- "target": {
85
- "schema": "public",
86
- "table": "invoices",
87
- "primary_key": "id",
88
- "tenant_key": "tenant_id"
89
- },
90
- "args": {
91
- "invoice_id": {
92
- "type": "string",
93
- "required": true,
94
- "max_length": 128
95
- }
96
- },
97
- "lookup": {
98
- "id_from_arg": "invoice_id"
99
- },
100
- "visible_columns": ["id", "late_fee_cents", "waiver_reason", "updated_at"],
101
- "evidence": "required",
102
- "max_rows": 1
103
- },
104
- {
105
- "name": "billing.propose_late_fee_waiver",
106
- "kind": "proposal",
107
- "source": "app_postgres",
108
- "context": "local_billing_operator",
109
- "executor": "billing_api",
110
- "target": {
111
- "schema": "public",
112
- "table": "invoices",
113
- "primary_key": "id",
114
- "tenant_key": "tenant_id"
115
- },
116
- "args": {
117
- "invoice_id": {
118
- "type": "string",
119
- "required": true,
120
- "max_length": 128
121
- },
122
- "reason": {
123
- "type": "string",
124
- "required": true,
125
- "max_length": 500
126
- }
127
- },
128
- "lookup": {
129
- "id_from_arg": "invoice_id"
130
- },
131
- "visible_columns": ["id", "late_fee_cents", "waiver_reason", "updated_at"],
132
- "evidence": "required",
133
- "max_rows": 1,
134
- "patch": {
135
- "late_fee_cents": {
136
- "fixed": 0
137
- },
138
- "waiver_reason": {
139
- "from_arg": "reason"
140
- }
141
- },
142
- "allowed_columns": ["late_fee_cents", "waiver_reason"],
143
- "conflict_guard": {
144
- "column": "updated_at"
145
- },
146
- "approval": {
147
- "mode": "human",
148
- "required_role": "support_lead"
149
- }
150
- }
151
- ]
152
- }
153
- ```
154
-
155
- ## Trusted context
156
-
157
- Supported providers:
158
-
159
- - `static_dev`: local/demo only; validator emits a warning.
160
- - `environment`: reads trusted values from environment variables owned by the launching process.
161
- - `http_claims`: reserved for authenticated HTTP deployments that verify claims before binding context.
162
- - `cloud_session`: reserved for Cloud-linked mode with scoped runner/session context.
163
-
164
- Model-facing tool arguments cannot override trusted context.
165
-
166
- `contexts` is the preferred shape for larger configs. A capability with
167
- `context: "local_billing_operator"` uses that named context. A capability
168
- without `context` falls back to the global `trusted_context` for backward
169
- compatibility. A missing named context fails validation.
170
-
171
- ## Writeback executors
172
-
173
- Proposal capabilities default to `sql_update`, which means the trusted runner
174
- applies one guarded single-row `UPDATE` after approval. Set
175
- `executor: "billing_api"` to route approved proposals to a configured
176
- `http_handler` or `command_handler` instead.
177
-
178
- Executor URLs, commands, bearer tokens, and database credentials must be
179
- environment-variable references. They are never model-facing MCP arguments and
180
- are redacted from CLI/UI output. See `docs/writeback-executors.md`.
@@ -1,140 +0,0 @@
1
- # Cloud Mode
2
-
3
- Cloud mode connects the local Synapsor Runner to Synapsor Cloud without sending database credentials to Cloud.
4
-
5
- Command examples use the public `synapsor ...` runner CLI. From a source
6
- checkout, use `./bin/synapsor ...` if the global binary is not linked yet. Do
7
- not use the separate hosted Synapsor Cloud CLI for these local runner commands.
8
-
9
- ```text
10
- MCP client
11
- -> local Synapsor Runner MCP server
12
- -> Synapsor Cloud adapter/capability API
13
- -> Cloud evidence/proposal/approval/replay
14
- -> approved writeback job
15
- -> local guarded runner
16
- -> Postgres/MySQL
17
- ```
18
-
19
- ## What Cloud Owns
20
-
21
- - Reviewed adapter tool catalog.
22
- - Capability invocation envelope.
23
- - Evidence handles.
24
- - Proposal state.
25
- - Approval queue.
26
- - Writeback job leases.
27
- - Hosted replay and activity search.
28
- - Runner status, scopes, and receipts.
29
-
30
- ## What Stays Local
31
-
32
- - Postgres/MySQL read and write credentials.
33
- - Database network access.
34
- - Guarded writeback transaction.
35
- - Receipt table in the target database.
36
- - Local runner process logs and diagnostics.
37
-
38
- ## Config Shape
39
-
40
- Cloud mode uses the same MCP server command with a `mode: "cloud"` config:
41
-
42
- ```json
43
- {
44
- "version": 1,
45
- "mode": "cloud",
46
- "storage": {
47
- "sqlite_path": "./.synapsor/local.db"
48
- },
49
- "trusted_context": {
50
- "provider": "cloud_session"
51
- },
52
- "cloud": {
53
- "base_url_env": "SYNAPSOR_CLOUD_BASE_URL",
54
- "runner_token_env": "SYNAPSOR_RUNNER_TOKEN",
55
- "runner_id": "synapsor_runner_local",
56
- "runner_version": "0.1.0-alpha.4",
57
- "project_id": "token_scope",
58
- "adapter_id": "mcp.your_adapter",
59
- "source_id": "src_replace_me",
60
- "engines": ["postgres"],
61
- "capabilities": ["adapter:read", "adapter:invoke", "writeback:claim", "writeback:complete"],
62
- "session": {
63
- "tenant_id": "acme"
64
- }
65
- }
66
- }
67
- ```
68
-
69
- Run:
70
-
71
- ```bash
72
- SYNAPSOR_CLOUD_BASE_URL="https://api.synapsor.ai" \
73
- SYNAPSOR_RUNNER_TOKEN="syn_wbr_..." \
74
- npx -y -p @synapsor/runner@alpha synapsor mcp serve --config ./synapsor.cloud.json
75
- ```
76
-
77
- Validate the Cloud runner token and source scope before serving tools:
78
-
79
- ```bash
80
- SYNAPSOR_CLOUD_BASE_URL="https://api.synapsor.ai" \
81
- SYNAPSOR_RUNNER_TOKEN="syn_wbr_..." \
82
- npx -y -p @synapsor/runner@alpha synapsor cloud connect --config ./synapsor.cloud.json
83
- ```
84
-
85
- `cloud connect` verifies the runner token, registers the runner id/version, sends engine/capability/source metadata, and posts an initial heartbeat. It does not send Postgres/MySQL URLs, passwords, write credentials, prompts, or table data. The `project_id` field may be the literal `token_scope` because Synapsor Cloud validates the real project/source from the scoped runner token.
86
-
87
- The runner token should be scoped to adapter read/invoke and writeback claim/result reporting for the intended source. It should not grant proposal approval permission.
88
-
89
- ## Tool Calls
90
-
91
- In Cloud mode, the local MCP server fetches the adapter tool catalog from Synapsor Cloud and delegates tool calls to Cloud adapter APIs. The returned result remains structured and must not expose raw SQL or database credentials.
92
-
93
- ## Hosted Compatibility Check
94
-
95
- After you have a compatible Cloud workspace, external source, MCP adapter, and
96
- scoped runner token, verify the hosted adapter/tool path:
97
-
98
- ```bash
99
- SYNAPSOR_CLOUD_BASE_URL="https://synapsor.ai" \
100
- SYNAPSOR_RUNNER_TOKEN="syn_wbr_..." \
101
- SYNAPSOR_SOURCE_ID="src_..." \
102
- SYNAPSOR_ADAPTER_ID="mcp.your_adapter" \
103
- SYNAPSOR_MCP_TOOL_NAME="your_namespace.propose_your_object_update" \
104
- SYNAPSOR_MCP_TOOL_INPUT_JSON='{"object_id":"replace-me","reason":"reviewed change"}' \
105
- corepack pnpm verify:hosted-cloud-linked
106
- ```
107
-
108
- That command checks runner-token auth, runner registration, heartbeat, adapter
109
- `tools/list`, semantic tool invocation, proposal/evidence/replay linkage, and
110
- that the tool response does not report source mutation before trusted
111
- writeback. It never creates runner tokens and never prints token values.
112
-
113
- To claim and apply one already approved writeback job through the guarded local
114
- adapter, add:
115
-
116
- ```bash
117
- SYNAPSOR_HOSTED_E2E_APPLY_JOB=1
118
- SYNAPSOR_ENGINE="postgres|mysql"
119
- SYNAPSOR_DATABASE_URL="postgresql://..."
120
- ```
121
-
122
- Use the trusted worker credential in `SYNAPSOR_DATABASE_URL`. Do not put that
123
- credential in an MCP client config or model-facing tool definition.
124
-
125
- ## Writeback
126
-
127
- The model-facing tool call creates or returns Cloud-managed proposal state. The external database is unchanged until:
128
-
129
- 1. a human or deterministic Cloud policy approves the exact proposal version/hash;
130
- 2. Cloud creates an approved writeback job;
131
- 3. the scoped runner claims the job;
132
- 4. the local worker applies a guarded single-row update;
133
- 5. the runner returns an applied/conflict/failed receipt.
134
-
135
- ## Current Limits
136
-
137
- - Cloud mode requires a compatible Synapsor Cloud deployment and runner token.
138
- - Local and Cloud histories are separate unless an explicit import feature is added later.
139
- - Streamable HTTP transport is not enabled by default; stdio is the primary local MCP transport.
140
- - Approval remains outside model-callable MCP tools.
@@ -1,67 +0,0 @@
1
- # Config Migrations
2
-
3
- Synapsor Runner config files are versioned with `version: 1`.
4
-
5
- Command examples use the public `synapsor ...` runner CLI. From a source
6
- checkout, use `./bin/synapsor ...` if the global binary is not linked yet.
7
-
8
- Current behavior:
9
-
10
- - `synapsor config validate` validates the current schema;
11
- - `synapsor config show --redacted` prints a secret-safe view;
12
- - `synapsor config migrate` checks whether the config is already current;
13
- - `synapsor init --spec onboarding-selection.json --non-interactive` generates
14
- a version 1 config from reviewed selections.
15
-
16
- The current alpha keeps `version: 1` and adds optional fields without requiring
17
- a file rewrite:
18
-
19
- - `contexts` lets capabilities reference named trusted context bindings;
20
- - `capabilities[].context` selects one of those named contexts;
21
- - `executors` and `capabilities[].executor` select `sql_update`,
22
- `http_handler`, or `command_handler` writeback execution.
23
-
24
- Existing `trusted_context` configs remain valid. If both global
25
- `trusted_context` and a named capability context exist, the capability-level
26
- context wins for that capability. Missing context or executor references fail
27
- validation.
28
-
29
- Because version 1 is the only supported schema today, migration is conservative:
30
-
31
- ```bash
32
- npx -y -p @synapsor/runner@alpha synapsor config migrate --config synapsor.runner.json
33
- ```
34
-
35
- prints that the config is already current and writes nothing.
36
-
37
- To write a normalized copy:
38
-
39
- ```bash
40
- npx -y -p @synapsor/runner@alpha synapsor config migrate \
41
- --config synapsor.runner.json \
42
- --output migrated.json \
43
- --yes
44
- ```
45
-
46
- To rewrite in place, the command requires an explicit write and creates a
47
- timestamped backup:
48
-
49
- ```bash
50
- npx -y -p @synapsor/runner@alpha synapsor config migrate \
51
- --config synapsor.runner.json \
52
- --write \
53
- --yes
54
- ```
55
-
56
- The migration command rejects invalid configs and unsupported versions. It does
57
- not silently reinterpret an old config as broader authority.
58
-
59
- Future migrations should follow these rules:
60
-
61
- - require an explicit `synapsor config migrate` command;
62
- - keep secrets out of migrated files;
63
- - preserve or narrow permissions by default;
64
- - never widen source, table, tenant, conflict, or mutable-column authority
65
- without explicit user confirmation;
66
- - write a backup before modifying a config;
67
- - test old-to-new migrations with fixtures.
@@ -1,161 +0,0 @@
1
- # Demo Transcript
2
-
3
- This transcript shows the intended public demo path. Exact timestamps, hashes,
4
- ports, and generated proposal ids vary.
5
-
6
- ## Quick demo
7
-
8
- ```bash
9
- npx -y -p @synapsor/runner@alpha synapsor demo --quick
10
- ```
11
-
12
- The local-ledger fixture output below requires this checkout or package version
13
- `0.1.0-alpha.4` or newer.
14
-
15
- Expected shape:
16
-
17
- ```text
18
- Synapsor Runner quick demo
19
-
20
- This is a fixture-only first look. It does not start Docker, connect a database,
21
- or require an MCP client. It writes an inspectable local ledger fixture to:
22
- ./.synapsor/quick-demo.db
23
-
24
- Raw MCP shape:
25
- execute_sql(sql: string)
26
- Risk: the model can write arbitrary SQL with database authority.
27
-
28
- Synapsor shape:
29
- billing.inspect_invoice(invoice_id)
30
- billing.propose_late_fee_waiver(invoice_id, reason)
31
-
32
- Agent requested:
33
- billing.propose_late_fee_waiver(invoice_id="INV-3001", reason="approved support waiver")
34
-
35
- Trusted context:
36
- tenant_id = acme
37
- principal = support.agent
38
-
39
- Proposal:
40
- invoice.late_fee_cents: 5500 -> 0
41
-
42
- Source DB changed:
43
- no
44
-
45
- Approval:
46
- required outside MCP
47
-
48
- Replay:
49
- replay_wrp_quick_INV_3001 captures the local proposal, evidence handle, query audit, and events.
50
- ```
51
-
52
- Inspect the fixture:
53
-
54
- ```bash
55
- synapsor proposals show latest --store ./.synapsor/quick-demo.db
56
- synapsor activity search --object invoice:INV-3001 --store ./.synapsor/quick-demo.db
57
- synapsor replay show latest --store ./.synapsor/quick-demo.db
58
- ```
59
-
60
- ## Full Docker-backed demo
61
-
62
- Start the disposable local Postgres demo:
63
-
64
- ```bash
65
- synapsor demo
66
- ```
67
-
68
- Expected shape:
69
-
70
- ```text
71
- Synapsor Runner demo
72
-
73
- Raw database MCP tools can hand the model SQL and write authority.
74
- Synapsor Runner exposes semantic capabilities instead:
75
- billing.inspect_invoice
76
- billing.propose_late_fee_waiver
77
-
78
- Demo flow:
79
- proposal first -> source unchanged -> approval outside MCP -> guarded writeback -> replay
80
-
81
- Starting disposable Postgres fixture...
82
- Synapsor Runner demo is ready.
83
- ```
84
-
85
- Create the proposal the MCP tool would create:
86
-
87
- ```bash
88
- synapsor propose billing.propose_late_fee_waiver --sample
89
- ```
90
-
91
- Expected shape:
92
-
93
- ```text
94
- Proposal created
95
- Capability: billing.propose_late_fee_waiver
96
- Proposal: wrp_...
97
- Status: review_required
98
- Source database changed: no
99
- ```
100
-
101
- Review and approve outside MCP:
102
-
103
- ```bash
104
- synapsor proposals show latest
105
- synapsor proposals approve latest --yes
106
- ```
107
-
108
- Apply through guarded writeback:
109
-
110
- ```bash
111
- synapsor apply latest
112
- ```
113
-
114
- Expected shape:
115
-
116
- ```text
117
- Guarded writeback applied.
118
- Proposal: wrp_...
119
- Status: applied
120
- Rows affected: 1
121
- Source database mutated: yes
122
- ```
123
-
124
- Search by business object:
125
-
126
- ```bash
127
- synapsor activity search --object invoice:INV-3001
128
- ```
129
-
130
- Expected shape:
131
-
132
- ```text
133
- Found local interactions
134
-
135
- kind: proposal
136
- capability: billing.propose_late_fee_waiver
137
- object: invoice:INV-3001
138
- proposal: wrp_...
139
- evidence: ev_...
140
- status: applied
141
- replay: replay_wrp_...
142
- ```
143
-
144
- Export a copy-pasteable review artifact:
145
-
146
- ```bash
147
- synapsor replay export --proposal wrp_... --format markdown --output replay.md
148
- ```
149
-
150
- The Markdown includes:
151
-
152
- - what the agent requested;
153
- - trusted tenant/principal context;
154
- - captured evidence and query audit;
155
- - exact proposed diff;
156
- - approval event;
157
- - guarded writeback receipt;
158
- - replay note explaining this is local captured interaction replay, not
159
- external database time travel.
160
-
161
- The full demo should show the happy path before the stale-row conflict path.
@@ -1,35 +0,0 @@
1
- # Dependency License Inventory
2
-
3
- Generated during the ELv2 migration with:
4
-
5
- ```bash
6
- corepack pnpm licenses list --json
7
- ```
8
-
9
- Summary from the current lockfile/install:
10
-
11
- | License | Package entries |
12
- | --- | ---: |
13
- | MIT | 149 |
14
- | Apache-2.0 | 4 |
15
- | BSD-3-Clause | 3 |
16
- | BSD-2-Clause | 1 |
17
- | ISC | 11 |
18
-
19
- Apache-2.0 dependency entries reported by pnpm:
20
-
21
- - `denque@2.1.0`
22
- - `expect-type@1.3.0`
23
- - `long@5.3.2`
24
- - `typescript@5.9.3`
25
-
26
- This file is an inventory summary, not a replacement for dependency license
27
- review. Third-party dependency licenses and notices are not changed by the
28
- first-party Synapsor Runner ELv2 migration.
29
-
30
- Before public release:
31
-
32
- - regenerate this inventory from a clean install;
33
- - review dependency notices with counsel or the release owner;
34
- - keep third-party notices separate from the first-party Synapsor Runner
35
- license.