@synapsor/runner 0.1.0-alpha.4 → 0.1.0-alpha.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. package/README.md +211 -43
  2. package/dist/cli.d.ts.map +1 -1
  3. package/dist/runner.mjs +912 -90
  4. package/docs/README.md +32 -54
  5. package/docs/getting-started-own-database.md +68 -36
  6. package/docs/http-mcp.md +200 -0
  7. package/docs/local-mode.md +71 -35
  8. package/docs/mcp-audit.md +11 -15
  9. package/docs/mcp-client-setup.md +48 -9
  10. package/docs/recipes.md +6 -6
  11. package/docs/security-boundary.md +1 -1
  12. package/docs/troubleshooting-first-run.md +6 -6
  13. package/docs/writeback-executors.md +1 -1
  14. package/examples/openai-agents-http/README.md +55 -0
  15. package/examples/openai-agents-http/agent.py +90 -0
  16. package/examples/openai-agents-http/requirements.txt +1 -0
  17. package/examples/openai-agents-stdio/README.md +62 -0
  18. package/examples/openai-agents-stdio/agent.py +70 -0
  19. package/examples/openai-agents-stdio/requirements.txt +1 -0
  20. package/examples/reference-support-billing-app/README.md +17 -17
  21. package/package.json +3 -2
  22. package/docs/MCP_RUNNER_IMPLEMENTATION_PLAN.md +0 -187
  23. package/docs/architecture.md +0 -65
  24. package/docs/capability-config.md +0 -180
  25. package/docs/cloud-mode.md +0 -140
  26. package/docs/config-migrations.md +0 -67
  27. package/docs/demo-transcript.md +0 -161
  28. package/docs/dependency-license-inventory.md +0 -35
  29. package/docs/first-10-minutes.md +0 -172
  30. package/docs/licensing.md +0 -38
  31. package/docs/local-ui.md +0 -163
  32. package/docs/mcp-efficiency-benchmark.md +0 -84
  33. package/docs/open-source-feature-inventory.md +0 -254
  34. package/docs/operations.md +0 -38
  35. package/docs/own-db-20-minutes.md +0 -185
  36. package/docs/production-readiness.md +0 -39
  37. package/docs/protocol.md +0 -90
  38. package/docs/roadmap.md +0 -13
  39. package/docs/schema-inspection.md +0 -88
  40. package/docs/shadow-mode.md +0 -67
  41. package/docs/telemetry.md +0 -28
  42. package/docs/threat-model.md +0 -25
  43. package/docs/trusted-context.md +0 -70
@@ -1,88 +0,0 @@
1
- # Schema Inspection
2
-
3
- `synapsor inspect` reads database metadata so you can choose a
4
- narrow reviewed capability without writing an entire runner config by hand.
5
-
6
- Use the public `synapsor ...` runner CLI. From a source checkout, use
7
- `./bin/synapsor ...` if the global binary is not linked yet.
8
-
9
- ```bash
10
- npx -y -p @synapsor/runner@alpha synapsor inspect \
11
- --engine auto \
12
- --from-env SYNAPSOR_DATABASE_READ_URL \
13
- --schema public
14
- ```
15
-
16
- JSON output:
17
-
18
- ```bash
19
- npx -y -p @synapsor/runner@alpha synapsor inspect \
20
- --engine mysql \
21
- --from-env SYNAPSOR_DATABASE_READ_URL \
22
- --schema app \
23
- --json
24
- ```
25
-
26
- ## What It Reads
27
-
28
- The inspector collects metadata only:
29
-
30
- - engine and server version;
31
- - current database user;
32
- - schemas/databases visible to the credential;
33
- - tables and views;
34
- - columns, types, nullability, defaults, and generated status;
35
- - primary keys;
36
- - unique constraints;
37
- - foreign keys;
38
- - index summaries;
39
- - best-effort table writability from object type;
40
- - suggested tenant columns;
41
- - suggested conflict/version columns;
42
- - suggested sensitive or large/binary fields.
43
-
44
- It does not sample normal business rows by default.
45
-
46
- ## Suggestions Are Not Authority
47
-
48
- Tenant, conflict, sensitive-field, and default-visible-column suggestions are
49
- heuristics. You must review them before generating or serving a capability.
50
-
51
- Suggested tenant column names include:
52
-
53
- ```text
54
- tenant_id, account_id, organization_id, org_id, workspace_id, customer_id
55
- ```
56
-
57
- Suggested conflict/version columns include:
58
-
59
- ```text
60
- updated_at, modified_at, row_version, version, lock_version, etag
61
- ```
62
-
63
- Likely sensitive fields include names containing:
64
-
65
- ```text
66
- password, secret, token, api_key, private_key, session, cookie, ssn,
67
- credit_card, card_number, cvv, refresh_token, oauth
68
- ```
69
-
70
- Binary/blob/vector columns are excluded from generated default visible columns.
71
-
72
- ## Safety Behavior
73
-
74
- - Use a read-only database credential.
75
- - Pass the connection through an environment variable name, not a command-line
76
- URL.
77
- - Inspection opens read-only transactions where supported.
78
- - Inspection applies statement timeouts.
79
- - Inspection does not issue DDL or DML.
80
- - Errors are sanitized to avoid printing connection strings.
81
-
82
- ## Next Step
83
-
84
- Use the inspection result to create `onboarding-selection.json`, then run:
85
-
86
- ```bash
87
- npx -y -p @synapsor/runner@alpha synapsor init --spec onboarding-selection.json --non-interactive
88
- ```
@@ -1,67 +0,0 @@
1
- # Shadow Mode
2
-
3
- Shadow mode lets you evaluate autonomy before allowing writes.
4
-
5
- The model can create proposals and evidence, but the source database is never
6
- mutated. A human continues doing the real work in the application. You can then
7
- record what the human actually did and compare it to the agent proposal.
8
-
9
- Run a shadow config:
10
-
11
- ```json
12
- {
13
- "mode": "shadow"
14
- }
15
- ```
16
-
17
- List shadow proposals:
18
-
19
- ```bash
20
- npx -y -p @synapsor/runner@alpha synapsor shadow list --store ./.synapsor/local.db
21
- ```
22
-
23
- Record the human action:
24
-
25
- ```bash
26
- cat > human-action.json <<'JSON'
27
- {
28
- "late_fee_cents": 0,
29
- "waiver_reason": "customer requested review"
30
- }
31
- JSON
32
-
33
- npx -y -p @synapsor/runner@alpha synapsor shadow record-human-action wrp_123 \
34
- --store ./.synapsor/local.db \
35
- --patch human-action.json \
36
- --actor human_operator \
37
- --notes "matched support lead decision"
38
- ```
39
-
40
- Compare:
41
-
42
- ```bash
43
- npx -y -p @synapsor/runner@alpha synapsor shadow compare wrp_123 --store ./.synapsor/local.db
44
- ```
45
-
46
- Report:
47
-
48
- ```bash
49
- npx -y -p @synapsor/runner@alpha synapsor shadow report --store ./.synapsor/local.db
50
- ```
51
-
52
- The report counts:
53
-
54
- - total shadow proposals;
55
- - proposals with human actions;
56
- - exact matches;
57
- - partial matches;
58
- - mismatches;
59
- - proposals with no human action yet.
60
-
61
- Use this path to move gradually:
62
-
63
- ```text
64
- read-only -> shadow proposals -> human-reviewed commits -> policy-approved commits later
65
- ```
66
-
67
- This goal does not add policy auto-approval.
package/docs/telemetry.md DELETED
@@ -1,28 +0,0 @@
1
- # Telemetry
2
-
3
- Local mode does not send telemetry to Synapsor Cloud.
4
-
5
- By default, Synapsor Runner local commands do not upload:
6
-
7
- - schema metadata;
8
- - table names;
9
- - database rows;
10
- - prompts;
11
- - proposal contents;
12
- - credentials or database URLs;
13
- - usage data.
14
-
15
- Cloud communication occurs only after an explicit Cloud action, such as
16
- `synapsor cloud connect`, or when a config uses `mode: "cloud"`.
17
-
18
- The local MCP server keeps database credentials in the local environment. MCP
19
- client snippets reference the local command and store path; they must not
20
- include database URLs or passwords.
21
-
22
- Cloud mode may exchange documented control-plane metadata for runner
23
- registration, heartbeats, tool catalogs, proposal/job leases, result reporting,
24
- and replay/audit workflows. Cloud mode must remain testable and must not upload
25
- database credentials.
26
-
27
- If a future feature adds opt-in telemetry, it must be documented, disabled by
28
- default for local mode, and must not include secrets or row payloads.
@@ -1,25 +0,0 @@
1
- # Threat Model
2
-
3
- ## Boundary
4
-
5
- Synapsor Runner is the local trusted writeback boundary. The write credential stays in the customer environment. Synapsor Cloud sends approved structured jobs, not database URLs, passwords, raw SQL, prompts, or model confidence.
6
-
7
- ## Threats covered
8
-
9
- - Compromised or prompt-injected model: runner ignores prompts and accepts only structured approved jobs.
10
- - Malicious model arguments: target, tenant, allowed columns, conflict guard, and idempotency key come from Synapsor proposal state.
11
- - Over-broad proposal target: runner requires primary key and tenant guard.
12
- - Compromised runner token: token is scoped to one source and limited to configured runner permissions such as adapter read/invoke, runner heartbeat, job claim, and result reporting; it does not grant approval or arbitrary SQL authority.
13
- - Replayed job: receipt table makes applied retries idempotent.
14
- - Concurrent runners: receipt row and target row are locked inside a transaction.
15
- - Stale row/version conflict: version-column mismatch returns `conflict`.
16
- - Tenant mismatch: missing target row under tenant guard returns conflict and does not write.
17
- - Multi-row impact: affected rows must equal one.
18
- - Database outage mid-transaction: transaction rolls back and reports failed.
19
- - Control-plane outage after commit: receipt table allows safe idempotent result retry.
20
- - Log leakage: default logs redact tokens and database URLs.
21
- - Dependency compromise: CI, lockfile review, and dependency audit are release gates.
22
-
23
- ## Limitations
24
-
25
- The current alpha does not support arbitrary SQL, inserts, deletes, DDL, stored procedures, multi-row updates, cross-database transactions, automatic schema changes, or a self-hosted Synapsor control plane.
@@ -1,70 +0,0 @@
1
- # Trusted Context
2
-
3
- Trusted context is the data Synapsor Runner uses as authority but does not allow
4
- the model to choose freely.
5
-
6
- Examples:
7
-
8
- - tenant ID;
9
- - principal/user ID;
10
- - role;
11
- - environment or workspace scope.
12
-
13
- In local mode, the supported provider is environment binding:
14
-
15
- ```json
16
- {
17
- "trusted_context": {
18
- "provider": "environment",
19
- "values": {
20
- "tenant_id_env": "SYNAPSOR_TENANT_ID",
21
- "principal_env": "SYNAPSOR_PRINCIPAL"
22
- }
23
- }
24
- }
25
- ```
26
-
27
- For larger configs, use named contexts so each capability says which trusted
28
- binding it uses:
29
-
30
- ```json
31
- {
32
- "contexts": {
33
- "local_support_operator": {
34
- "provider": "environment",
35
- "values": {
36
- "tenant_id_env": "SYNAPSOR_TENANT_ID",
37
- "principal_env": "SYNAPSOR_PRINCIPAL"
38
- }
39
- }
40
- },
41
- "capabilities": [
42
- {
43
- "name": "support.inspect_ticket",
44
- "context": "local_support_operator"
45
- }
46
- ]
47
- }
48
- ```
49
-
50
- Backward compatibility: `trusted_context` still works as the global fallback.
51
- If a capability names `context`, that named context is used for that capability.
52
- If a capability does not name `context`, the global `trusted_context` is used.
53
- Config validation fails when a capability references a missing named context.
54
-
55
- At runtime:
56
-
57
- ```bash
58
- export SYNAPSOR_TENANT_ID="acme"
59
- export SYNAPSOR_PRINCIPAL="local_operator"
60
- ```
61
-
62
- The model may pass business identifiers such as `invoice_id` or `ticket_id`.
63
- Those identifiers are validated inside the trusted tenant scope.
64
-
65
- The model must not pass `tenant_id`, principal, role, or authorization scope as
66
- ordinary authority arguments. If a tool schema appears to require those fields
67
- from the model, treat it as a bug.
68
-
69
- Cloud mode may bind trusted context from Cloud runner/session context, but
70
- database credentials still stay local.