@synapsor/runner 0.1.0-alpha.8 → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +162 -0
- package/README.md +391 -25
- package/dist/cli.d.ts +2 -0
- package/dist/cli.d.ts.map +1 -1
- package/dist/runner.mjs +2945 -193
- package/docs/README.md +40 -0
- package/docs/app-owned-executors.md +38 -0
- package/docs/capability-authoring.md +265 -0
- package/docs/cloud-mode.md +24 -0
- package/docs/current-scope.md +29 -0
- package/docs/dependency-license-inventory.md +35 -0
- package/docs/doctor.md +98 -0
- package/docs/getting-started-own-database.md +131 -46
- package/docs/handler-helper.md +228 -0
- package/docs/http-mcp.md +85 -17
- package/docs/licensing.md +36 -0
- package/docs/local-mode.md +44 -25
- package/docs/mcp-audit.md +8 -8
- package/docs/mcp-client-setup.md +59 -21
- package/docs/openai-agents-sdk.md +57 -0
- package/docs/recipes.md +6 -6
- package/docs/release-notes.md +327 -0
- package/docs/release-policy.md +125 -0
- package/docs/result-envelope-v2.md +151 -0
- package/docs/rfcs/001-result-envelope-v2.md +143 -0
- package/docs/rfcs/002-app-owned-handler-helper.md +161 -0
- package/docs/rfcs/003-integrator-feedback-teardown.md +97 -0
- package/docs/store-lifecycle.md +83 -0
- package/docs/troubleshooting-first-run.md +6 -6
- package/docs/use-your-own-database.md +18 -0
- package/docs/writeback-executors.md +92 -1
- package/examples/app-owned-writeback/README.md +128 -0
- package/examples/app-owned-writeback/business-actions.md +221 -0
- package/examples/app-owned-writeback/command-handler.mjs +55 -0
- package/examples/app-owned-writeback/node-fastify-handler.mjs +64 -0
- package/examples/app-owned-writeback/python-fastapi-handler.py +66 -0
- package/examples/mcp-postgres-billing-app-handler/README.md +94 -0
- package/examples/mcp-postgres-billing-app-handler/app-handler.mjs +123 -0
- package/examples/mcp-postgres-billing-app-handler/docker-compose.yml +13 -0
- package/examples/mcp-postgres-billing-app-handler/schema.sql +59 -0
- package/examples/mcp-postgres-billing-app-handler/scripts/run-demo.sh +100 -0
- package/examples/mcp-postgres-billing-app-handler/seed.sql +39 -0
- package/examples/mcp-postgres-billing-app-handler/synapsor-handler.mjs +437 -0
- package/examples/mcp-postgres-billing-app-handler/synapsor.runner.json +158 -0
- package/examples/openai-agents-http/README.md +19 -12
- package/examples/openai-agents-http/agent.py +29 -65
- package/examples/openai-agents-stdio/README.md +10 -6
- package/examples/openai-agents-stdio/agent.py +4 -2
- package/examples/reference-support-billing-app/README.md +16 -16
- package/examples/reference-support-billing-app/mcp-client.generic.json +1 -1
- package/fixtures/benchmark/mcp-efficiency.json +53 -0
- package/fixtures/benchmark/mcp-efficiency.txt +25 -0
- package/fixtures/protocol/MANIFEST.json +54 -0
- package/fixtures/protocol/change-set.late-fee-waiver.v1.json +72 -0
- package/fixtures/protocol/execution-receipt.applied.v1.json +14 -0
- package/fixtures/protocol/execution-receipt.conflict.v1.json +15 -0
- package/fixtures/protocol/runner-registration.v1.json +22 -0
- package/fixtures/protocol/writeback-job.late-fee-waiver.v1.json +44 -0
- package/package.json +6 -1
- package/schemas/change-set.v1.schema.json +140 -0
- package/schemas/execution-receipt.v1.schema.json +34 -0
- package/schemas/onboarding-selection.v1.schema.json +132 -0
- package/schemas/runner-registration.v1.schema.json +48 -0
- package/schemas/synapsor.app-handler-receipt.v1.json +39 -0
- package/schemas/synapsor.app-handler-request.v1.json +119 -0
- package/schemas/synapsor.runner.schema.json +415 -0
- package/schemas/writeback-job.v1.schema.json +121 -0
package/docs/http-mcp.md
CHANGED
|
@@ -6,14 +6,73 @@ needs to connect to a long-running Synapsor Runner service.
|
|
|
6
6
|
Use stdio MCP when a local MCP client such as Claude Desktop, Cursor, or a
|
|
7
7
|
local agent tool can launch Synapsor Runner directly.
|
|
8
8
|
|
|
9
|
-
|
|
10
|
-
endpoint at `POST /mcp` for `tools/list`, `tools/call`, and `resources/read`.
|
|
11
|
-
It is not the full MCP Streamable HTTP transport and does not implement an
|
|
12
|
-
`initialize`/SSE session handshake. If your SDK expects full HTTP MCP
|
|
13
|
-
initialization, use stdio mode or wrap this endpoint with a thin tool/function
|
|
14
|
-
adapter like the OpenAI HTTP example.
|
|
9
|
+
Synapsor Runner has two HTTP modes:
|
|
15
10
|
|
|
16
|
-
|
|
11
|
+
- `mcp serve-streamable-http`: spec-compatible MCP Streamable HTTP. Use this
|
|
12
|
+
when an MCP SDK/client expects `initialize`, session IDs, POST/GET/DELETE, and
|
|
13
|
+
standard HTTP MCP behavior.
|
|
14
|
+
- `mcp serve-http`: a lightweight authenticated JSON-RPC bridge for
|
|
15
|
+
`tools/list`, `tools/call`, and `resources/read`. Use this when your app wants
|
|
16
|
+
simple POST calls or an explicit wrapper around Runner tools.
|
|
17
|
+
|
|
18
|
+
## Start Standard Streamable HTTP MCP
|
|
19
|
+
|
|
20
|
+
```bash
|
|
21
|
+
export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-local-token"
|
|
22
|
+
|
|
23
|
+
synapsor-runner mcp serve-streamable-http \
|
|
24
|
+
--host 127.0.0.1 \
|
|
25
|
+
--port 8766 \
|
|
26
|
+
--config ./synapsor.runner.json \
|
|
27
|
+
--store ./.synapsor/local.db \
|
|
28
|
+
--auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
|
|
29
|
+
```
|
|
30
|
+
|
|
31
|
+
For OpenAI Agents SDK, expose OpenAI-safe aliases because OpenAI function names
|
|
32
|
+
cannot contain dots:
|
|
33
|
+
|
|
34
|
+
```bash
|
|
35
|
+
synapsor-runner mcp serve-streamable-http \
|
|
36
|
+
--host 127.0.0.1 \
|
|
37
|
+
--port 8766 \
|
|
38
|
+
--config ./synapsor.runner.json \
|
|
39
|
+
--store ./.synapsor/local.db \
|
|
40
|
+
--auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN \
|
|
41
|
+
--alias-mode openai
|
|
42
|
+
```
|
|
43
|
+
|
|
44
|
+
Equivalent unified command:
|
|
45
|
+
|
|
46
|
+
```bash
|
|
47
|
+
synapsor-runner mcp serve \
|
|
48
|
+
--transport streamable-http \
|
|
49
|
+
--host 127.0.0.1 \
|
|
50
|
+
--port 8766 \
|
|
51
|
+
--config ./synapsor.runner.json \
|
|
52
|
+
--store ./.synapsor/local.db \
|
|
53
|
+
--auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN \
|
|
54
|
+
--alias-mode openai
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
The model sees aliases such as `billing__inspect_invoice`. MCP tool metadata
|
|
58
|
+
still includes `synapsor.canonical_tool_name`, and Runner maps calls back to
|
|
59
|
+
the canonical Synapsor capability such as `billing.inspect_invoice`. Use
|
|
60
|
+
`--alias-mode both` only during migrations where some clients still need
|
|
61
|
+
canonical dotted names.
|
|
62
|
+
|
|
63
|
+
Defaults:
|
|
64
|
+
|
|
65
|
+
```text
|
|
66
|
+
host: 127.0.0.1
|
|
67
|
+
port: 8766
|
|
68
|
+
auth: bearer token required
|
|
69
|
+
cors: disabled
|
|
70
|
+
sessions: in-memory
|
|
71
|
+
```
|
|
72
|
+
|
|
73
|
+
Use `/mcp` as the MCP endpoint. Health is available at `/healthz`.
|
|
74
|
+
|
|
75
|
+
## Start The JSON-RPC Bridge
|
|
17
76
|
|
|
18
77
|
```bash
|
|
19
78
|
export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-local-token"
|
|
@@ -35,12 +94,17 @@ auth: bearer token required
|
|
|
35
94
|
cors: disabled
|
|
36
95
|
```
|
|
37
96
|
|
|
97
|
+
Bridge scope: `serve-http` does not implement MCP Streamable HTTP
|
|
98
|
+
`initialize`/session behavior. Standard SDK HTTP MCP clients should use
|
|
99
|
+
`serve-streamable-http` instead.
|
|
100
|
+
|
|
38
101
|
Startup output prints the URL, config path, store path, and token environment
|
|
39
102
|
variable name. It does not print token values or database URLs.
|
|
40
103
|
|
|
41
104
|
## Health Check
|
|
42
105
|
|
|
43
106
|
```bash
|
|
107
|
+
curl -i http://127.0.0.1:8766/healthz
|
|
44
108
|
curl -i http://127.0.0.1:8765/healthz
|
|
45
109
|
```
|
|
46
110
|
|
|
@@ -49,13 +113,13 @@ The health endpoint is secret-free:
|
|
|
49
113
|
```json
|
|
50
114
|
{
|
|
51
115
|
"ok": true,
|
|
52
|
-
"transport": "http",
|
|
116
|
+
"transport": "streamable-http",
|
|
53
117
|
"tools": 1,
|
|
54
118
|
"mode": "read_only"
|
|
55
119
|
}
|
|
56
120
|
```
|
|
57
121
|
|
|
58
|
-
## List Tools
|
|
122
|
+
## List Tools Through The JSON-RPC Bridge
|
|
59
123
|
|
|
60
124
|
Unauthorized requests fail:
|
|
61
125
|
|
|
@@ -96,7 +160,7 @@ model-controlled tenant authority
|
|
|
96
160
|
arbitrary table or column names
|
|
97
161
|
```
|
|
98
162
|
|
|
99
|
-
## Call A Tool
|
|
163
|
+
## Call A Tool Through The JSON-RPC Bridge
|
|
100
164
|
|
|
101
165
|
```bash
|
|
102
166
|
curl -i \
|
|
@@ -118,7 +182,7 @@ The response includes scoped data, trusted context, evidence handles, and
|
|
|
118
182
|
`source_database_mutated: false`. The agent still does not receive SQL,
|
|
119
183
|
database credentials, or approval/commit authority.
|
|
120
184
|
|
|
121
|
-
## Read Evidence Or Replay Resources
|
|
185
|
+
## Read Evidence Or Replay Resources Through The JSON-RPC Bridge
|
|
122
186
|
|
|
123
187
|
Use `resources/read` with a `synapsor://...` handle returned by a tool call:
|
|
124
188
|
|
|
@@ -200,9 +264,13 @@ examples/openai-agents-http/
|
|
|
200
264
|
examples/openai-agents-stdio/
|
|
201
265
|
```
|
|
202
266
|
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
267
|
+
Both examples use the MCP client integration from the OpenAI Agents SDK when it
|
|
268
|
+
is available. The stdio example launches Runner as a child process. The HTTP
|
|
269
|
+
example connects to `synapsor-runner mcp serve-streamable-http` through
|
|
270
|
+
`MCPServerStreamableHttp`. Use the JSON-RPC bridge only when you intentionally
|
|
271
|
+
want a small app-owned wrapper instead of standard HTTP MCP.
|
|
272
|
+
|
|
273
|
+
The boundary is the same in both modes: the agent calls a semantic Synapsor
|
|
274
|
+
tool, not raw SQL. OpenAI-facing examples use `--alias-mode openai` so
|
|
275
|
+
the model sees OpenAI-valid aliases while Runner preserves canonical Synapsor
|
|
276
|
+
tool names in metadata.
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
# Licensing
|
|
2
|
+
|
|
3
|
+
Synapsor Runner is open source under the Apache License 2.0 (`Apache-2.0`).
|
|
4
|
+
|
|
5
|
+
This page is a plain-English summary, not legal advice. If this summary
|
|
6
|
+
conflicts with `../LICENSE`, the `LICENSE` file controls.
|
|
7
|
+
|
|
8
|
+
Apache-2.0 applies to the code in this runner repository. It grants copyright
|
|
9
|
+
and patent rights under the license terms.
|
|
10
|
+
|
|
11
|
+
Apache-2.0 does not grant trademark rights. The Synapsor name, Synapsor Runner
|
|
12
|
+
name, logos, hosted Cloud service, and proprietary Synapsor platform features
|
|
13
|
+
remain separate. See `../TRADEMARKS.md`.
|
|
14
|
+
|
|
15
|
+
This license applies only to `synapsor-runner`. It does not open source:
|
|
16
|
+
|
|
17
|
+
- Synapsor Cloud;
|
|
18
|
+
- the hosted control plane;
|
|
19
|
+
- hosted capability registry;
|
|
20
|
+
- advanced policy/capability compiler;
|
|
21
|
+
- team approvals, RBAC, or SSO;
|
|
22
|
+
- hosted audit/evidence ledger;
|
|
23
|
+
- managed runners;
|
|
24
|
+
- production writeback orchestration;
|
|
25
|
+
- workflow builder;
|
|
26
|
+
- native Synapsor engine;
|
|
27
|
+
- C++/DBMS internals;
|
|
28
|
+
- branching, time travel, or settlement;
|
|
29
|
+
- compliance exports or production support/SLA.
|
|
30
|
+
|
|
31
|
+
Synapsor Cloud is a separate hosted commercial service. Use Cloud when your team
|
|
32
|
+
needs shared approvals, RBAC, hosted evidence/replay search, runner fleet
|
|
33
|
+
status, leases, retention, audit visibility, enterprise controls, and support.
|
|
34
|
+
|
|
35
|
+
Before public release, license and trademark text should be reviewed by the
|
|
36
|
+
release owner or qualified counsel.
|
package/docs/local-mode.md
CHANGED
|
@@ -43,13 +43,13 @@ want to change your host Node version.
|
|
|
43
43
|
Create a starter config without putting credentials in the file:
|
|
44
44
|
|
|
45
45
|
```bash
|
|
46
|
-
npx -y -p @synapsor/runner
|
|
46
|
+
npx -y -p @synapsor/runner synapsor-runner init --engine postgres --mode review
|
|
47
47
|
```
|
|
48
48
|
|
|
49
49
|
For MySQL:
|
|
50
50
|
|
|
51
51
|
```bash
|
|
52
|
-
npx -y -p @synapsor/runner
|
|
52
|
+
npx -y -p @synapsor/runner synapsor-runner init --engine mysql --mode review --output synapsor.mysql.runner.json
|
|
53
53
|
```
|
|
54
54
|
|
|
55
55
|
The generated config uses environment-variable names for read/write URLs and trusted context. Edit the table, column, and capability names before serving tools.
|
|
@@ -62,8 +62,8 @@ persisted into proposals, evidence, query audit, runner state, or replay.
|
|
|
62
62
|
For a reviewed own-database setup generated from explicit selections, use:
|
|
63
63
|
|
|
64
64
|
```bash
|
|
65
|
-
npx -y -p @synapsor/runner
|
|
66
|
-
npx -y -p @synapsor/runner
|
|
65
|
+
npx -y -p @synapsor/runner synapsor-runner init --spec onboarding-selection.json --non-interactive
|
|
66
|
+
npx -y -p @synapsor/runner synapsor-runner doctor --config synapsor.runner.json
|
|
67
67
|
```
|
|
68
68
|
|
|
69
69
|
`doctor --config` checks config validation, required environment variables,
|
|
@@ -75,25 +75,27 @@ and the semantic MCP tool boundary without printing credential values.
|
|
|
75
75
|
Use stdio for local MCP clients that launch Synapsor Runner:
|
|
76
76
|
|
|
77
77
|
```bash
|
|
78
|
-
npx -y -p @synapsor/runner
|
|
78
|
+
npx -y -p @synapsor/runner synapsor-runner mcp serve \
|
|
79
79
|
--config ./synapsor.runner.json \
|
|
80
80
|
--store ./.synapsor/local.db
|
|
81
81
|
```
|
|
82
82
|
|
|
83
|
-
Use HTTP when your app/server agent connects
|
|
83
|
+
Use Streamable HTTP when your app/server agent connects through a standard HTTP
|
|
84
|
+
MCP client:
|
|
84
85
|
|
|
85
86
|
```bash
|
|
86
87
|
export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-local-token"
|
|
87
88
|
|
|
88
|
-
npx -y -p @synapsor/runner
|
|
89
|
+
npx -y -p @synapsor/runner synapsor-runner mcp serve-streamable-http \
|
|
89
90
|
--config ./synapsor.runner.json \
|
|
90
91
|
--store ./.synapsor/local.db \
|
|
91
92
|
--auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
|
|
92
93
|
```
|
|
93
94
|
|
|
94
|
-
HTTP defaults to `127.0.0.1:
|
|
95
|
-
run behind private networking/TLS before production-like exposure.
|
|
96
|
-
|
|
95
|
+
Streamable HTTP defaults to `127.0.0.1:8766`, requires bearer auth by default,
|
|
96
|
+
and should run behind private networking/TLS before production-like exposure.
|
|
97
|
+
Use `synapsor-runner mcp serve-http` only when you explicitly want the smaller
|
|
98
|
+
JSON-RPC bridge. Details: [HTTP MCP](http-mcp.md).
|
|
97
99
|
|
|
98
100
|
## Local safety modes
|
|
99
101
|
|
|
@@ -125,19 +127,19 @@ If neither is set, the CLI uses:
|
|
|
125
127
|
List proposals:
|
|
126
128
|
|
|
127
129
|
```bash
|
|
128
|
-
npx -y -p @synapsor/runner
|
|
130
|
+
npx -y -p @synapsor/runner synapsor-runner proposals list --store ./.synapsor/local.db
|
|
129
131
|
```
|
|
130
132
|
|
|
131
133
|
Show a proposal:
|
|
132
134
|
|
|
133
135
|
```bash
|
|
134
|
-
npx -y -p @synapsor/runner
|
|
136
|
+
npx -y -p @synapsor/runner synapsor-runner proposals show wrp_123 --store ./.synapsor/local.db
|
|
135
137
|
```
|
|
136
138
|
|
|
137
139
|
Approve:
|
|
138
140
|
|
|
139
141
|
```bash
|
|
140
|
-
npx -y -p @synapsor/runner
|
|
142
|
+
npx -y -p @synapsor/runner synapsor-runner proposals approve wrp_123 \
|
|
141
143
|
--store ./.synapsor/local.db \
|
|
142
144
|
--actor local_reviewer \
|
|
143
145
|
--yes
|
|
@@ -148,7 +150,7 @@ Before approval, the CLI prints the reviewer-critical proposal details: trusted
|
|
|
148
150
|
Create a guarded writeback job from an approved proposal:
|
|
149
151
|
|
|
150
152
|
```bash
|
|
151
|
-
npx -y -p @synapsor/runner
|
|
153
|
+
npx -y -p @synapsor/runner synapsor-runner proposals writeback-job wrp_123 \
|
|
152
154
|
--store ./.synapsor/local.db \
|
|
153
155
|
--project local \
|
|
154
156
|
--runner local_runner \
|
|
@@ -160,7 +162,7 @@ The generated job uses the public `synapsor.writeback-job.v1` protocol and can b
|
|
|
160
162
|
```bash
|
|
161
163
|
export SYNAPSOR_DATABASE_WRITE_URL="postgresql://writer:<password>@localhost:5432/app"
|
|
162
164
|
SYNAPSOR_ENGINE=postgres \
|
|
163
|
-
npx -y -p @synapsor/runner
|
|
165
|
+
npx -y -p @synapsor/runner synapsor-runner apply --job job.json --config synapsor.runner.json --store ./.synapsor/local.db
|
|
164
166
|
```
|
|
165
167
|
|
|
166
168
|
When `--config` is passed, direct SQL writeback reads the writer connection from
|
|
@@ -172,7 +174,7 @@ Passing `--store` records the terminal `synapsor.execution-receipt.v1` locally.
|
|
|
172
174
|
Reject:
|
|
173
175
|
|
|
174
176
|
```bash
|
|
175
|
-
npx -y -p @synapsor/runner
|
|
177
|
+
npx -y -p @synapsor/runner synapsor-runner proposals reject wrp_123 \
|
|
176
178
|
--store ./.synapsor/local.db \
|
|
177
179
|
--reason "policy evidence is incomplete" \
|
|
178
180
|
--yes
|
|
@@ -189,7 +191,7 @@ Shadow-mode proposals are inspectable through `proposals show` and `replay show`
|
|
|
189
191
|
Start a localhost-only review UI:
|
|
190
192
|
|
|
191
193
|
```bash
|
|
192
|
-
npx -y -p @synapsor/runner
|
|
194
|
+
npx -y -p @synapsor/runner synapsor-runner ui --config synapsor.runner.json --store ./.synapsor/local.db
|
|
193
195
|
```
|
|
194
196
|
|
|
195
197
|
The UI shows setup summary, semantic tools, proposal states, exact diffs,
|
|
@@ -205,20 +207,20 @@ tools, MCP commit tools, or controls that widen configured tables/columns.
|
|
|
205
207
|
Show replay:
|
|
206
208
|
|
|
207
209
|
```bash
|
|
208
|
-
npx -y -p @synapsor/runner
|
|
209
|
-
npx -y -p @synapsor/runner
|
|
210
|
-
npx -y -p @synapsor/runner
|
|
211
|
-
npx -y -p @synapsor/runner
|
|
210
|
+
npx -y -p @synapsor/runner synapsor-runner replay show wrp_123 --store ./.synapsor/local.db
|
|
211
|
+
npx -y -p @synapsor/runner synapsor-runner replay show --proposal wrp_123 --store ./.synapsor/local.db
|
|
212
|
+
npx -y -p @synapsor/runner synapsor-runner replay show --replay replay_wrp_123 --store ./.synapsor/local.db
|
|
213
|
+
npx -y -p @synapsor/runner synapsor-runner replay show --evidence ev_123 --store ./.synapsor/local.db
|
|
212
214
|
```
|
|
213
215
|
|
|
214
216
|
Export replay:
|
|
215
217
|
|
|
216
218
|
```bash
|
|
217
|
-
npx -y -p @synapsor/runner
|
|
219
|
+
npx -y -p @synapsor/runner synapsor-runner replay export wrp_123 \
|
|
218
220
|
--store ./.synapsor/local.db \
|
|
219
221
|
--output replay.json
|
|
220
222
|
|
|
221
|
-
npx -y -p @synapsor/runner
|
|
223
|
+
npx -y -p @synapsor/runner synapsor-runner replay export --proposal wrp_123 \
|
|
222
224
|
--format markdown \
|
|
223
225
|
--store ./.synapsor/local.db \
|
|
224
226
|
--output replay.md
|
|
@@ -271,13 +273,30 @@ or prune it without touching your source Postgres/MySQL database:
|
|
|
271
273
|
|
|
272
274
|
```bash
|
|
273
275
|
synapsor-runner store stats --store ./.synapsor/local.db
|
|
276
|
+
synapsor-runner events tail --store ./.synapsor/local.db
|
|
277
|
+
synapsor-runner events webhook --url http://127.0.0.1:8788/synapsor/events --kind proposal_created --store ./.synapsor/local.db
|
|
274
278
|
synapsor-runner store vacuum --store ./.synapsor/local.db
|
|
275
279
|
synapsor-runner store prune --store ./.synapsor/local.db --older-than 30d --dry-run
|
|
276
280
|
synapsor-runner store prune --store ./.synapsor/local.db --older-than 30d --yes
|
|
281
|
+
synapsor-runner store prune --store ./.synapsor/local.db --older-than 30d --yes --force
|
|
282
|
+
synapsor-runner store reset --store ./.synapsor/local.db --yes
|
|
277
283
|
```
|
|
278
284
|
|
|
279
|
-
`
|
|
280
|
-
|
|
285
|
+
`events tail` shows local lifecycle events already recorded in the SQLite
|
|
286
|
+
ledger, including proposal creation, approval/rejection, writeback jobs, and
|
|
287
|
+
writeback applied/conflict/failed receipts. Add `--follow` to keep polling a
|
|
288
|
+
running local store.
|
|
289
|
+
|
|
290
|
+
`events webhook` pushes the same local lifecycle events to a local/dev/staging
|
|
291
|
+
HTTP endpoint, one event envelope per POST. Use it for a review UI, Slack bridge,
|
|
292
|
+
or app-local notification path when polling is awkward. It is not a hosted
|
|
293
|
+
central ledger and does not expose database credentials.
|
|
294
|
+
|
|
295
|
+
`store prune` defaults to dry-run. `store reset` requires `--yes` and removes
|
|
296
|
+
only the local SQLite ledger files. MCP server modes write a small active-store
|
|
297
|
+
lease next to the SQLite file; destructive store operations refuse while that
|
|
298
|
+
lease points at a live PID unless you pass `--force` after verifying the server
|
|
299
|
+
is stopped or stale.
|
|
281
300
|
|
|
282
301
|
## Boundary
|
|
283
302
|
|
package/docs/mcp-audit.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# MCP database risk review
|
|
2
2
|
|
|
3
|
-
`npx -y -p @synapsor/runner
|
|
3
|
+
`npx -y -p @synapsor/runner synapsor-runner audit <target>` performs a
|
|
4
4
|
static MCP database risk review over an exported tool manifest, a remote MCP
|
|
5
5
|
`tools/list` endpoint, or a stdio MCP server. The `mcp audit` subcommand is also
|
|
6
6
|
available for users who look for the command under the MCP namespace.
|
|
@@ -23,7 +23,7 @@ MCP annotations are treated as hints, not enforcement.
|
|
|
23
23
|
Built-in database MCP risk example:
|
|
24
24
|
|
|
25
25
|
```bash
|
|
26
|
-
npx -y -p @synapsor/runner
|
|
26
|
+
npx -y -p @synapsor/runner synapsor-runner audit --example dangerous-db-mcp
|
|
27
27
|
```
|
|
28
28
|
|
|
29
29
|
This bundled example does not require a source checkout or local examples file.
|
|
@@ -34,38 +34,38 @@ table/column inputs, and model-controlled tenant/principal fields.
|
|
|
34
34
|
Human-readable output:
|
|
35
35
|
|
|
36
36
|
```bash
|
|
37
|
-
npx -y -p @synapsor/runner
|
|
37
|
+
npx -y -p @synapsor/runner synapsor-runner audit ./tools-list.json
|
|
38
38
|
```
|
|
39
39
|
|
|
40
40
|
Remote `tools/list` endpoint with a bearer token kept in the environment:
|
|
41
41
|
|
|
42
42
|
```bash
|
|
43
43
|
SYNAPSOR_MCP_AUDIT_BEARER="..." \
|
|
44
|
-
npx -y -p @synapsor/runner
|
|
44
|
+
npx -y -p @synapsor/runner synapsor-runner audit https://mcp.example.com --format json
|
|
45
45
|
```
|
|
46
46
|
|
|
47
47
|
Remote endpoint with a custom bearer-token environment variable:
|
|
48
48
|
|
|
49
49
|
```bash
|
|
50
|
-
npx -y -p @synapsor/runner
|
|
50
|
+
npx -y -p @synapsor/runner synapsor-runner audit https://mcp.example.com --bearer-env MCP_AUDIT_TOKEN --format json
|
|
51
51
|
```
|
|
52
52
|
|
|
53
53
|
Stdio MCP server:
|
|
54
54
|
|
|
55
55
|
```bash
|
|
56
|
-
npx -y -p @synapsor/runner
|
|
56
|
+
npx -y -p @synapsor/runner synapsor-runner audit 'stdio:node ./server.mjs' --timeout-ms 5000
|
|
57
57
|
```
|
|
58
58
|
|
|
59
59
|
JSON output:
|
|
60
60
|
|
|
61
61
|
```bash
|
|
62
|
-
npx -y -p @synapsor/runner
|
|
62
|
+
npx -y -p @synapsor/runner synapsor-runner audit ./tools-list.json --format json
|
|
63
63
|
```
|
|
64
64
|
|
|
65
65
|
Markdown output for issues, PRs, or security review notes:
|
|
66
66
|
|
|
67
67
|
```bash
|
|
68
|
-
npx -y -p @synapsor/runner
|
|
68
|
+
npx -y -p @synapsor/runner synapsor-runner audit --example dangerous-db-mcp --format markdown
|
|
69
69
|
```
|
|
70
70
|
|
|
71
71
|
During local development, the repo-local wrapper can run the same command:
|
package/docs/mcp-client-setup.md
CHANGED
|
@@ -6,10 +6,10 @@ The primary local proof path is still the one-command Docker demo:
|
|
|
6
6
|
./scripts/demo-docker.sh
|
|
7
7
|
```
|
|
8
8
|
|
|
9
|
-
Use this page after that demo passes and you want to attach a local MCP client
|
|
10
|
-
The
|
|
11
|
-
|
|
12
|
-
service.
|
|
9
|
+
Use this page after that demo passes and you want to attach a local MCP client
|
|
10
|
+
or SDK. The simplest local-client contract is stdio. Standard HTTP MCP is
|
|
11
|
+
available through Streamable HTTP when your agent connects to a long-running
|
|
12
|
+
Runner service.
|
|
13
13
|
|
|
14
14
|
Command examples use the published alpha package through `npx`. From a source
|
|
15
15
|
checkout, use `./bin/synapsor-runner ...` only when you intentionally want the local
|
|
@@ -32,28 +32,53 @@ corepack pnpm test:mcp-client-configs
|
|
|
32
32
|
| Mode | Use when | Command |
|
|
33
33
|
| --- | --- | --- |
|
|
34
34
|
| stdio | Claude Desktop, Cursor, VS Code, or another local MCP client can launch Synapsor Runner | `synapsor-runner mcp serve` |
|
|
35
|
-
| HTTP | Your app/server, Python agent, Node service, or container
|
|
35
|
+
| Streamable HTTP MCP | Your app/server, Python agent, Node service, or container uses a standard HTTP MCP client | `synapsor-runner mcp serve-streamable-http` |
|
|
36
|
+
| JSON-RPC bridge | Your app wants a small explicit wrapper around `tools/list`, `tools/call`, and `resources/read` | `synapsor-runner mcp serve-http` |
|
|
36
37
|
|
|
37
38
|
Stdio keeps the MCP protocol on process stdin/stdout and is the simplest local
|
|
38
|
-
developer path. HTTP
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
Important alpha limitation: HTTP mode is not full MCP Streamable HTTP. It does
|
|
42
|
-
not implement `initialize` or an SSE session handshake. Standard SDK HTTP MCP
|
|
43
|
-
clients that require initialization may fail. Use stdio for those clients, or
|
|
44
|
-
call Runner's HTTP JSON-RPC endpoint through a thin app/server wrapper.
|
|
39
|
+
developer path. Streamable HTTP implements MCP initialize/session behavior over
|
|
40
|
+
an authenticated `/mcp` endpoint. The JSON-RPC bridge is intentionally smaller
|
|
41
|
+
and does not implement MCP initialize/session behavior.
|
|
45
42
|
|
|
46
43
|
HTTP requires bearer auth by default:
|
|
47
44
|
|
|
48
45
|
```bash
|
|
49
46
|
export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-local-token"
|
|
50
47
|
|
|
51
|
-
npx -y -p @synapsor/runner
|
|
48
|
+
npx -y -p @synapsor/runner synapsor-runner mcp serve-streamable-http \
|
|
52
49
|
--config ./synapsor.runner.json \
|
|
53
50
|
--store ./.synapsor/local.db \
|
|
54
51
|
--auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
|
|
55
52
|
```
|
|
56
53
|
|
|
54
|
+
OpenAI Agents SDK rejects dotted function/tool names such as
|
|
55
|
+
`billing.inspect_invoice`. For OpenAI-facing transports, ask Runner to expose
|
|
56
|
+
OpenAI-safe aliases while keeping canonical Synapsor capability names in MCP
|
|
57
|
+
metadata:
|
|
58
|
+
|
|
59
|
+
```bash
|
|
60
|
+
npx -y -p @synapsor/runner synapsor-runner mcp serve-streamable-http \
|
|
61
|
+
--config ./synapsor.runner.json \
|
|
62
|
+
--store ./.synapsor/local.db \
|
|
63
|
+
--auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN \
|
|
64
|
+
--alias-mode openai
|
|
65
|
+
```
|
|
66
|
+
|
|
67
|
+
The model sees names such as `billing__inspect_invoice`; `_meta` includes
|
|
68
|
+
`synapsor.canonical_tool_name = billing.inspect_invoice`, and Runner routes the
|
|
69
|
+
alias back to the canonical capability. Use `--alias-mode both` only when a
|
|
70
|
+
migration needs canonical dotted names and OpenAI-safe aliases exposed at the
|
|
71
|
+
same time.
|
|
72
|
+
|
|
73
|
+
Preview the exact alias mapping before wiring a client:
|
|
74
|
+
|
|
75
|
+
```bash
|
|
76
|
+
npx -y -p @synapsor/runner synapsor-runner tools preview \
|
|
77
|
+
--config ./synapsor.runner.json \
|
|
78
|
+
--store ./.synapsor/local.db \
|
|
79
|
+
--alias-mode openai
|
|
80
|
+
```
|
|
81
|
+
|
|
57
82
|
Use private networking/TLS before exposing HTTP MCP beyond localhost. Details:
|
|
58
83
|
[HTTP MCP](http-mcp.md).
|
|
59
84
|
|
|
@@ -62,7 +87,7 @@ Use private networking/TLS before exposing HTTP MCP beyond localhost. Details:
|
|
|
62
87
|
Print a snippet without modifying any client files:
|
|
63
88
|
|
|
64
89
|
```bash
|
|
65
|
-
npx -y -p @synapsor/runner
|
|
90
|
+
npx -y -p @synapsor/runner synapsor-runner mcp config claude-desktop \
|
|
66
91
|
--config ./synapsor.runner.json \
|
|
67
92
|
--store ./.synapsor/local.db
|
|
68
93
|
```
|
|
@@ -75,18 +100,29 @@ generic
|
|
|
75
100
|
claude-desktop
|
|
76
101
|
cursor
|
|
77
102
|
vscode
|
|
103
|
+
openai-agents
|
|
104
|
+
```
|
|
105
|
+
|
|
106
|
+
For OpenAI Agents SDK, generate the Streamable HTTP start command and Python
|
|
107
|
+
snippet:
|
|
108
|
+
|
|
109
|
+
```bash
|
|
110
|
+
npx -y -p @synapsor/runner synapsor-runner mcp client-config \
|
|
111
|
+
--client openai-agents \
|
|
112
|
+
--config ./synapsor.runner.json \
|
|
113
|
+
--store ./.synapsor/local.db
|
|
78
114
|
```
|
|
79
115
|
|
|
80
116
|
The older form is still supported:
|
|
81
117
|
|
|
82
118
|
```bash
|
|
83
|
-
npx -y -p @synapsor/runner
|
|
119
|
+
npx -y -p @synapsor/runner synapsor-runner mcp configure --client claude-desktop --config ./synapsor.runner.json --store ./.synapsor/local.db
|
|
84
120
|
```
|
|
85
121
|
|
|
86
122
|
Write is opt-in and requires an explicit destination:
|
|
87
123
|
|
|
88
124
|
```bash
|
|
89
|
-
npx -y -p @synapsor/runner
|
|
125
|
+
npx -y -p @synapsor/runner synapsor-runner mcp configure \
|
|
90
126
|
--client cursor \
|
|
91
127
|
--config ./synapsor.runner.json \
|
|
92
128
|
--store ./.synapsor/local.db \
|
|
@@ -105,22 +141,24 @@ database URLs or passwords into the client config.
|
|
|
105
141
|
From the runner repository:
|
|
106
142
|
|
|
107
143
|
```bash
|
|
108
|
-
npx -y -p @synapsor/runner
|
|
144
|
+
npx -y -p @synapsor/runner synapsor-runner mcp serve --config ./examples/mcp-postgres-billing/synapsor.runner.json --store ./.synapsor/local.db
|
|
109
145
|
```
|
|
110
146
|
|
|
111
147
|
For the alpha package, keep the package tag explicit in client configuration.
|
|
112
148
|
|
|
113
|
-
For app/server HTTP mode:
|
|
149
|
+
For standard app/server HTTP MCP mode:
|
|
114
150
|
|
|
115
151
|
```bash
|
|
116
152
|
export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-local-token"
|
|
117
153
|
|
|
118
|
-
npx -y -p @synapsor/runner
|
|
154
|
+
npx -y -p @synapsor/runner synapsor-runner mcp serve-streamable-http \
|
|
119
155
|
--config ./examples/mcp-postgres-billing/synapsor.runner.json \
|
|
120
156
|
--store ./.synapsor/local.db \
|
|
121
157
|
--auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN
|
|
122
158
|
```
|
|
123
159
|
|
|
160
|
+
For the smaller JSON-RPC bridge, use `synapsor-runner mcp serve-http` instead.
|
|
161
|
+
|
|
124
162
|
## Generic stdio Client
|
|
125
163
|
|
|
126
164
|
```json
|
|
@@ -131,7 +169,7 @@ npx -y -p @synapsor/runner@alpha synapsor-runner mcp serve-http \
|
|
|
131
169
|
"args": [
|
|
132
170
|
"-y",
|
|
133
171
|
"-p",
|
|
134
|
-
"@synapsor/runner
|
|
172
|
+
"@synapsor/runner",
|
|
135
173
|
"synapsor-runner",
|
|
136
174
|
"mcp",
|
|
137
175
|
"serve",
|
|
@@ -174,7 +212,7 @@ small tool-call test.
|
|
|
174
212
|
First confirm what Runner exposes:
|
|
175
213
|
|
|
176
214
|
```bash
|
|
177
|
-
npx -y -p @synapsor/runner
|
|
215
|
+
npx -y -p @synapsor/runner synapsor-runner tools preview \
|
|
178
216
|
--config ./synapsor.runner.json \
|
|
179
217
|
--store ./.synapsor/local.db
|
|
180
218
|
```
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
# OpenAI Agents SDK
|
|
2
|
+
|
|
3
|
+
Use Synapsor Runner with the OpenAI Agents SDK through standard MCP Streamable
|
|
4
|
+
HTTP. Runner exposes semantic database tools to the model and keeps approval,
|
|
5
|
+
writeback, database URLs, and write credentials outside the model-facing tool
|
|
6
|
+
surface.
|
|
7
|
+
|
|
8
|
+
## Start Runner
|
|
9
|
+
|
|
10
|
+
```bash
|
|
11
|
+
export SYNAPSOR_RUNNER_HTTP_TOKEN="dev-local-token"
|
|
12
|
+
|
|
13
|
+
npx -y -p @synapsor/runner synapsor-runner mcp serve-streamable-http \
|
|
14
|
+
--config ./synapsor.runner.json \
|
|
15
|
+
--store ./.synapsor/local.db \
|
|
16
|
+
--auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN \
|
|
17
|
+
--alias-mode openai
|
|
18
|
+
```
|
|
19
|
+
|
|
20
|
+
`--alias-mode openai` is important because OpenAI function/tool names cannot
|
|
21
|
+
contain dots. Runner exposes names such as `billing__inspect_invoice` to the
|
|
22
|
+
model and maps calls back to canonical Synapsor capability names such as
|
|
23
|
+
`billing.inspect_invoice`.
|
|
24
|
+
|
|
25
|
+
## Generate The Snippet
|
|
26
|
+
|
|
27
|
+
```bash
|
|
28
|
+
npx -y -p @synapsor/runner synapsor-runner mcp client-config \
|
|
29
|
+
--client openai-agents \
|
|
30
|
+
--config ./synapsor.runner.json \
|
|
31
|
+
--store ./.synapsor/local.db
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
The generated output includes:
|
|
35
|
+
|
|
36
|
+
- the Streamable HTTP server command;
|
|
37
|
+
- the `/mcp` URL;
|
|
38
|
+
- a Python `MCPServerStreamableHttp` snippet;
|
|
39
|
+
- the OpenAI alias note.
|
|
40
|
+
|
|
41
|
+
It does not include database URLs, passwords, write credentials, API keys, or
|
|
42
|
+
bearer token values.
|
|
43
|
+
|
|
44
|
+
## Sanity Check
|
|
45
|
+
|
|
46
|
+
Before giving the agent a real task, ask it to inspect one known object and
|
|
47
|
+
return the tool name it called plus the evidence handle. A healthy setup calls a
|
|
48
|
+
semantic tool such as `billing__inspect_invoice`. It should not expose
|
|
49
|
+
`execute_sql`, approval tools, commit/apply tools, database URLs, or write
|
|
50
|
+
credentials.
|
|
51
|
+
|
|
52
|
+
## Examples
|
|
53
|
+
|
|
54
|
+
```text
|
|
55
|
+
examples/openai-agents-http/
|
|
56
|
+
examples/openai-agents-stdio/
|
|
57
|
+
```
|