@synapsor/runner 0.1.0-alpha.4 → 0.1.0-alpha.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +211 -43
- package/dist/cli.d.ts.map +1 -1
- package/dist/runner.mjs +912 -90
- package/docs/README.md +32 -54
- package/docs/getting-started-own-database.md +68 -36
- package/docs/http-mcp.md +200 -0
- package/docs/local-mode.md +71 -35
- package/docs/mcp-audit.md +11 -15
- package/docs/mcp-client-setup.md +48 -9
- package/docs/recipes.md +6 -6
- package/docs/security-boundary.md +1 -1
- package/docs/troubleshooting-first-run.md +6 -6
- package/docs/writeback-executors.md +1 -1
- package/examples/openai-agents-http/README.md +55 -0
- package/examples/openai-agents-http/agent.py +90 -0
- package/examples/openai-agents-http/requirements.txt +1 -0
- package/examples/openai-agents-stdio/README.md +62 -0
- package/examples/openai-agents-stdio/agent.py +70 -0
- package/examples/openai-agents-stdio/requirements.txt +1 -0
- package/examples/reference-support-billing-app/README.md +17 -17
- package/package.json +3 -2
- package/docs/MCP_RUNNER_IMPLEMENTATION_PLAN.md +0 -187
- package/docs/architecture.md +0 -65
- package/docs/capability-config.md +0 -180
- package/docs/cloud-mode.md +0 -140
- package/docs/config-migrations.md +0 -67
- package/docs/demo-transcript.md +0 -161
- package/docs/dependency-license-inventory.md +0 -35
- package/docs/first-10-minutes.md +0 -172
- package/docs/licensing.md +0 -38
- package/docs/local-ui.md +0 -163
- package/docs/mcp-efficiency-benchmark.md +0 -84
- package/docs/open-source-feature-inventory.md +0 -254
- package/docs/operations.md +0 -38
- package/docs/own-db-20-minutes.md +0 -185
- package/docs/production-readiness.md +0 -39
- package/docs/protocol.md +0 -90
- package/docs/roadmap.md +0 -13
- package/docs/schema-inspection.md +0 -88
- package/docs/shadow-mode.md +0 -67
- package/docs/telemetry.md +0 -28
- package/docs/threat-model.md +0 -25
- package/docs/trusted-context.md +0 -70
|
@@ -1,254 +0,0 @@
|
|
|
1
|
-
# Synapsor Runner Open-Source Feature Inventory
|
|
2
|
-
|
|
3
|
-
Date: 2026-06-23
|
|
4
|
-
|
|
5
|
-
Branch inspected: `runner-segment-scale-adoption`
|
|
6
|
-
|
|
7
|
-
This inventory tracks the open-source runner boundary. It is not a list of
|
|
8
|
-
Synapsor Cloud or Synapsor DBMS features.
|
|
9
|
-
|
|
10
|
-
## Summary
|
|
11
|
-
|
|
12
|
-
Synapsor Runner now has a local evidence/replay ledger for real
|
|
13
|
-
Postgres/MySQL-backed MCP interactions:
|
|
14
|
-
|
|
15
|
-
- config-defined semantic MCP tools instead of raw SQL;
|
|
16
|
-
- trusted tenant/principal context binding;
|
|
17
|
-
- scoped source reads;
|
|
18
|
-
- local evidence bundles and query audit;
|
|
19
|
-
- proposal-first writes with before/proposed diffs;
|
|
20
|
-
- local approval/rejection outside MCP;
|
|
21
|
-
- guarded single-row writeback;
|
|
22
|
-
- writeback receipts;
|
|
23
|
-
- proposal replay;
|
|
24
|
-
- local indexed search over proposals, evidence, query audit, receipts, and
|
|
25
|
-
replay links.
|
|
26
|
-
- npm/package trust checks for the public `synapsor` bin and legacy
|
|
27
|
-
`synapsor-runner` alias;
|
|
28
|
-
- a fixture-only `demo --quick` that seeds an inspectable local ledger without
|
|
29
|
-
Docker;
|
|
30
|
-
- shareable MCP audit JSON/Markdown output;
|
|
31
|
-
- redacted doctor Markdown report output.
|
|
32
|
-
|
|
33
|
-
The local store is SQLite and intended for local/dev/staging usage. It is not a
|
|
34
|
-
hosted central audit ledger, not RBAC/SSO, not cross-runner search, not
|
|
35
|
-
enterprise retention, and not compliance export.
|
|
36
|
-
|
|
37
|
-
## Implemented Local Concepts
|
|
38
|
-
|
|
39
|
-
| Synapsor concept | Runner implementation | Status |
|
|
40
|
-
| --- | --- | --- |
|
|
41
|
-
| Context bindings | Trusted tenant/principal from env/static dev/HTTP/cloud session config | Implemented |
|
|
42
|
-
| Capabilities | Reviewed semantic MCP tools from `synapsor.runner.json` | Implemented |
|
|
43
|
-
| Evidence bundles | Captured/projected rows and metadata persisted locally | Implemented |
|
|
44
|
-
| Query audit | Source/table/fingerprint/row-count/redacted-parameter records | Implemented |
|
|
45
|
-
| Proposals | Immutable before/proposed change sets | Implemented |
|
|
46
|
-
| Approval | Local CLI/UI approval/rejection outside MCP | Implemented |
|
|
47
|
-
| Guarded writeback | Single-row Postgres/MySQL `UPDATE` with primary-key, tenant, allowed-column, conflict, idempotency, and affected-row checks | Implemented |
|
|
48
|
-
| Receipts | Applied/conflict/failed writeback receipts | Implemented |
|
|
49
|
-
| Replay | Proposal replay from local captured records | Implemented |
|
|
50
|
-
| MCP audit | Static risk review for database MCP tool shapes | Implemented |
|
|
51
|
-
| Local indexed search | CLI filters for activity, proposals, evidence, query audit, and receipts | Implemented |
|
|
52
|
-
|
|
53
|
-
## New Local Ledger Commands
|
|
54
|
-
|
|
55
|
-
```bash
|
|
56
|
-
synapsor activity search --tenant acme --object invoice:INV-3001
|
|
57
|
-
synapsor proposals list --tenant acme --capability billing.propose_late_fee_waiver --object invoice:INV-3001 --status approved
|
|
58
|
-
synapsor evidence list --tenant acme --capability billing.inspect_invoice --source app_postgres --table invoices
|
|
59
|
-
synapsor evidence show ev_...
|
|
60
|
-
synapsor evidence export ev_... --format json --output evidence.json
|
|
61
|
-
synapsor evidence export ev_... --format markdown --output evidence.md
|
|
62
|
-
synapsor query-audit list --evidence ev_... --source app_postgres --table invoices
|
|
63
|
-
synapsor query-audit show <audit_id>
|
|
64
|
-
synapsor query-audit export <audit_id> --format json --output audit.json
|
|
65
|
-
synapsor receipts list --proposal wrp_...
|
|
66
|
-
synapsor receipts show <receipt_id>
|
|
67
|
-
synapsor replay show --proposal wrp_...
|
|
68
|
-
synapsor replay show --replay replay_wrp_...
|
|
69
|
-
synapsor replay show --evidence ev_...
|
|
70
|
-
synapsor replay export --proposal wrp_... --format json --output replay.json
|
|
71
|
-
synapsor replay export --proposal wrp_... --format markdown --output replay.md
|
|
72
|
-
synapsor doctor --config synapsor.runner.json --report --redact --output synapsor-doctor.md
|
|
73
|
-
synapsor store stats --store ./.synapsor/local.db
|
|
74
|
-
synapsor store vacuum --store ./.synapsor/local.db
|
|
75
|
-
synapsor store prune --store ./.synapsor/local.db --older-than 30d --dry-run
|
|
76
|
-
```
|
|
77
|
-
|
|
78
|
-
Unknown top-level commands now return a nonzero error instead of generic help.
|
|
79
|
-
Unsupported flags on the new search/list commands fail clearly rather than
|
|
80
|
-
being silently ignored.
|
|
81
|
-
|
|
82
|
-
## Local Store Schema And Search
|
|
83
|
-
|
|
84
|
-
The store remains backward-compatible with existing local SQLite files. New
|
|
85
|
-
metadata columns are nullable and are backfilled from existing JSON where safe.
|
|
86
|
-
|
|
87
|
-
New/important searchable metadata:
|
|
88
|
-
|
|
89
|
-
- proposal tenant, principal, capability/action, business object, object id,
|
|
90
|
-
state, source, table, created time;
|
|
91
|
-
- evidence tenant, principal, capability, proposal id, business object, object
|
|
92
|
-
id, source, table, query fingerprint, created time;
|
|
93
|
-
- query audit tenant, proposal id, evidence id, source, table, primary-key
|
|
94
|
-
value, query fingerprint, created time;
|
|
95
|
-
- writeback receipt proposal id, writeback job id, idempotency key, status,
|
|
96
|
-
created time.
|
|
97
|
-
|
|
98
|
-
Indexes are created idempotently on the local store for:
|
|
99
|
-
|
|
100
|
-
- proposals by tenant/time, action/time, capability/time, principal/time,
|
|
101
|
-
object/time, state/time, source/table/time;
|
|
102
|
-
- evidence bundles by tenant/time, proposal id, created time, capability/time,
|
|
103
|
-
principal/time, object/time, source/table/time, query fingerprint/time;
|
|
104
|
-
- evidence items by evidence bundle id;
|
|
105
|
-
- query audit by evidence id, proposal id, source/table/time,
|
|
106
|
-
query fingerprint/time, tenant/time, object/time, primary-key/time;
|
|
107
|
-
- writeback receipts by proposal id, writeback job id, idempotency key,
|
|
108
|
-
status/time;
|
|
109
|
-
- replay records by proposal id and created time;
|
|
110
|
-
- approvals by proposal id and status/time;
|
|
111
|
-
- proposal events by proposal id and kind/time.
|
|
112
|
-
|
|
113
|
-
These are local metadata indexes. Runner does not index customer Postgres/MySQL
|
|
114
|
-
tables.
|
|
115
|
-
|
|
116
|
-
## Read-Only Evidence
|
|
117
|
-
|
|
118
|
-
Read-only MCP tools can record evidence bundles and query-audit rows. The MCP
|
|
119
|
-
tool response returns an evidence handle. The user can now inspect that handle
|
|
120
|
-
later:
|
|
121
|
-
|
|
122
|
-
```bash
|
|
123
|
-
synapsor evidence show ev_...
|
|
124
|
-
synapsor evidence list --tenant acme --capability billing.inspect_invoice
|
|
125
|
-
synapsor query-audit list --evidence ev_...
|
|
126
|
-
synapsor activity search --tenant acme --source app_postgres --table invoices
|
|
127
|
-
```
|
|
128
|
-
|
|
129
|
-
Read-only evidence inspection does not rerun the external database read. It
|
|
130
|
-
shows captured/projected evidence that was already persisted locally.
|
|
131
|
-
|
|
132
|
-
Proposal replay remains proposal-centric. `replay show --evidence ev_...`
|
|
133
|
-
works only when the evidence bundle is linked to a replayable proposal.
|
|
134
|
-
|
|
135
|
-
## Replay Versus Time Travel
|
|
136
|
-
|
|
137
|
-
Runner replay is local captured interaction replay:
|
|
138
|
-
|
|
139
|
-
```text
|
|
140
|
-
trusted context
|
|
141
|
-
-> captured source-row excerpt
|
|
142
|
-
-> query audit/fingerprint
|
|
143
|
-
-> proposal before/proposed diff
|
|
144
|
-
-> approval/rejection events
|
|
145
|
-
-> writeback job
|
|
146
|
-
-> terminal receipt
|
|
147
|
-
```
|
|
148
|
-
|
|
149
|
-
It is not:
|
|
150
|
-
|
|
151
|
-
- external DB time travel;
|
|
152
|
-
- `AS OF` query support over Postgres/MySQL;
|
|
153
|
-
- native branch creation;
|
|
154
|
-
- external DB merge;
|
|
155
|
-
- auto-merge;
|
|
156
|
-
- settlement-policy execution.
|
|
157
|
-
|
|
158
|
-
Synapsor-native branching, time travel, settlement, and workflow DAG execution
|
|
159
|
-
remain proprietary Synapsor Cloud/DBMS features.
|
|
160
|
-
|
|
161
|
-
## MCP Resource Boundary
|
|
162
|
-
|
|
163
|
-
MCP resources remain read-only:
|
|
164
|
-
|
|
165
|
-
- `synapsor://proposals/{proposal_id}`;
|
|
166
|
-
- `synapsor://evidence/{evidence_bundle_id}`;
|
|
167
|
-
- `synapsor://replay/{replay_id}`.
|
|
168
|
-
|
|
169
|
-
They inspect local store records and do not mutate source databases. They also
|
|
170
|
-
do not list/search all local records through MCP; local search is a CLI/local UI
|
|
171
|
-
concern.
|
|
172
|
-
|
|
173
|
-
## Not Included In OSS Runner
|
|
174
|
-
|
|
175
|
-
- C++ DBMS internals;
|
|
176
|
-
- native Synapsor branches;
|
|
177
|
-
- external DB time travel;
|
|
178
|
-
- `AS OF` external DB queries;
|
|
179
|
-
- external DB merge;
|
|
180
|
-
- auto-merge;
|
|
181
|
-
- settlement policies;
|
|
182
|
-
- workflow DAG engine;
|
|
183
|
-
- `CREATE AGENT WORKFLOW`;
|
|
184
|
-
- hosted workflow graph builder;
|
|
185
|
-
- governed memory;
|
|
186
|
-
- RBAC/SSO;
|
|
187
|
-
- hosted evidence ledger;
|
|
188
|
-
- central org-wide activity search;
|
|
189
|
-
- managed runner fleet;
|
|
190
|
-
- compliance exports;
|
|
191
|
-
- enterprise retention controls;
|
|
192
|
-
- production CDC machinery.
|
|
193
|
-
|
|
194
|
-
## Safety Boundary Verification
|
|
195
|
-
|
|
196
|
-
The runner keeps these out of the model-facing MCP tool surface:
|
|
197
|
-
|
|
198
|
-
- `execute_sql`;
|
|
199
|
-
- `raw_sql`;
|
|
200
|
-
- `query_database`;
|
|
201
|
-
- approval tools;
|
|
202
|
-
- reject tools;
|
|
203
|
-
- apply/commit/writeback tools;
|
|
204
|
-
- database URLs;
|
|
205
|
-
- write credentials;
|
|
206
|
-
- model-controlled tenant authority.
|
|
207
|
-
|
|
208
|
-
Approval, rejection, and writeback stay in CLI/UI/app-handler/runner paths
|
|
209
|
-
outside the MCP tool surface.
|
|
210
|
-
|
|
211
|
-
## Current Rough Edges
|
|
212
|
-
|
|
213
|
-
- The local UI is still proposal-review oriented. The CLI now has first-class
|
|
214
|
-
local evidence/search commands, but UI search/export for evidence/query-audit
|
|
215
|
-
is not yet a full dedicated workflow.
|
|
216
|
-
- Read-only evidence has CLI inspection and activity search, but read-only
|
|
217
|
-
replay is not a standalone replay object unless linked to a proposal.
|
|
218
|
-
- The current direct DB writeback adapter intentionally supports guarded
|
|
219
|
-
single-row `UPDATE` only. App-owned HTTP/command handlers are the path for
|
|
220
|
-
richer business writes.
|
|
221
|
-
- The alpha package requires Node >= 22.5.0 because the local ledger uses
|
|
222
|
-
Node's `node:sqlite` runtime. The package declares this and the bin wrapper
|
|
223
|
-
exits early with a clear message on older Node versions.
|
|
224
|
-
|
|
225
|
-
## Tests Covering This Inventory
|
|
226
|
-
|
|
227
|
-
Relevant local tests:
|
|
228
|
-
|
|
229
|
-
```bash
|
|
230
|
-
corepack pnpm exec vitest run packages/proposal-store/src/index.test.ts
|
|
231
|
-
corepack pnpm exec vitest run apps/runner/src/cli.test.ts
|
|
232
|
-
corepack pnpm exec vitest run packages/mcp-server/src/index.test.ts
|
|
233
|
-
corepack pnpm test:first-run
|
|
234
|
-
corepack pnpm test:mcp-client-configs
|
|
235
|
-
./scripts/verify-public-commands.sh
|
|
236
|
-
./scripts/verify-packed-runner.sh
|
|
237
|
-
```
|
|
238
|
-
|
|
239
|
-
The current implementation pass specifically added coverage for:
|
|
240
|
-
|
|
241
|
-
- unknown command nonzero behavior;
|
|
242
|
-
- unsupported search flags failing clearly;
|
|
243
|
-
- proposal filters by tenant/capability/object/status;
|
|
244
|
-
- evidence show/list/export JSON/Markdown;
|
|
245
|
-
- query-audit list/show/export;
|
|
246
|
-
- receipts list/show;
|
|
247
|
-
- replay by proposal id, replay id, and linked evidence id;
|
|
248
|
-
- replay JSON and Markdown export;
|
|
249
|
-
- activity search by tenant/object;
|
|
250
|
-
- local metadata indexes and idempotent migration/reopen.
|
|
251
|
-
- `demo --quick` creating an inspectable local fixture store;
|
|
252
|
-
- built-in audit example JSON/Markdown output;
|
|
253
|
-
- clean packed-tarball command execution.
|
|
254
|
-
- local store stats, vacuum, and dry-run/apply prune.
|
package/docs/operations.md
DELETED
|
@@ -1,38 +0,0 @@
|
|
|
1
|
-
# Operations
|
|
2
|
-
|
|
3
|
-
## Required configuration
|
|
4
|
-
|
|
5
|
-
- `SYNAPSOR_CONTROL_PLANE_URL`
|
|
6
|
-
- `SYNAPSOR_RUNNER_TOKEN`
|
|
7
|
-
- `SYNAPSOR_RUNNER_ID`
|
|
8
|
-
- `SYNAPSOR_SOURCE_ID`
|
|
9
|
-
- `SYNAPSOR_DATABASE_URL`
|
|
10
|
-
- `SYNAPSOR_ENGINE=postgres|mysql`
|
|
11
|
-
|
|
12
|
-
## Routine checks
|
|
13
|
-
|
|
14
|
-
```bash
|
|
15
|
-
npx -y -p @synapsor/runner@alpha synapsor doctor
|
|
16
|
-
npx -y -p @synapsor/runner@alpha synapsor validate --job examples/postgres-support/job.approved.json
|
|
17
|
-
npx -y -p @synapsor/runner@alpha synapsor validate --job examples/mysql-orders/job.approved.json
|
|
18
|
-
```
|
|
19
|
-
|
|
20
|
-
`doctor` validates local configuration, calls Synapsor's runner-token doctor endpoint, confirms the token is authenticated for the configured source, checks database reachability and engine version, creates/verifies `synapsor_writeback_receipts`, and performs a rollback-only receipt insert to prove the configured credential can write runner receipts. It does not mutate business tables.
|
|
21
|
-
|
|
22
|
-
## Local fixture smoke
|
|
23
|
-
|
|
24
|
-
Run this before cutting a release or changing the adapters:
|
|
25
|
-
|
|
26
|
-
```bash
|
|
27
|
-
corepack pnpm test:docker
|
|
28
|
-
```
|
|
29
|
-
|
|
30
|
-
The smoke starts the local Postgres and MySQL fixtures, validates approved jobs, applies one guarded single-row update, retries the same idempotency key, verifies stale-version conflict, verifies tenant mismatch rejection, verifies disallowed-column validation, and tears down the containers with volumes.
|
|
31
|
-
|
|
32
|
-
## Shutdown
|
|
33
|
-
|
|
34
|
-
The runner handles `SIGINT` and `SIGTERM` by stopping the poll loop. In-flight database transactions complete or roll back through the adapter.
|
|
35
|
-
|
|
36
|
-
## Logs
|
|
37
|
-
|
|
38
|
-
Default logs include runner id, job id, proposal id, source id, engine, schema/table names, patch column names, status/error code, and durations. Logs must not include database URL/password, runner token, full patch values, full source rows, or customer data.
|
|
@@ -1,185 +0,0 @@
|
|
|
1
|
-
# Own Database In 10 Minutes
|
|
2
|
-
|
|
3
|
-
This path is for a developer who already understands the local demo and wants
|
|
4
|
-
to try one staging Postgres/MySQL table without writing `synapsor.runner.json`
|
|
5
|
-
by hand.
|
|
6
|
-
|
|
7
|
-
Do not start with your most sensitive production database. Start with staging,
|
|
8
|
-
a disposable database, or a least-privilege view.
|
|
9
|
-
|
|
10
|
-
## 1. Create A Read-Only Credential
|
|
11
|
-
|
|
12
|
-
Use a database user that can inspect metadata and read only the tables/views
|
|
13
|
-
needed for the experiment.
|
|
14
|
-
|
|
15
|
-
Set the connection string in an environment variable:
|
|
16
|
-
|
|
17
|
-
```bash
|
|
18
|
-
export DATABASE_URL="<postgres-or-mysql-read-url>"
|
|
19
|
-
```
|
|
20
|
-
|
|
21
|
-
Do not paste database URLs into MCP client configs or committed JSON files.
|
|
22
|
-
|
|
23
|
-
## 2. Inspect The Database
|
|
24
|
-
|
|
25
|
-
Fast path:
|
|
26
|
-
|
|
27
|
-
```bash
|
|
28
|
-
./scripts/use-your-db.sh
|
|
29
|
-
```
|
|
30
|
-
|
|
31
|
-
That command runs inspection, guided config generation, and tool preview. The
|
|
32
|
-
rest of this page shows the same steps explicitly.
|
|
33
|
-
|
|
34
|
-
```bash
|
|
35
|
-
npx -y -p @synapsor/runner@alpha synapsor inspect --from-env DATABASE_URL --engine auto
|
|
36
|
-
```
|
|
37
|
-
|
|
38
|
-
This prints discovered tables/views, primary keys, possible tenant/scope
|
|
39
|
-
columns, possible conflict/version columns, and fields suggested for review.
|
|
40
|
-
Inspection reads metadata and table shape. It does not expose raw SQL tools or
|
|
41
|
-
write credentials to the model.
|
|
42
|
-
|
|
43
|
-
For disposable staging databases, this shorter form also works:
|
|
44
|
-
|
|
45
|
-
```bash
|
|
46
|
-
npx -y -p @synapsor/runner@alpha synapsor inspect "$DATABASE_URL" --engine auto
|
|
47
|
-
```
|
|
48
|
-
|
|
49
|
-
Prefer `--from-env` on shared machines so URLs do not land in shell history.
|
|
50
|
-
|
|
51
|
-
## 3. Run The Guided Wizard
|
|
52
|
-
|
|
53
|
-
```bash
|
|
54
|
-
npx -y -p @synapsor/runner@alpha synapsor init --from-env DATABASE_URL --mode review --wizard
|
|
55
|
-
```
|
|
56
|
-
|
|
57
|
-
The wizard asks for:
|
|
58
|
-
|
|
59
|
-
- database engine;
|
|
60
|
-
- read URL environment-variable name;
|
|
61
|
-
- schema/database;
|
|
62
|
-
- table or view;
|
|
63
|
-
- primary key;
|
|
64
|
-
- tenant/scope column;
|
|
65
|
-
- conflict/version column;
|
|
66
|
-
- read-visible fields;
|
|
67
|
-
- mode: `read_only`, `shadow`, or `review`;
|
|
68
|
-
- business object name and namespace;
|
|
69
|
-
- proposal patch mapping if you choose `shadow` or `review`;
|
|
70
|
-
- trusted tenant/principal env vars;
|
|
71
|
-
- approval role;
|
|
72
|
-
- final confirmation before files are written.
|
|
73
|
-
|
|
74
|
-
The default mode for unknown schemas should be treated as a cautious staging
|
|
75
|
-
path. Do not enable real writeback until the read/proposal path is reviewed.
|
|
76
|
-
|
|
77
|
-
You can still run the complete wrapper:
|
|
78
|
-
|
|
79
|
-
```bash
|
|
80
|
-
./scripts/use-your-db.sh
|
|
81
|
-
```
|
|
82
|
-
|
|
83
|
-
It runs inspection, guided init, tool preview, and next-step printing in one
|
|
84
|
-
flow. For the lower-level CLI path, `synapsor onboard db --from-env
|
|
85
|
-
DATABASE_URL` runs the same own-database onboarding from the runner command.
|
|
86
|
-
|
|
87
|
-
## 4. What Gets Generated
|
|
88
|
-
|
|
89
|
-
The wizard creates:
|
|
90
|
-
|
|
91
|
-
- `synapsor.runner.json`;
|
|
92
|
-
- `.env.example`;
|
|
93
|
-
- `.synapsor/mcp/generic-stdio.json`;
|
|
94
|
-
- `.synapsor/mcp/claude-desktop.json`;
|
|
95
|
-
- `.synapsor/mcp/cursor.json`;
|
|
96
|
-
- `.synapsor/mcp/vscode.json`.
|
|
97
|
-
|
|
98
|
-
The generated config stores environment-variable names, not database secrets.
|
|
99
|
-
|
|
100
|
-
## 5. Preview What The Model Sees
|
|
101
|
-
|
|
102
|
-
```bash
|
|
103
|
-
npx -y -p @synapsor/runner@alpha synapsor config validate --config synapsor.runner.json
|
|
104
|
-
npx -y -p @synapsor/runner@alpha synapsor doctor --config synapsor.runner.json
|
|
105
|
-
npx -y -p @synapsor/runner@alpha synapsor tools preview --config synapsor.runner.json --store ./.synapsor/local.db
|
|
106
|
-
```
|
|
107
|
-
|
|
108
|
-
`doctor` checks config shape, trusted context env vars, source env vars,
|
|
109
|
-
read/write credential separation, source metadata when reachable, handler env
|
|
110
|
-
vars, and the semantic MCP tool boundary.
|
|
111
|
-
|
|
112
|
-
`tools preview` lists what the model would see and confirms:
|
|
113
|
-
|
|
114
|
-
- semantic tools present;
|
|
115
|
-
- `execute_sql` absent;
|
|
116
|
-
- approval tools absent;
|
|
117
|
-
- commit tools absent;
|
|
118
|
-
- database URLs absent;
|
|
119
|
-
- write credentials absent.
|
|
120
|
-
|
|
121
|
-
## 6. Serve MCP
|
|
122
|
-
|
|
123
|
-
```bash
|
|
124
|
-
export SYNAPSOR_TENANT_ID="acme"
|
|
125
|
-
export SYNAPSOR_PRINCIPAL="local_operator"
|
|
126
|
-
|
|
127
|
-
npx -y -p @synapsor/runner@alpha synapsor mcp serve \
|
|
128
|
-
--config ./synapsor.runner.json \
|
|
129
|
-
--store ./.synapsor/local.db
|
|
130
|
-
```
|
|
131
|
-
|
|
132
|
-
The MCP server exposes only the configured semantic tools. It does not expose
|
|
133
|
-
raw SQL, approval tools, commit tools, database URLs, write credentials, or
|
|
134
|
-
model-controlled tenant authority.
|
|
135
|
-
|
|
136
|
-
## 7. Review Proposals
|
|
137
|
-
|
|
138
|
-
If a proposal is created:
|
|
139
|
-
|
|
140
|
-
```bash
|
|
141
|
-
npx -y -p @synapsor/runner@alpha synapsor proposals list --store ./.synapsor/local.db
|
|
142
|
-
npx -y -p @synapsor/runner@alpha synapsor proposals show <proposal_id> --store ./.synapsor/local.db
|
|
143
|
-
npx -y -p @synapsor/runner@alpha synapsor replay show <proposal_id> --store ./.synapsor/local.db
|
|
144
|
-
```
|
|
145
|
-
|
|
146
|
-
Open the UI:
|
|
147
|
-
|
|
148
|
-
```bash
|
|
149
|
-
npx -y -p @synapsor/runner@alpha synapsor ui --tour --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
150
|
-
```
|
|
151
|
-
|
|
152
|
-
## 8. Apply Only After Review
|
|
153
|
-
|
|
154
|
-
For direct SQL writeback, set a separate writer credential only when ready:
|
|
155
|
-
|
|
156
|
-
```bash
|
|
157
|
-
export SYNAPSOR_DATABASE_WRITE_URL="<postgres-or-mysql-writer-url>"
|
|
158
|
-
```
|
|
159
|
-
|
|
160
|
-
Then:
|
|
161
|
-
|
|
162
|
-
```bash
|
|
163
|
-
npx -y -p @synapsor/runner@alpha synapsor proposals approve <proposal_id> --store ./.synapsor/local.db --actor local_reviewer --yes
|
|
164
|
-
npx -y -p @synapsor/runner@alpha synapsor proposals writeback-job <proposal_id> --store ./.synapsor/local.db --output job.json
|
|
165
|
-
|
|
166
|
-
SYNAPSOR_ENGINE=postgres \
|
|
167
|
-
SYNAPSOR_DATABASE_URL="$SYNAPSOR_DATABASE_WRITE_URL" \
|
|
168
|
-
npx -y -p @synapsor/runner@alpha synapsor apply --job job.json --config synapsor.runner.json --store ./.synapsor/local.db
|
|
169
|
-
```
|
|
170
|
-
|
|
171
|
-
If your application should own the business write, configure an `http_handler`
|
|
172
|
-
or `command_handler` executor instead of direct SQL writeback. See
|
|
173
|
-
[writeback-executors.md](writeback-executors.md).
|
|
174
|
-
|
|
175
|
-
## Safety Rules
|
|
176
|
-
|
|
177
|
-
- Never infer write authority silently.
|
|
178
|
-
- Every allowed write column must be explicitly reviewed.
|
|
179
|
-
- Every patch mapping must be explicitly reviewed.
|
|
180
|
-
- If no tenant column exists, use a safe view or explicitly acknowledge
|
|
181
|
-
single-tenant dev mode.
|
|
182
|
-
- If no conflict column exists, stay in `read_only` or `shadow` unless you
|
|
183
|
-
intentionally accept a weak guard for local testing.
|
|
184
|
-
- Never write during onboarding.
|
|
185
|
-
- Never put secrets in generated config.
|
|
@@ -1,39 +0,0 @@
|
|
|
1
|
-
# Production Readiness
|
|
2
|
-
|
|
3
|
-
Synapsor Runner is a local, open-source MCP data-plane/runtime for reviewed
|
|
4
|
-
Postgres/MySQL business actions. It is not Synapsor Cloud and it is not the
|
|
5
|
-
Synapsor C++ DBMS.
|
|
6
|
-
|
|
7
|
-
Use a staging or disposable database first.
|
|
8
|
-
|
|
9
|
-
Allowed current claims:
|
|
10
|
-
|
|
11
|
-
- semantic MCP tools instead of raw SQL;
|
|
12
|
-
- source database remains unchanged during proposal creation;
|
|
13
|
-
- separate read and write credentials;
|
|
14
|
-
- exact row diff;
|
|
15
|
-
- local approval outside MCP;
|
|
16
|
-
- tenant, column, version, affected-row, and idempotency checks;
|
|
17
|
-
- approved app/API handler writeback with handler secrets kept in environment
|
|
18
|
-
variables;
|
|
19
|
-
- shadow-mode comparison between agent proposals and human actions;
|
|
20
|
-
- stale-row conflict detection in included fixtures;
|
|
21
|
-
- local replay for proposal/evidence/approval/writeback receipts.
|
|
22
|
-
|
|
23
|
-
Do not claim from this repository alone:
|
|
24
|
-
|
|
25
|
-
- high availability;
|
|
26
|
-
- compliance certification;
|
|
27
|
-
- mission-critical SLA;
|
|
28
|
-
- exactly-once across networks;
|
|
29
|
-
- general MCP security;
|
|
30
|
-
- prompt-injection immunity;
|
|
31
|
-
- physical branches for Postgres/MySQL;
|
|
32
|
-
- arbitrary business invariants are automatically understood.
|
|
33
|
-
|
|
34
|
-
Synapsor Cloud is the production/team control plane for shared approvals, RBAC,
|
|
35
|
-
hosted evidence/replay search, runner fleet status, leases, retention, audit
|
|
36
|
-
visibility, and support.
|
|
37
|
-
|
|
38
|
-
Before a public production-data claim, complete the release checklist, counsel
|
|
39
|
-
review, security review, and operational validation.
|
package/docs/protocol.md
DELETED
|
@@ -1,90 +0,0 @@
|
|
|
1
|
-
# Protocol
|
|
2
|
-
|
|
3
|
-
The public protocol has four versioned identifiers:
|
|
4
|
-
|
|
5
|
-
```text
|
|
6
|
-
synapsor.change-set.v1
|
|
7
|
-
synapsor.writeback-job.v1
|
|
8
|
-
synapsor.execution-receipt.v1
|
|
9
|
-
synapsor.runner-registration.v1
|
|
10
|
-
```
|
|
11
|
-
|
|
12
|
-
The schemas live in `schemas/`. Golden fixtures live in `fixtures/protocol/` and are copied into the main Synapsor repository so Cloud/C++/SDK work can validate the same contract.
|
|
13
|
-
|
|
14
|
-
`fixtures/protocol/MANIFEST.json` is the shared checksum note for the public protocol set. The same logical manifest is copied to the main Synapsor repository as `protocol/MANIFEST.json`. Tests in both repositories verify the SHA-256 digest for every schema and fixture.
|
|
15
|
-
|
|
16
|
-
The current alpha write path supports one operation:
|
|
17
|
-
|
|
18
|
-
```text
|
|
19
|
-
single_row_update
|
|
20
|
-
```
|
|
21
|
-
|
|
22
|
-
It does not support arbitrary SQL, DDL, INSERT, DELETE, UPSERT, stored procedures, dynamic table/column names from model input, or multi-row writes.
|
|
23
|
-
Schema, table, primary-key, tenant, conflict-guard, allowed-column, and patch
|
|
24
|
-
column identifiers must be fixed safe identifiers. Path-traversal strings and
|
|
25
|
-
SQL-fragment-like identifiers are rejected by protocol validation before the
|
|
26
|
-
Postgres/MySQL adapter can run.
|
|
27
|
-
|
|
28
|
-
## Change set
|
|
29
|
-
|
|
30
|
-
`synapsor.change-set.v1` describes the proposal created after a semantic capability reads the current row and derives an exact diff. It includes:
|
|
31
|
-
|
|
32
|
-
- proposal id and version;
|
|
33
|
-
- action name;
|
|
34
|
-
- trusted principal provenance;
|
|
35
|
-
- tenant/business-object scope;
|
|
36
|
-
- source table and primary key;
|
|
37
|
-
- before/patch/after maps;
|
|
38
|
-
- allowed columns;
|
|
39
|
-
- expected version guard;
|
|
40
|
-
- evidence bundle/query fingerprint;
|
|
41
|
-
- approval state;
|
|
42
|
-
- writeback state;
|
|
43
|
-
- `source_database_mutated: false`;
|
|
44
|
-
- proposal hash.
|
|
45
|
-
|
|
46
|
-
## Writeback job
|
|
47
|
-
|
|
48
|
-
`synapsor.writeback-job.v1` is the only object a runner may use to mutate the external database. Required fields include:
|
|
49
|
-
|
|
50
|
-
- `writeback_job_id`;
|
|
51
|
-
- `proposal_id`;
|
|
52
|
-
- `proposal_version`;
|
|
53
|
-
- `proposal_hash`;
|
|
54
|
-
- `runner_scope.project_id`;
|
|
55
|
-
- `runner_scope.source_id`;
|
|
56
|
-
- `engine`;
|
|
57
|
-
- `operation: single_row_update`;
|
|
58
|
-
- `target.schema`;
|
|
59
|
-
- `target.table`;
|
|
60
|
-
- `target.primary_key`;
|
|
61
|
-
- `tenant_guard`;
|
|
62
|
-
- `allowed_columns`;
|
|
63
|
-
- `patch`;
|
|
64
|
-
- `conflict_guard`;
|
|
65
|
-
- `idempotency_key`;
|
|
66
|
-
- `lease`.
|
|
67
|
-
|
|
68
|
-
The protocol package normalizes this public shape into the existing internal `protocol_version: "1.0"` worker shape so current Postgres/MySQL adapters remain stable while the public contract evolves.
|
|
69
|
-
|
|
70
|
-
## Execution receipt
|
|
71
|
-
|
|
72
|
-
`synapsor.execution-receipt.v1` records the terminal result:
|
|
73
|
-
|
|
74
|
-
```text
|
|
75
|
-
applied
|
|
76
|
-
conflict
|
|
77
|
-
failed
|
|
78
|
-
canceled
|
|
79
|
-
already_applied
|
|
80
|
-
```
|
|
81
|
-
|
|
82
|
-
Receipts include the writeback job id, proposal id, runner id, rows affected, idempotency key, version fields when available, source mutation state, safe error code, execution timestamp, and receipt hash.
|
|
83
|
-
|
|
84
|
-
## Runner registration
|
|
85
|
-
|
|
86
|
-
`synapsor.runner-registration.v1` describes a runner's id, version, supported engines, capabilities, project/source scope, and registration timestamp.
|
|
87
|
-
|
|
88
|
-
## Compatibility
|
|
89
|
-
|
|
90
|
-
Existing Cloud endpoints may still return the legacy `protocol_version: "1.0"` job/result envelope during migration. The runner validates both formats. New public examples and MCP work should use the `synapsor.*.v1` schema ids.
|
package/docs/roadmap.md
DELETED
|
@@ -1,13 +0,0 @@
|
|
|
1
|
-
# Roadmap
|
|
2
|
-
|
|
3
|
-
Future packages can live in this same monorepo:
|
|
4
|
-
|
|
5
|
-
- MCP adapter
|
|
6
|
-
- LangGraph adapter
|
|
7
|
-
- OpenAI Agents SDK adapter
|
|
8
|
-
- CrewAI adapter
|
|
9
|
-
- ORM helpers for Prisma, Drizzle, Django, Rails, and SQLAlchemy
|
|
10
|
-
- Local read runner when product requirements and security review are complete
|
|
11
|
-
|
|
12
|
-
Do not add package stubs until the implementation is ready.
|
|
13
|
-
|