@synapsor/runner 0.1.0-alpha.4 → 0.1.0-alpha.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. package/README.md +211 -43
  2. package/dist/cli.d.ts.map +1 -1
  3. package/dist/runner.mjs +912 -90
  4. package/docs/README.md +32 -54
  5. package/docs/getting-started-own-database.md +68 -36
  6. package/docs/http-mcp.md +200 -0
  7. package/docs/local-mode.md +71 -35
  8. package/docs/mcp-audit.md +11 -15
  9. package/docs/mcp-client-setup.md +48 -9
  10. package/docs/recipes.md +6 -6
  11. package/docs/security-boundary.md +1 -1
  12. package/docs/troubleshooting-first-run.md +6 -6
  13. package/docs/writeback-executors.md +1 -1
  14. package/examples/openai-agents-http/README.md +55 -0
  15. package/examples/openai-agents-http/agent.py +90 -0
  16. package/examples/openai-agents-http/requirements.txt +1 -0
  17. package/examples/openai-agents-stdio/README.md +62 -0
  18. package/examples/openai-agents-stdio/agent.py +70 -0
  19. package/examples/openai-agents-stdio/requirements.txt +1 -0
  20. package/examples/reference-support-billing-app/README.md +17 -17
  21. package/package.json +3 -2
  22. package/docs/MCP_RUNNER_IMPLEMENTATION_PLAN.md +0 -187
  23. package/docs/architecture.md +0 -65
  24. package/docs/capability-config.md +0 -180
  25. package/docs/cloud-mode.md +0 -140
  26. package/docs/config-migrations.md +0 -67
  27. package/docs/demo-transcript.md +0 -161
  28. package/docs/dependency-license-inventory.md +0 -35
  29. package/docs/first-10-minutes.md +0 -172
  30. package/docs/licensing.md +0 -38
  31. package/docs/local-ui.md +0 -163
  32. package/docs/mcp-efficiency-benchmark.md +0 -84
  33. package/docs/open-source-feature-inventory.md +0 -254
  34. package/docs/operations.md +0 -38
  35. package/docs/own-db-20-minutes.md +0 -185
  36. package/docs/production-readiness.md +0 -39
  37. package/docs/protocol.md +0 -90
  38. package/docs/roadmap.md +0 -13
  39. package/docs/schema-inspection.md +0 -88
  40. package/docs/shadow-mode.md +0 -67
  41. package/docs/telemetry.md +0 -28
  42. package/docs/threat-model.md +0 -25
  43. package/docs/trusted-context.md +0 -70
@@ -1,172 +0,0 @@
1
- # First 10 Minutes
2
-
3
- This path is for a developer who wants to understand Synapsor Runner without
4
- reading the full docs first.
5
-
6
- ## Fastest First Look
7
-
8
- If you only want the 15-second value proof and have Node >= 22.5.0:
9
-
10
- ```bash
11
- npx -y -p @synapsor/runner@alpha synapsor demo --quick
12
- ```
13
-
14
- The local-ledger quick fixture requires this checkout or package version
15
- `0.1.0-alpha.4` or newer. If `npm view @synapsor/runner@alpha version` reports
16
- an older alpha, run `./bin/synapsor demo --quick` from this checkout until the
17
- next alpha is published.
18
-
19
- That command does not require Docker, a database, a config file, an MCP client,
20
- or a Synapsor Cloud account. It seeds `./.synapsor/quick-demo.db` with a local
21
- proposal/evidence/replay fixture you can inspect:
22
-
23
- ```bash
24
- synapsor activity search --object invoice:INV-3001 --store ./.synapsor/quick-demo.db
25
- synapsor replay show latest --store ./.synapsor/quick-demo.db
26
- ```
27
-
28
- Use the Docker-backed path below when you want the full disposable
29
- Postgres/MySQL proof with guarded writeback.
30
-
31
- ## What You Need
32
-
33
- - Docker CLI.
34
- - Reachable Docker daemon.
35
- - Free local ports: `55433`, `55434`, `55435`, and `53307`.
36
- - A few GB of free disk for the local demo image and disposable databases.
37
-
38
- You do not need:
39
-
40
- - Synapsor Cloud account.
41
- - API key.
42
- - Hosted workspace.
43
- - Host Node/Corepack setup for the first command.
44
- - Database credentials.
45
-
46
- ## Run One Command
47
-
48
- ```bash
49
- ./scripts/try-synapsor.sh
50
- ```
51
-
52
- The script writes noisy logs to:
53
-
54
- ```text
55
- ./.synapsor/logs/try-synapsor-<timestamp>.log
56
- ```
57
-
58
- If something fails, it prints the failing check and the log path.
59
-
60
- ## What The Script Proves
61
-
62
- The script runs disposable Postgres and MySQL MCP examples and checks that the
63
- demo actually proves the Synapsor boundary:
64
-
65
- - MCP `tools/list` contains semantic tools.
66
- - MCP `tools/list` does not contain `execute_sql`.
67
- - The agent inspects one business row through trusted tenant scope.
68
- - The agent creates a proposal with an exact before/after diff.
69
- - The source row is unchanged after proposal creation.
70
- - Approval happens outside the model-facing MCP tool surface.
71
- - The trusted runner applies a reviewed single-row writeback or blocks a stale
72
- row conflict.
73
- - Replay exists for the proposal, evidence, approval, receipt, and conflict
74
- decision.
75
- - The first-run log does not contain database URLs, passwords, bearer tokens, or
76
- write credentials.
77
-
78
- ## The Mental Model
79
-
80
- ```text
81
- MCP client
82
- -> semantic business tool
83
- -> trusted tenant/principal context
84
- -> scoped read from Postgres/MySQL
85
- -> evidence and exact proposal diff
86
- -> local approval outside MCP
87
- -> guarded single-row writeback
88
- -> applied/conflict/failed receipt
89
- -> local replay
90
- ```
91
-
92
- The model gets inspect/propose authority. The trusted runner owns commit
93
- authority.
94
-
95
- ## Next Command 1: Open The Local UI
96
-
97
- ```bash
98
- npx -y -p @synapsor/runner@alpha synapsor ui --tour \
99
- --config ./examples/mcp-postgres-billing/synapsor.runner.json \
100
- --store ./.synapsor/local.db
101
- ```
102
-
103
- The UI binds to `127.0.0.1`, prints a local URL with a per-run token, and shows
104
- the proposal/evidence/replay loop. Approval and rejection require CSRF
105
- protection.
106
-
107
- ## Next Command 2: Run The Reference App
108
-
109
- ```bash
110
- corepack pnpm demo:reference
111
- ```
112
-
113
- The reference app uses a disposable support/billing Postgres database and proves:
114
-
115
- - semantic MCP tools;
116
- - source DB unchanged after proposal;
117
- - approval outside MCP;
118
- - guarded writeback;
119
- - stale-row conflict;
120
- - replay export.
121
-
122
- ## Next Command 3: Generate MCP Client Config
123
-
124
- ```bash
125
- npx -y -p @synapsor/runner@alpha synapsor mcp config claude-desktop \
126
- --absolute-paths \
127
- --config ./examples/mcp-postgres-billing/synapsor.runner.json \
128
- --store ./.synapsor/local.db
129
- ```
130
-
131
- Paste the printed JSON into your MCP client settings. The config contains
132
- command paths only. It must not contain database URLs, passwords, approval
133
- tools, commit tools, or write credentials.
134
-
135
- Verify the configured tool boundary with:
136
-
137
- ```bash
138
- npx -y -p @synapsor/runner@alpha synapsor tools preview \
139
- --config ./examples/mcp-postgres-billing/synapsor.runner.json \
140
- --store ./.synapsor/local.db
141
- ```
142
-
143
- ## Next Command 4: Use Your Own Staging Database
144
-
145
- After the fixture demo makes sense, point the local runtime at one staging
146
- Postgres/MySQL database:
147
-
148
- ```bash
149
- export DATABASE_URL="<postgres-or-mysql-read-url>"
150
- ./scripts/use-your-db.sh
151
- ```
152
-
153
- The wrapper inspects metadata, opens the guided config wizard, previews the MCP
154
- tool boundary, and prints the serve/UI commands. It does not print your
155
- database URL or write credentials.
156
-
157
- ## Reset
158
-
159
- If a prior run left stale containers, ports, logs, or local stores:
160
-
161
- ```bash
162
- ./scripts/try-synapsor.sh --reset
163
- ```
164
-
165
- For noninteractive cleanup in CI:
166
-
167
- ```bash
168
- ./scripts/try-synapsor.sh --reset --yes
169
- ```
170
-
171
- The reset path removes demo containers, demo volumes, temporary local stores,
172
- generated MCP snippets under `.synapsor/mcp`, and first-run logs.
package/docs/licensing.md DELETED
@@ -1,38 +0,0 @@
1
- # Licensing
2
-
3
- Synapsor Runner is open source under the Apache License 2.0 (`Apache-2.0`).
4
-
5
- This page is a plain-English summary, not legal advice. If this summary
6
- conflicts with `../LICENSE`, the `LICENSE` file controls.
7
-
8
- Apache-2.0 applies to the code in this runner repository. It grants copyright
9
- and patent rights under the license terms.
10
-
11
- Apache-2.0 does not grant trademark rights. The Synapsor name, Synapsor Runner
12
- name, logos, hosted Cloud service, and proprietary Synapsor platform features
13
- remain separate. See `../TRADEMARKS.md`.
14
-
15
- This license change applies only to `synapsor-runner`.
16
-
17
- It does not open source:
18
-
19
- - Synapsor Cloud;
20
- - the hosted control plane;
21
- - hosted capability registry;
22
- - advanced policy/capability compiler;
23
- - team approvals, RBAC, or SSO;
24
- - hosted audit/evidence ledger;
25
- - managed runners;
26
- - production writeback orchestration;
27
- - workflow builder;
28
- - native Synapsor engine;
29
- - C++/DBMS internals;
30
- - branching, time travel, or settlement;
31
- - compliance exports or production support/SLA.
32
-
33
- Synapsor Cloud is a separate hosted commercial service. Use Cloud when your team
34
- needs shared approvals, RBAC, hosted evidence/replay search, runner fleet
35
- status, leases, retention, audit visibility, enterprise controls, and support.
36
-
37
- Before public release, license and trademark text must be reviewed by qualified
38
- counsel.
package/docs/local-ui.md DELETED
@@ -1,163 +0,0 @@
1
- # Local UI
2
-
3
- `synapsor ui` starts a lightweight browser review surface for a local Runner
4
- store.
5
-
6
- From a source checkout, use `./bin/synapsor ui ...` if the global binary is not
7
- linked yet.
8
-
9
- ```bash
10
- npx -y -p @synapsor/runner@alpha synapsor ui --config ./synapsor.runner.json --store ./.synapsor/local.db
11
- ```
12
-
13
- By default it binds to localhost only and prints a per-run URL:
14
-
15
- ```text
16
- Synapsor Runner local UI: http://127.0.0.1:51234/?token=...
17
- ```
18
-
19
- Use the UI after `synapsor mcp serve` has created local proposals. The UI is a
20
- review surface; it is not a raw SQL console and it does not serve MCP tools.
21
-
22
- ## The Review Console
23
-
24
- Selecting a proposal opens a **Review** tab that tells the story of what
25
- happened, step by step, instead of leading with raw JSON:
26
-
27
- 1. **Agent requested a change** — the semantic tool that was called and the
28
- object it targeted (for example `billing.propose_late_fee_waiver for
29
- INV-3001`). The model could request, but had no SQL, approve, or commit
30
- tools.
31
- 2. **Synapsor Runner created a proposal** — proposal id, tenant, and principal.
32
- 3. **The proposed change** — an exact before/proposed field diff.
33
- 4. **Safety result** — `Source database changed: No/Yes`.
34
- 5. **Approval boundary** — “Approval happened outside MCP. The model did not get
35
- approve or commit tools,” plus the current approval status.
36
- 6. **Commit result** — the terminal outcome in plain language, e.g. “Conflict:
37
- the row changed after the proposal. No write applied,” with an expandable
38
- guard checklist.
39
- 7. **Replay** — a timeline of evidence, proposal, approval, writeback receipt,
40
- and conflict events.
41
-
42
- A second **View raw JSON** tab exposes the full proposal, events, receipts, and
43
- evidence payloads for developers who want the underlying records. Each
44
- configuration card also keeps its raw JSON behind a per-card drawer.
45
-
46
- ## What It Shows
47
-
48
- The setup summary shows:
49
-
50
- - config path and local store path;
51
- - Runner mode;
52
- - source engine and environment-variable names;
53
- - trusted context binding;
54
- - selected table/view targets;
55
- - semantic capabilities;
56
- - config validation status;
57
- - whether forbidden model-facing tools such as raw SQL or approval/commit tools
58
- are present.
59
-
60
- The tools view shows:
61
-
62
- - semantic tool names;
63
- - read/proposal labels;
64
- - target table/view;
65
- - input schema;
66
- - hidden trusted bindings;
67
- - visible columns;
68
- - allowed patch columns;
69
- - conflict guard;
70
- - clear “No raw SQL” status.
71
-
72
- The proposals view shows:
73
-
74
- - pending, approved, rejected, applied, conflict, and failed states;
75
- - tenant/object/principal;
76
- - source database changed: yes/no;
77
- - source row before approval/writeback;
78
- - proposed patch values;
79
- - expected version guard;
80
- - exact before/proposed field diff;
81
- - evidence handle and summary;
82
- - receipts when present.
83
-
84
- The review panel lets a local reviewer:
85
-
86
- - approve outside the model-facing MCP tool surface;
87
- - reject with a reason;
88
- - see the message “The model can propose this change. It cannot approve or
89
- commit it.” before execution;
90
- - see “Commit executed by trusted runner” after terminal writeback;
91
- - see “Conflict: source row changed after proposal” for stale-row cases;
92
- - inspect the guard checklist for tenant scope, allowed columns, primary key,
93
- conflict/version column, idempotency key, and affected-row count;
94
- - inspect writeback mode and executor status;
95
- - inspect replay for the selected proposal.
96
-
97
- Approval and rejection record the reviewer identity against the exact proposal
98
- hash/version in the local SQLite proposal store.
99
-
100
- ## Security Boundary
101
-
102
- The local UI keeps the same authority split as the CLI:
103
-
104
- ```text
105
- MCP tool call = request/proposal authority
106
- Trusted local UI/CLI reviewer = approval authority
107
- Trusted runner apply path = execution authority
108
- ```
109
-
110
- Security behavior:
111
-
112
- - binds to `127.0.0.1` by default;
113
- - refuses non-localhost binding unless `--allow-remote-bind` is explicitly
114
- passed;
115
- - requires a per-run local session token;
116
- - sets the local session token in an HttpOnly SameSite cookie after the first
117
- token URL load;
118
- - requires a CSRF token for approve/reject actions;
119
- - does not expose database URLs, passwords, bearer tokens, runner tokens, or
120
- obvious secret strings in JSON API responses;
121
- - does not expose a raw SQL editor;
122
- - does not expose approval, commit, or writeback tools through MCP;
123
- - does not allow widening configured tables, columns, or mutable fields from the
124
- browser.
125
-
126
- The UI displays proposal business data from the local store, so use reviewed
127
- visible columns and denied-column rules before creating proposals. Obvious
128
- secret-looking fields and connection strings are redacted defensively, but the
129
- UI is not a replacement for selecting safe capability projections.
130
-
131
- ## Remote Binding
132
-
133
- For normal use, do not bind the UI to anything except localhost.
134
-
135
- For a deliberate trusted local-network demo:
136
-
137
- ```bash
138
- npx -y -p @synapsor/runner@alpha synapsor ui --host 0.0.0.0 --allow-remote-bind
139
- ```
140
-
141
- Do this only in an isolated environment. The local UI is not a hosted
142
- multi-user approval product; use Synapsor Cloud when a team needs shared RBAC,
143
- approval queues, audit retention, and hosted replay search.
144
-
145
- ## Current Limits
146
-
147
- The UI is intentionally small in the current alpha:
148
-
149
- - proposal review and replay only;
150
- - no graphical capability builder;
151
- - no raw SQL editor;
152
- - no direct writeback apply button;
153
- - no hosted/team auth;
154
- - no Cloud approval queue replacement.
155
-
156
- Use the CLI apply path after approval:
157
-
158
- ```bash
159
- npx -y -p @synapsor/runner@alpha synapsor proposals writeback-job wrp_123 --store ./.synapsor/local.db --output job.json
160
- SYNAPSOR_ENGINE=postgres \
161
- SYNAPSOR_DATABASE_URL="$SYNAPSOR_DATABASE_WRITE_URL" \
162
- npx -y -p @synapsor/runner@alpha synapsor apply --job job.json --config synapsor.runner.json --store ./.synapsor/local.db
163
- ```
@@ -1,84 +0,0 @@
1
- # MCP Efficiency Benchmark
2
-
3
- Run:
4
-
5
- From a source checkout, use `corepack pnpm runner benchmark mcp-efficiency`.
6
- The global `synapsor` command is only needed after installing or linking the
7
- CLI.
8
-
9
- ```bash
10
- npx -y -p @synapsor/runner@alpha synapsor benchmark mcp-efficiency
11
- ```
12
-
13
- For machine-readable output:
14
-
15
- ```bash
16
- npx -y -p @synapsor/runner@alpha synapsor benchmark mcp-efficiency --json
17
- ```
18
-
19
- The benchmark compares an included fixture, not universal model behavior.
20
-
21
- Current fixture:
22
-
23
- ```text
24
- late-fee-waiver
25
- ```
26
-
27
- Checked-in snapshots:
28
-
29
- ```text
30
- fixtures/benchmark/mcp-efficiency.txt
31
- fixtures/benchmark/mcp-efficiency.json
32
- ```
33
-
34
- The CLI tests compare both human-readable and machine-readable output against
35
- those snapshots, so changes to the fixture, tokenizer, measurements, or wording
36
- are reviewable.
37
-
38
- Reference path:
39
-
40
- ```text
41
- list_tables
42
- describe_table invoices
43
- query_database SELECT invoice
44
- formulate raw UPDATE
45
- execute_sql UPDATE invoice
46
- ```
47
-
48
- Synapsor Runner semantic path:
49
-
50
- ```text
51
- billing.inspect_invoice
52
- billing.propose_late_fee_waiver
53
- ```
54
-
55
- It measures:
56
-
57
- - number of exposed tools;
58
- - serialized `tools/list` bytes;
59
- - token count with a pinned deterministic fixture tokenizer;
60
- - scripted tool-call count;
61
- - schema/context bytes and tokens exposed;
62
- - business result bytes and tokens;
63
- - whether raw SQL is exposed;
64
- - whether write credentials are exposed;
65
- - whether approval is separated;
66
- - whether stale-row conflict is checked.
67
-
68
- Tokenizer:
69
-
70
- ```text
71
- synapsor-fixture-tokenizer-v1
72
- ```
73
-
74
- This tokenizer is a deterministic regex tokenizer used only for repeatable
75
- fixture comparison. It is not a model billing tokenizer.
76
-
77
- Allowed README phrasing after implementation:
78
-
79
- > In the included fixture, semantic capabilities replace generic schema
80
- > exploration and raw SQL with two compact business tools. Run the benchmark to
81
- > inspect tool definitions, reference tool-call count, and tokenized context
82
- > size.
83
-
84
- Do not claim guaranteed percentage savings across workloads.