@synapsor/runner 0.1.0-alpha.9 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +189 -0
- package/README.md +949 -164
- package/dist/cli.d.ts +2 -0
- package/dist/cli.d.ts.map +1 -1
- package/dist/runner.mjs +2982 -238
- package/docs/README.md +90 -15
- package/docs/app-owned-executors.md +38 -0
- package/docs/capability-authoring.md +265 -0
- package/docs/cloud-mode.md +24 -0
- package/docs/current-scope.md +29 -0
- package/docs/dependency-license-inventory.md +35 -0
- package/docs/doctor.md +98 -0
- package/docs/getting-started-own-database.md +131 -46
- package/docs/handler-helper.md +228 -0
- package/docs/http-mcp.md +85 -17
- package/docs/licensing.md +36 -0
- package/docs/local-mode.md +44 -25
- package/docs/mcp-audit.md +8 -8
- package/docs/mcp-client-setup.md +59 -21
- package/docs/openai-agents-sdk.md +57 -0
- package/docs/recipes.md +6 -6
- package/docs/release-notes.md +348 -0
- package/docs/release-policy.md +125 -0
- package/docs/result-envelope-v2.md +151 -0
- package/docs/rfcs/001-result-envelope-v2.md +143 -0
- package/docs/rfcs/002-app-owned-handler-helper.md +161 -0
- package/docs/rfcs/003-integrator-feedback-teardown.md +97 -0
- package/docs/store-lifecycle.md +83 -0
- package/docs/troubleshooting-first-run.md +6 -6
- package/docs/use-your-own-database.md +18 -0
- package/docs/writeback-executors.md +92 -1
- package/examples/app-owned-writeback/README.md +128 -0
- package/examples/app-owned-writeback/business-actions.md +221 -0
- package/examples/app-owned-writeback/command-handler.mjs +55 -0
- package/examples/app-owned-writeback/node-fastify-handler.mjs +64 -0
- package/examples/app-owned-writeback/python-fastapi-handler.py +66 -0
- package/examples/claude-desktop-postgres/Makefile +6 -0
- package/examples/claude-desktop-postgres/README.md +40 -0
- package/examples/cursor-postgres/Makefile +6 -0
- package/examples/cursor-postgres/README.md +30 -0
- package/examples/mcp-postgres-billing-app-handler/README.md +94 -0
- package/examples/mcp-postgres-billing-app-handler/app-handler.mjs +123 -0
- package/examples/mcp-postgres-billing-app-handler/docker-compose.yml +13 -0
- package/examples/mcp-postgres-billing-app-handler/schema.sql +59 -0
- package/examples/mcp-postgres-billing-app-handler/scripts/run-demo.sh +100 -0
- package/examples/mcp-postgres-billing-app-handler/seed.sql +39 -0
- package/examples/mcp-postgres-billing-app-handler/synapsor-handler.mjs +437 -0
- package/examples/mcp-postgres-billing-app-handler/synapsor.runner.json +158 -0
- package/examples/mysql-refund-agent/Makefile +4 -0
- package/examples/mysql-refund-agent/README.md +36 -0
- package/examples/openai-agents-http/Makefile +6 -0
- package/examples/openai-agents-http/README.md +33 -12
- package/examples/openai-agents-http/agent.py +29 -65
- package/examples/openai-agents-stdio/Makefile +6 -0
- package/examples/openai-agents-stdio/README.md +24 -6
- package/examples/openai-agents-stdio/agent.py +4 -2
- package/examples/raw-sql-vs-synapsor/Makefile +11 -0
- package/examples/raw-sql-vs-synapsor/README.md +41 -0
- package/examples/reference-support-billing-app/README.md +16 -16
- package/examples/reference-support-billing-app/mcp-client.generic.json +1 -1
- package/examples/support-billing-agent/Makefile +19 -0
- package/examples/support-billing-agent/README.md +89 -0
- package/examples/support-billing-agent/app/README.md +13 -0
- package/examples/support-billing-agent/db/schema.sql +91 -0
- package/examples/support-billing-agent/db/seed.sql +43 -0
- package/examples/support-billing-agent/docker-compose.yml +13 -0
- package/examples/support-billing-agent/scripts/run-demo.sh +15 -0
- package/examples/support-billing-agent/synapsor.runner.json +233 -0
- package/fixtures/benchmark/mcp-efficiency.json +53 -0
- package/fixtures/benchmark/mcp-efficiency.txt +25 -0
- package/fixtures/protocol/MANIFEST.json +54 -0
- package/fixtures/protocol/change-set.late-fee-waiver.v1.json +72 -0
- package/fixtures/protocol/execution-receipt.applied.v1.json +14 -0
- package/fixtures/protocol/execution-receipt.conflict.v1.json +15 -0
- package/fixtures/protocol/runner-registration.v1.json +22 -0
- package/fixtures/protocol/writeback-job.late-fee-waiver.v1.json +44 -0
- package/package.json +27 -4
- package/schemas/change-set.v1.schema.json +140 -0
- package/schemas/execution-receipt.v1.schema.json +34 -0
- package/schemas/onboarding-selection.v1.schema.json +132 -0
- package/schemas/runner-registration.v1.schema.json +48 -0
- package/schemas/synapsor.app-handler-receipt.v1.json +39 -0
- package/schemas/synapsor.app-handler-request.v1.json +119 -0
- package/schemas/synapsor.runner.schema.json +415 -0
- package/schemas/writeback-job.v1.schema.json +121 -0
package/docs/README.md
CHANGED
|
@@ -1,34 +1,109 @@
|
|
|
1
1
|
# Synapsor Runner Docs
|
|
2
2
|
|
|
3
|
-
Start with the README. Use
|
|
4
|
-
|
|
3
|
+
Start with the README. Use this index when you need the task-specific next
|
|
4
|
+
step. The order is intentional: run something first, wire your database second,
|
|
5
|
+
then read the concepts once the safety boundary is visible.
|
|
5
6
|
|
|
6
|
-
##
|
|
7
|
+
## 01 Quickstart
|
|
8
|
+
|
|
9
|
+
- [README](../README.md): wedge, no-DB quick demo, five-line model, and the
|
|
10
|
+
shortest own-database path.
|
|
11
|
+
- [Troubleshooting First Run](troubleshooting-first-run.md): common first-run
|
|
12
|
+
failures, redacted diagnostics, and fixes.
|
|
13
|
+
|
|
14
|
+
## 02 Why Raw SQL Is Dangerous
|
|
15
|
+
|
|
16
|
+
- [Security Boundary](security-boundary.md): what the model can and cannot see.
|
|
17
|
+
- [MCP Audit](mcp-audit.md): static review for risky database MCP tools such as
|
|
18
|
+
`execute_sql`, broad query tools, model-controlled tenant filters, or
|
|
19
|
+
model-facing approval/commit tools.
|
|
20
|
+
|
|
21
|
+
## 03 Run The Demo
|
|
22
|
+
|
|
23
|
+
- `examples/support-billing-agent/`: flagship support/billing agent demo with
|
|
24
|
+
`make demo`, expected output, and the raw-SQL-vs-Synapsor contrast.
|
|
25
|
+
- `examples/raw-sql-vs-synapsor/`: no-database fear/fix demo.
|
|
26
|
+
- `examples/reference-support-billing-app/`: shared fixture used by the
|
|
27
|
+
flagship demo and package smoke tests.
|
|
28
|
+
|
|
29
|
+
## 04 Connect Your DB
|
|
7
30
|
|
|
8
31
|
- [Connect Your Own Database](getting-started-own-database.md): inspect a
|
|
9
32
|
staging Postgres/MySQL database, generate `synapsor.runner.json`, preview
|
|
10
33
|
semantic tools, and serve them over MCP.
|
|
34
|
+
- [Use Your Own Database](use-your-own-database.md): short entry point that
|
|
35
|
+
links to the canonical own-database guide.
|
|
36
|
+
- [Doctor](doctor.md): redacted setup checks, handler probes, direct SQL
|
|
37
|
+
writeback probes, and receipt-table guidance.
|
|
38
|
+
|
|
39
|
+
## 05 Generate Capabilities
|
|
40
|
+
|
|
41
|
+
- [Capability Authoring](capability-authoring.md): define read/proposal
|
|
42
|
+
capabilities, model-facing descriptions, result envelopes, trusted context,
|
|
43
|
+
and writeback guards.
|
|
44
|
+
- [Recipes](recipes.md): starter business-capability templates.
|
|
45
|
+
- [JSON Schema](../schemas/synapsor.runner.schema.json): editor validation for
|
|
46
|
+
`synapsor.runner.json`.
|
|
47
|
+
|
|
48
|
+
## 06 Serve MCP
|
|
49
|
+
|
|
11
50
|
- [MCP Client Setup](mcp-client-setup.md): connect Claude, Cursor, VS Code, or
|
|
12
51
|
another stdio MCP client.
|
|
52
|
+
- `examples/claude-desktop-postgres/`: copy-paste Claude Desktop config for the
|
|
53
|
+
Postgres billing fixture.
|
|
54
|
+
- `examples/cursor-postgres/`: copy-paste Cursor config for the Postgres
|
|
55
|
+
billing fixture.
|
|
13
56
|
- [HTTP MCP](http-mcp.md): run Synapsor Runner as an authenticated HTTP MCP
|
|
14
57
|
service for app/server agents.
|
|
58
|
+
- [OpenAI Agents SDK](openai-agents-sdk.md): use Streamable HTTP MCP with
|
|
59
|
+
OpenAI-safe tool aliases.
|
|
15
60
|
|
|
16
|
-
##
|
|
61
|
+
## 07 Propose, Approve, Apply
|
|
17
62
|
|
|
18
|
-
- [Security Boundary](security-boundary.md): what the model can and cannot see.
|
|
19
|
-
- [Current Limitations](limitations.md): current alpha scope.
|
|
20
|
-
- [Troubleshooting First Run](troubleshooting-first-run.md): common setup
|
|
21
|
-
failures and fixes.
|
|
22
63
|
- [Local Mode](local-mode.md): local store, proposals, approval, replay, and
|
|
23
64
|
writeback flow.
|
|
24
|
-
|
|
25
|
-
## Features
|
|
26
|
-
|
|
27
|
-
- [MCP Audit](mcp-audit.md): static risk review for database MCP tools.
|
|
28
|
-
- [Recipes](recipes.md): starter business-capability templates.
|
|
29
65
|
- [Writeback Executors](writeback-executors.md): app-owned writeback handlers
|
|
30
66
|
for approved proposals.
|
|
67
|
+
- [App-Owned Executors](app-owned-executors.md): short entry point for rich
|
|
68
|
+
business transactions handled by your app.
|
|
69
|
+
- [Handler Helper](handler-helper.md): TypeScript helper for safe app-owned
|
|
70
|
+
rich-write handlers.
|
|
71
|
+
|
|
72
|
+
## 08 Replay And Audit
|
|
73
|
+
|
|
74
|
+
- [Result Envelope v2](result-envelope-v2.md): stable
|
|
75
|
+
`ok`/`summary`/`data`/`proposal`/`error` MCP tool results.
|
|
76
|
+
- [Store Lifecycle](store-lifecycle.md): active-store leases, prune safety,
|
|
77
|
+
deleted-store behavior, and concurrent server guardrails.
|
|
78
|
+
- `synapsor-runner activity search`, `evidence`, `query-audit`, `receipts`,
|
|
79
|
+
`events tail`, and `events webhook`: local evidence, audit, receipt, replay,
|
|
80
|
+
and lifecycle inspection.
|
|
81
|
+
- `examples/mysql-refund-agent/`: MySQL order/refund review example using the
|
|
82
|
+
same proposal, approval, guarded writeback, and replay loop.
|
|
83
|
+
|
|
84
|
+
## 09 App-Owned Handlers
|
|
85
|
+
|
|
86
|
+
- [Writeback Executors](writeback-executors.md): call direction, endpoint
|
|
87
|
+
contract, receipt shape, and the requirement to re-check tenant/scope,
|
|
88
|
+
expected version, idempotency, and allowed action inside your handler.
|
|
89
|
+
- [Handler Helper](handler-helper.md): helper API and examples.
|
|
90
|
+
|
|
91
|
+
## 10 Concepts
|
|
92
|
+
|
|
93
|
+
- [Current Scope](current-scope.md): compact v0.1 scope summary.
|
|
94
|
+
- [Current Limitations](limitations.md): intentional safety limits.
|
|
95
|
+
- [Cloud Mode](cloud-mode.md): what stays local and what Cloud-linked mode adds.
|
|
96
|
+
- [Release Notes](release-notes.md): release history and behavior changes.
|
|
97
|
+
- [Release Policy](release-policy.md): stable gates and publish verification.
|
|
98
|
+
- [Licensing](licensing.md): Apache-2.0 scope, trademark boundary, and what is
|
|
99
|
+
not included in this runner repo.
|
|
100
|
+
- [Dependency License Inventory](dependency-license-inventory.md): current
|
|
101
|
+
dependency license summary for release review.
|
|
102
|
+
- RFC source context:
|
|
103
|
+
[001 result envelope](rfcs/001-result-envelope-v2.md),
|
|
104
|
+
[002 handler helper](rfcs/002-app-owned-handler-helper.md),
|
|
105
|
+
[003 integrator teardown](rfcs/003-integrator-feedback-teardown.md).
|
|
31
106
|
|
|
32
|
-
The public docs intentionally stay
|
|
33
|
-
release checklists, and internal planning notes are not part of the
|
|
107
|
+
The public docs intentionally stay task-first. Historical implementation
|
|
108
|
+
reports, release checklists, and internal planning notes are not part of the
|
|
34
109
|
getting-started path.
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
# App-Owned Executors
|
|
2
|
+
|
|
3
|
+
The canonical guide is [Writeback Executors](writeback-executors.md).
|
|
4
|
+
|
|
5
|
+
Use app-owned executors when an approved proposal needs a real business
|
|
6
|
+
transaction instead of Runner-managed single-row SQL.
|
|
7
|
+
|
|
8
|
+
Examples:
|
|
9
|
+
|
|
10
|
+
- create a credit row;
|
|
11
|
+
- open a ticket;
|
|
12
|
+
- call Stripe or Zendesk;
|
|
13
|
+
- write ledger/event rows;
|
|
14
|
+
- update multiple tables in one application transaction.
|
|
15
|
+
|
|
16
|
+
The model-facing MCP tool only creates a proposal. Approval happens outside MCP.
|
|
17
|
+
After approval, Runner calls your `http_handler` or `command_handler`, records
|
|
18
|
+
the receipt, and includes the result in replay.
|
|
19
|
+
|
|
20
|
+
> **Important:** your app handler owns the final business write. Runner creates
|
|
21
|
+
> the proposal and calls your handler only after approval, but your handler must
|
|
22
|
+
> still enforce tenant/scope checks, expected-version or conflict guards,
|
|
23
|
+
> idempotency keys, allowed business actions, transaction/rollback, and safe
|
|
24
|
+
> error receipts. If you skip those checks, you can reintroduce cross-tenant
|
|
25
|
+
> writes, lost updates, or duplicate writes. Keep handler credentials out of MCP.
|
|
26
|
+
|
|
27
|
+
A handler is your application endpoint or script. It is not a second Synapsor
|
|
28
|
+
package that users need to install. Install `@synapsor/runner`, then generate
|
|
29
|
+
or copy a handler template only when your approved write needs app-owned
|
|
30
|
+
business logic.
|
|
31
|
+
|
|
32
|
+
Do not use generic SQL for rich business transactions. Let the model propose,
|
|
33
|
+
let Synapsor Runner approve/replay, and let your app execute the transaction.
|
|
34
|
+
|
|
35
|
+
For TypeScript services, prefer the first-party helper in `packages/handler`.
|
|
36
|
+
It enforces bearer/HMAC auth, tenant scope, expected-version guards,
|
|
37
|
+
idempotency, transaction rollback, and safe receipt formatting around your
|
|
38
|
+
business effect. See [Handler Helper](handler-helper.md).
|
|
@@ -0,0 +1,265 @@
|
|
|
1
|
+
# Capability Authoring
|
|
2
|
+
|
|
3
|
+
Use `synapsor.runner.json` to define the database actions an MCP client can see.
|
|
4
|
+
The model sees semantic capabilities such as `billing.inspect_invoice`, not raw
|
|
5
|
+
SQL, table names, write credentials, approval tools, or commit tools.
|
|
6
|
+
|
|
7
|
+
For editor validation, use the JSON Schema:
|
|
8
|
+
|
|
9
|
+
```text
|
|
10
|
+
schemas/synapsor.runner.schema.json
|
|
11
|
+
```
|
|
12
|
+
|
|
13
|
+
## Minimal Shape
|
|
14
|
+
|
|
15
|
+
```json
|
|
16
|
+
{
|
|
17
|
+
"version": 1,
|
|
18
|
+
"mode": "review",
|
|
19
|
+
"result_format": 2,
|
|
20
|
+
"storage": { "sqlite_path": "./.synapsor/local.db" },
|
|
21
|
+
"sources": {
|
|
22
|
+
"app_postgres": {
|
|
23
|
+
"engine": "postgres",
|
|
24
|
+
"read_url_env": "DATABASE_URL",
|
|
25
|
+
"write_url_env": "SYNAPSOR_DATABASE_WRITE_URL",
|
|
26
|
+
"statement_timeout_ms": 3000
|
|
27
|
+
}
|
|
28
|
+
},
|
|
29
|
+
"trusted_context": {
|
|
30
|
+
"provider": "environment",
|
|
31
|
+
"values": {
|
|
32
|
+
"tenant_id_env": "SYNAPSOR_TENANT_ID",
|
|
33
|
+
"principal_env": "SYNAPSOR_PRINCIPAL"
|
|
34
|
+
}
|
|
35
|
+
},
|
|
36
|
+
"capabilities": []
|
|
37
|
+
}
|
|
38
|
+
```
|
|
39
|
+
|
|
40
|
+
`result_format: 2` makes every MCP tool call return one envelope:
|
|
41
|
+
|
|
42
|
+
```json
|
|
43
|
+
{
|
|
44
|
+
"ok": true,
|
|
45
|
+
"summary": "Created proposal wrp_123. Source database changed: no.",
|
|
46
|
+
"action": "billing.propose_late_fee_waiver",
|
|
47
|
+
"kind": "proposal",
|
|
48
|
+
"data": null,
|
|
49
|
+
"proposal": {},
|
|
50
|
+
"error": null,
|
|
51
|
+
"evidence": {
|
|
52
|
+
"bundle_id": "ev_123",
|
|
53
|
+
"note": "audit/replay handle; you do not need to act on it during this turn"
|
|
54
|
+
},
|
|
55
|
+
"source_database_changed": false,
|
|
56
|
+
"_meta": {
|
|
57
|
+
"canonical_capability": "billing.propose_late_fee_waiver"
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
```
|
|
61
|
+
|
|
62
|
+
Use `--result-format v2` on `mcp serve` or `mcp serve-streamable-http` if you
|
|
63
|
+
want to opt in from the command line instead of config.
|
|
64
|
+
|
|
65
|
+
## Read Capability
|
|
66
|
+
|
|
67
|
+
Read capabilities inspect one scoped row or view and save evidence/query-audit
|
|
68
|
+
records locally.
|
|
69
|
+
|
|
70
|
+
```json
|
|
71
|
+
{
|
|
72
|
+
"name": "billing.inspect_invoice",
|
|
73
|
+
"kind": "read",
|
|
74
|
+
"description": "Inspect one invoice in the trusted tenant before proposing a waiver or credit.",
|
|
75
|
+
"returns_hint": "Returns invoice amount, late fee, status, policy facts, and an audit evidence handle.",
|
|
76
|
+
"source": "app_postgres",
|
|
77
|
+
"target": {
|
|
78
|
+
"schema": "public",
|
|
79
|
+
"table": "invoices",
|
|
80
|
+
"primary_key": "id",
|
|
81
|
+
"tenant_key": "tenant_id"
|
|
82
|
+
},
|
|
83
|
+
"args": {
|
|
84
|
+
"invoice_id": {
|
|
85
|
+
"type": "string",
|
|
86
|
+
"required": true,
|
|
87
|
+
"max_length": 128,
|
|
88
|
+
"description": "Invoice id, e.g. INV-3001."
|
|
89
|
+
}
|
|
90
|
+
},
|
|
91
|
+
"lookup": { "id_from_arg": "invoice_id" },
|
|
92
|
+
"visible_columns": ["id", "tenant_id", "status", "late_fee_cents", "updated_at"],
|
|
93
|
+
"evidence": "required",
|
|
94
|
+
"max_rows": 1
|
|
95
|
+
}
|
|
96
|
+
```
|
|
97
|
+
|
|
98
|
+
Model-facing descriptions matter. They should explain when to use the tool and
|
|
99
|
+
what the result contains. Runner also adds evidence-handle guidance so the model
|
|
100
|
+
does not waste a turn trying to call an audit handle.
|
|
101
|
+
|
|
102
|
+
## Proposal Capability
|
|
103
|
+
|
|
104
|
+
Proposal capabilities create an exact before/after diff. They do not mutate your
|
|
105
|
+
source database. Approval and writeback stay outside the model-facing MCP tool
|
|
106
|
+
surface.
|
|
107
|
+
|
|
108
|
+
```json
|
|
109
|
+
{
|
|
110
|
+
"name": "billing.propose_late_fee_waiver",
|
|
111
|
+
"kind": "proposal",
|
|
112
|
+
"description": "Propose waiving one invoice late fee after inspecting invoice and policy evidence.",
|
|
113
|
+
"returns_hint": "Returns a review-required proposal id, exact field diff, evidence handle, and source_database_changed:false.",
|
|
114
|
+
"source": "app_postgres",
|
|
115
|
+
"target": {
|
|
116
|
+
"schema": "public",
|
|
117
|
+
"table": "invoices",
|
|
118
|
+
"primary_key": "id",
|
|
119
|
+
"tenant_key": "tenant_id"
|
|
120
|
+
},
|
|
121
|
+
"args": {
|
|
122
|
+
"invoice_id": {
|
|
123
|
+
"type": "string",
|
|
124
|
+
"required": true,
|
|
125
|
+
"description": "Invoice id, e.g. INV-3001."
|
|
126
|
+
},
|
|
127
|
+
"reason": {
|
|
128
|
+
"type": "string",
|
|
129
|
+
"required": true,
|
|
130
|
+
"max_length": 500,
|
|
131
|
+
"description": "Business reason for the proposed waiver."
|
|
132
|
+
}
|
|
133
|
+
},
|
|
134
|
+
"lookup": { "id_from_arg": "invoice_id" },
|
|
135
|
+
"visible_columns": ["id", "tenant_id", "status", "late_fee_cents", "waiver_reason", "updated_at"],
|
|
136
|
+
"patch": {
|
|
137
|
+
"late_fee_cents": { "fixed": 0 },
|
|
138
|
+
"waiver_reason": { "from_arg": "reason" }
|
|
139
|
+
},
|
|
140
|
+
"allowed_columns": ["late_fee_cents", "waiver_reason"],
|
|
141
|
+
"numeric_bounds": {
|
|
142
|
+
"late_fee_cents": { "minimum": 0, "maximum": 10000 }
|
|
143
|
+
},
|
|
144
|
+
"conflict_guard": { "column": "updated_at" },
|
|
145
|
+
"approval": { "mode": "human", "required_role": "billing_lead" }
|
|
146
|
+
}
|
|
147
|
+
```
|
|
148
|
+
|
|
149
|
+
## Trusted Context
|
|
150
|
+
|
|
151
|
+
Tenant, principal, approval authority, source ids, and row-version authority
|
|
152
|
+
must come from trusted backend/session context, not from model arguments.
|
|
153
|
+
|
|
154
|
+
Good:
|
|
155
|
+
|
|
156
|
+
```json
|
|
157
|
+
"trusted_context": {
|
|
158
|
+
"provider": "environment",
|
|
159
|
+
"values": {
|
|
160
|
+
"tenant_id_env": "SYNAPSOR_TENANT_ID",
|
|
161
|
+
"principal_env": "SYNAPSOR_PRINCIPAL"
|
|
162
|
+
}
|
|
163
|
+
}
|
|
164
|
+
```
|
|
165
|
+
|
|
166
|
+
Bad:
|
|
167
|
+
|
|
168
|
+
```json
|
|
169
|
+
"args": {
|
|
170
|
+
"tenant_id": { "type": "string" }
|
|
171
|
+
}
|
|
172
|
+
```
|
|
173
|
+
|
|
174
|
+
Runner rejects model-facing trust-scope arguments.
|
|
175
|
+
|
|
176
|
+
## Direct SQL Writeback
|
|
177
|
+
|
|
178
|
+
Use direct SQL writeback only for simple bounded single-row `UPDATE` proposals.
|
|
179
|
+
Runner validates:
|
|
180
|
+
|
|
181
|
+
- fixed table and column names;
|
|
182
|
+
- primary-key targeting;
|
|
183
|
+
- tenant guard;
|
|
184
|
+
- `allowed_columns`;
|
|
185
|
+
- numeric bounds and transition guards;
|
|
186
|
+
- optimistic conflict guard such as `updated_at`;
|
|
187
|
+
- one affected row;
|
|
188
|
+
- idempotency receipt.
|
|
189
|
+
|
|
190
|
+
Runner does not expose generic SQL, model-generated SQL, DDL, INSERT, DELETE,
|
|
191
|
+
UPSERT, or multi-row writes.
|
|
192
|
+
|
|
193
|
+
Direct SQL writeback uses the source `write_url_env`, such as
|
|
194
|
+
`SYNAPSOR_DATABASE_WRITE_URL`. The writer needs permission for
|
|
195
|
+
`synapsor_writeback_receipts` or an administrator must pre-create and grant that
|
|
196
|
+
table.
|
|
197
|
+
|
|
198
|
+
## App-Owned Executors
|
|
199
|
+
|
|
200
|
+
Use an app-owned executor when an approved proposal needs richer business work:
|
|
201
|
+
creating a credit row, inserting an outbox event, updating multiple app tables,
|
|
202
|
+
or calling your own service.
|
|
203
|
+
|
|
204
|
+
```json
|
|
205
|
+
"executors": {
|
|
206
|
+
"billing_handler": {
|
|
207
|
+
"type": "http_handler",
|
|
208
|
+
"url_env": "BILLING_WRITEBACK_URL",
|
|
209
|
+
"method": "POST",
|
|
210
|
+
"auth": {
|
|
211
|
+
"type": "bearer_env",
|
|
212
|
+
"token_env": "BILLING_WRITEBACK_TOKEN"
|
|
213
|
+
},
|
|
214
|
+
"signing_secret_env": "BILLING_WRITEBACK_SIGNING_SECRET",
|
|
215
|
+
"timeout_ms": 5000
|
|
216
|
+
}
|
|
217
|
+
}
|
|
218
|
+
```
|
|
219
|
+
|
|
220
|
+
Then reference it from a proposal capability:
|
|
221
|
+
|
|
222
|
+
```json
|
|
223
|
+
{
|
|
224
|
+
"name": "billing.propose_account_credit",
|
|
225
|
+
"kind": "proposal",
|
|
226
|
+
"executor": "billing_handler"
|
|
227
|
+
}
|
|
228
|
+
```
|
|
229
|
+
|
|
230
|
+
Approval still happens outside MCP. Runner sends the approved job to your
|
|
231
|
+
handler, and the handler returns an applied/conflict/failed receipt for replay.
|
|
232
|
+
See [App-Owned Executors](app-owned-executors.md) and
|
|
233
|
+
[Writeback Executors](writeback-executors.md).
|
|
234
|
+
|
|
235
|
+
## OpenAI Aliases
|
|
236
|
+
|
|
237
|
+
Canonical Synapsor names use dots, such as `billing.inspect_invoice`. Some
|
|
238
|
+
clients require function-safe names. Use:
|
|
239
|
+
|
|
240
|
+
```bash
|
|
241
|
+
synapsor-runner mcp serve-streamable-http \
|
|
242
|
+
--config ./synapsor.runner.json \
|
|
243
|
+
--store ./.synapsor/local.db \
|
|
244
|
+
--auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN \
|
|
245
|
+
--alias-mode openai
|
|
246
|
+
```
|
|
247
|
+
|
|
248
|
+
The model sees aliases such as `billing__inspect_invoice`. Runner includes the
|
|
249
|
+
canonical name in tool metadata and descriptions so audit/replay still use the
|
|
250
|
+
real capability name.
|
|
251
|
+
|
|
252
|
+
## Why Not `execute_sql`
|
|
253
|
+
|
|
254
|
+
`execute_sql(sql)` gives the model database authority. Synapsor Runner gives the
|
|
255
|
+
model proposal authority:
|
|
256
|
+
|
|
257
|
+
```text
|
|
258
|
+
model-facing MCP tool -> trusted context -> scoped read -> evidence -> proposal
|
|
259
|
+
```
|
|
260
|
+
|
|
261
|
+
Commit authority stays outside the model:
|
|
262
|
+
|
|
263
|
+
```text
|
|
264
|
+
human/operator approval -> guarded writeback or app-owned handler -> receipt/replay
|
|
265
|
+
```
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
# Cloud Mode
|
|
2
|
+
|
|
3
|
+
Synapsor Runner is local-first. It does not require Synapsor Cloud for the local
|
|
4
|
+
demo, own-database onboarding, MCP serving, proposal creation, local approval,
|
|
5
|
+
guarded writeback, or replay.
|
|
6
|
+
|
|
7
|
+
Cloud-linked mode is for teams that need a shared control plane:
|
|
8
|
+
|
|
9
|
+
- team approvals and RBAC;
|
|
10
|
+
- hosted evidence/replay search;
|
|
11
|
+
- runner registration and heartbeat;
|
|
12
|
+
- job leases;
|
|
13
|
+
- receipt reporting;
|
|
14
|
+
- retention and audit visibility.
|
|
15
|
+
|
|
16
|
+
The local runner still keeps database credentials in your environment. MCP
|
|
17
|
+
client config snippets should contain command paths and runner arguments, not
|
|
18
|
+
database URLs or write credentials.
|
|
19
|
+
|
|
20
|
+
Run the local smoke for this mode with:
|
|
21
|
+
|
|
22
|
+
```bash
|
|
23
|
+
corepack pnpm test:mcp-cloud-linked
|
|
24
|
+
```
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
# Current Scope
|
|
2
|
+
|
|
3
|
+
The canonical scope page is [Current Limitations](limitations.md).
|
|
4
|
+
|
|
5
|
+
Current alpha scope:
|
|
6
|
+
|
|
7
|
+
- local semantic MCP tools for Postgres/MySQL-backed business actions;
|
|
8
|
+
- schema inspection and guided config generation;
|
|
9
|
+
- trusted context from environment/session values;
|
|
10
|
+
- evidence handles, query audit, proposals, receipts, and local replay;
|
|
11
|
+
- guarded single-row `UPDATE` writeback for simple edits;
|
|
12
|
+
- app-owned `http_handler` and `command_handler` executors for richer approved
|
|
13
|
+
business transactions;
|
|
14
|
+
- stdio MCP, Streamable HTTP MCP, and a small JSON-RPC bridge.
|
|
15
|
+
|
|
16
|
+
Stable `0.1.x` compatibility covers the documented `synapsor-runner` binary,
|
|
17
|
+
config schema version `1`, result envelope v2 with v1 opt-out, stdio/Streamable
|
|
18
|
+
HTTP MCP surfaces, documented MCP client snippets, proposal/evidence/replay
|
|
19
|
+
inspection commands, direct SQL writeback, and app-owned executor contracts.
|
|
20
|
+
|
|
21
|
+
Out of scope:
|
|
22
|
+
|
|
23
|
+
- raw `execute_sql`;
|
|
24
|
+
- model-generated SQL;
|
|
25
|
+
- generic INSERT/DELETE/UPSERT/DDL;
|
|
26
|
+
- generic multi-row SQL writeback;
|
|
27
|
+
- physical branching of external Postgres/MySQL;
|
|
28
|
+
- self-hosted Synapsor Cloud;
|
|
29
|
+
- production SLA or compliance certification.
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
# Dependency License Inventory
|
|
2
|
+
|
|
3
|
+
Generated from the current lockfile/install with:
|
|
4
|
+
|
|
5
|
+
```bash
|
|
6
|
+
corepack pnpm licenses list --json
|
|
7
|
+
```
|
|
8
|
+
|
|
9
|
+
Summary from the current dependency set:
|
|
10
|
+
|
|
11
|
+
| License | Package entries |
|
|
12
|
+
| --- | ---: |
|
|
13
|
+
| MIT | 149 |
|
|
14
|
+
| Apache-2.0 | 4 |
|
|
15
|
+
| BSD-3-Clause | 3 |
|
|
16
|
+
| BSD-2-Clause | 1 |
|
|
17
|
+
| ISC | 11 |
|
|
18
|
+
|
|
19
|
+
Apache-2.0 dependency entries reported by pnpm:
|
|
20
|
+
|
|
21
|
+
- `denque@2.1.0`
|
|
22
|
+
- `expect-type@1.3.0`
|
|
23
|
+
- `long@5.3.2`
|
|
24
|
+
- `typescript@5.9.3`
|
|
25
|
+
|
|
26
|
+
This file is an inventory summary, not a replacement for dependency license
|
|
27
|
+
review. Third-party dependency licenses and notices are not changed by the
|
|
28
|
+
first-party Synapsor Runner Apache-2.0 license.
|
|
29
|
+
|
|
30
|
+
Before public release:
|
|
31
|
+
|
|
32
|
+
- regenerate this inventory from a clean install;
|
|
33
|
+
- review dependency notices with the release owner or qualified counsel;
|
|
34
|
+
- keep third-party notices separate from the first-party Synapsor Runner
|
|
35
|
+
license.
|
package/docs/doctor.md
ADDED
|
@@ -0,0 +1,98 @@
|
|
|
1
|
+
# Doctor
|
|
2
|
+
|
|
3
|
+
Use `doctor` to check a local Runner setup without printing database URLs,
|
|
4
|
+
passwords, bearer tokens, signing secrets, or private keys.
|
|
5
|
+
|
|
6
|
+
```bash
|
|
7
|
+
synapsor-runner doctor --config synapsor.runner.json
|
|
8
|
+
synapsor-runner doctor --config synapsor.runner.json --json
|
|
9
|
+
synapsor-runner doctor --config synapsor.runner.json --report --redact --output synapsor-doctor.md
|
|
10
|
+
```
|
|
11
|
+
|
|
12
|
+
The default check validates:
|
|
13
|
+
|
|
14
|
+
- config shape;
|
|
15
|
+
- trusted context environment variables;
|
|
16
|
+
- read credential environment variables;
|
|
17
|
+
- read/write credential separation;
|
|
18
|
+
- reachable source metadata when the read env var is set;
|
|
19
|
+
- configured target tables and columns;
|
|
20
|
+
- MCP tool boundary, including absence of raw SQL and commit tools;
|
|
21
|
+
- local store stats.
|
|
22
|
+
|
|
23
|
+
## App-Owned Handler Checks
|
|
24
|
+
|
|
25
|
+
For `http_handler` executors, add `--check-handlers`:
|
|
26
|
+
|
|
27
|
+
```bash
|
|
28
|
+
synapsor-runner doctor --config synapsor.runner.json --check-handlers
|
|
29
|
+
```
|
|
30
|
+
|
|
31
|
+
This checks handler URL/token/signing-secret env vars and sends a reachability
|
|
32
|
+
probe to the handler endpoint. It does not apply a proposal and does not send a
|
|
33
|
+
writeback job.
|
|
34
|
+
|
|
35
|
+
Use `signing_secret_env` for non-loopback handler deployments so Runner signs
|
|
36
|
+
requests with:
|
|
37
|
+
|
|
38
|
+
```text
|
|
39
|
+
X-Synapsor-Signature
|
|
40
|
+
X-Synapsor-Issued-At
|
|
41
|
+
X-Synapsor-Proposal-Id
|
|
42
|
+
Idempotency-Key
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
## Direct SQL Writeback Checks
|
|
46
|
+
|
|
47
|
+
For direct `sql_update` writeback, add `--check-writeback` only after reviewing
|
|
48
|
+
the receipt-table DDL/grants:
|
|
49
|
+
|
|
50
|
+
```bash
|
|
51
|
+
synapsor-runner doctor --config synapsor.runner.json --check-writeback
|
|
52
|
+
```
|
|
53
|
+
|
|
54
|
+
This connects with the trusted writer env var named by `write_url_env` and
|
|
55
|
+
checks:
|
|
56
|
+
|
|
57
|
+
- writer database connectivity;
|
|
58
|
+
- `synapsor_writeback_receipts` permission through the adapter doctor;
|
|
59
|
+
- rollback-only access to each configured proposal target table;
|
|
60
|
+
- rollback-only update permission for configured allowed write columns.
|
|
61
|
+
|
|
62
|
+
The target-table probe uses fixed schema/table/column identifiers from the
|
|
63
|
+
reviewed config. It does not accept model SQL, user SQL, arbitrary table names,
|
|
64
|
+
or arbitrary column names. It runs inside a transaction and rolls back.
|
|
65
|
+
|
|
66
|
+
The receipt-table probe can create `synapsor_writeback_receipts` if the writer
|
|
67
|
+
has permission. If your policy does not allow Runner to create tables in the
|
|
68
|
+
application schema, pre-create the table and grant access:
|
|
69
|
+
|
|
70
|
+
```bash
|
|
71
|
+
synapsor-runner writeback migration --engine postgres --schema synapsor
|
|
72
|
+
synapsor-runner writeback grants --engine postgres --schema synapsor --writer-role app_writer
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
For MySQL:
|
|
76
|
+
|
|
77
|
+
```bash
|
|
78
|
+
synapsor-runner writeback migration --engine mysql --schema appdb
|
|
79
|
+
synapsor-runner writeback grants --engine mysql --schema appdb --writer-role "'app_writer'@'%'"
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
Use an app-owned `http_handler` or `command_handler` executor when your
|
|
83
|
+
application should own richer business writes or receipt storage.
|
|
84
|
+
|
|
85
|
+
## Redaction
|
|
86
|
+
|
|
87
|
+
Doctor output intentionally uses safe categories such as:
|
|
88
|
+
|
|
89
|
+
```text
|
|
90
|
+
connection failed
|
|
91
|
+
authentication failed
|
|
92
|
+
permission denied
|
|
93
|
+
configured object not found
|
|
94
|
+
database probe failed
|
|
95
|
+
```
|
|
96
|
+
|
|
97
|
+
Raw driver errors, connection strings, passwords, tokens, signing secrets, and
|
|
98
|
+
handler URLs are not printed in the report.
|