@synapsor/runner 0.1.0-alpha.9 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (85) hide show
  1. package/CHANGELOG.md +189 -0
  2. package/README.md +949 -164
  3. package/dist/cli.d.ts +2 -0
  4. package/dist/cli.d.ts.map +1 -1
  5. package/dist/runner.mjs +2982 -238
  6. package/docs/README.md +90 -15
  7. package/docs/app-owned-executors.md +38 -0
  8. package/docs/capability-authoring.md +265 -0
  9. package/docs/cloud-mode.md +24 -0
  10. package/docs/current-scope.md +29 -0
  11. package/docs/dependency-license-inventory.md +35 -0
  12. package/docs/doctor.md +98 -0
  13. package/docs/getting-started-own-database.md +131 -46
  14. package/docs/handler-helper.md +228 -0
  15. package/docs/http-mcp.md +85 -17
  16. package/docs/licensing.md +36 -0
  17. package/docs/local-mode.md +44 -25
  18. package/docs/mcp-audit.md +8 -8
  19. package/docs/mcp-client-setup.md +59 -21
  20. package/docs/openai-agents-sdk.md +57 -0
  21. package/docs/recipes.md +6 -6
  22. package/docs/release-notes.md +348 -0
  23. package/docs/release-policy.md +125 -0
  24. package/docs/result-envelope-v2.md +151 -0
  25. package/docs/rfcs/001-result-envelope-v2.md +143 -0
  26. package/docs/rfcs/002-app-owned-handler-helper.md +161 -0
  27. package/docs/rfcs/003-integrator-feedback-teardown.md +97 -0
  28. package/docs/store-lifecycle.md +83 -0
  29. package/docs/troubleshooting-first-run.md +6 -6
  30. package/docs/use-your-own-database.md +18 -0
  31. package/docs/writeback-executors.md +92 -1
  32. package/examples/app-owned-writeback/README.md +128 -0
  33. package/examples/app-owned-writeback/business-actions.md +221 -0
  34. package/examples/app-owned-writeback/command-handler.mjs +55 -0
  35. package/examples/app-owned-writeback/node-fastify-handler.mjs +64 -0
  36. package/examples/app-owned-writeback/python-fastapi-handler.py +66 -0
  37. package/examples/claude-desktop-postgres/Makefile +6 -0
  38. package/examples/claude-desktop-postgres/README.md +40 -0
  39. package/examples/cursor-postgres/Makefile +6 -0
  40. package/examples/cursor-postgres/README.md +30 -0
  41. package/examples/mcp-postgres-billing-app-handler/README.md +94 -0
  42. package/examples/mcp-postgres-billing-app-handler/app-handler.mjs +123 -0
  43. package/examples/mcp-postgres-billing-app-handler/docker-compose.yml +13 -0
  44. package/examples/mcp-postgres-billing-app-handler/schema.sql +59 -0
  45. package/examples/mcp-postgres-billing-app-handler/scripts/run-demo.sh +100 -0
  46. package/examples/mcp-postgres-billing-app-handler/seed.sql +39 -0
  47. package/examples/mcp-postgres-billing-app-handler/synapsor-handler.mjs +437 -0
  48. package/examples/mcp-postgres-billing-app-handler/synapsor.runner.json +158 -0
  49. package/examples/mysql-refund-agent/Makefile +4 -0
  50. package/examples/mysql-refund-agent/README.md +36 -0
  51. package/examples/openai-agents-http/Makefile +6 -0
  52. package/examples/openai-agents-http/README.md +33 -12
  53. package/examples/openai-agents-http/agent.py +29 -65
  54. package/examples/openai-agents-stdio/Makefile +6 -0
  55. package/examples/openai-agents-stdio/README.md +24 -6
  56. package/examples/openai-agents-stdio/agent.py +4 -2
  57. package/examples/raw-sql-vs-synapsor/Makefile +11 -0
  58. package/examples/raw-sql-vs-synapsor/README.md +41 -0
  59. package/examples/reference-support-billing-app/README.md +16 -16
  60. package/examples/reference-support-billing-app/mcp-client.generic.json +1 -1
  61. package/examples/support-billing-agent/Makefile +19 -0
  62. package/examples/support-billing-agent/README.md +89 -0
  63. package/examples/support-billing-agent/app/README.md +13 -0
  64. package/examples/support-billing-agent/db/schema.sql +91 -0
  65. package/examples/support-billing-agent/db/seed.sql +43 -0
  66. package/examples/support-billing-agent/docker-compose.yml +13 -0
  67. package/examples/support-billing-agent/scripts/run-demo.sh +15 -0
  68. package/examples/support-billing-agent/synapsor.runner.json +233 -0
  69. package/fixtures/benchmark/mcp-efficiency.json +53 -0
  70. package/fixtures/benchmark/mcp-efficiency.txt +25 -0
  71. package/fixtures/protocol/MANIFEST.json +54 -0
  72. package/fixtures/protocol/change-set.late-fee-waiver.v1.json +72 -0
  73. package/fixtures/protocol/execution-receipt.applied.v1.json +14 -0
  74. package/fixtures/protocol/execution-receipt.conflict.v1.json +15 -0
  75. package/fixtures/protocol/runner-registration.v1.json +22 -0
  76. package/fixtures/protocol/writeback-job.late-fee-waiver.v1.json +44 -0
  77. package/package.json +27 -4
  78. package/schemas/change-set.v1.schema.json +140 -0
  79. package/schemas/execution-receipt.v1.schema.json +34 -0
  80. package/schemas/onboarding-selection.v1.schema.json +132 -0
  81. package/schemas/runner-registration.v1.schema.json +48 -0
  82. package/schemas/synapsor.app-handler-receipt.v1.json +39 -0
  83. package/schemas/synapsor.app-handler-request.v1.json +119 -0
  84. package/schemas/synapsor.runner.schema.json +415 -0
  85. package/schemas/writeback-job.v1.schema.json +121 -0
package/docs/README.md CHANGED
@@ -1,34 +1,109 @@
1
1
  # Synapsor Runner Docs
2
2
 
3
- Start with the README. Use these docs only when you need the next level of
4
- detail.
3
+ Start with the README. Use this index when you need the task-specific next
4
+ step. The order is intentional: run something first, wire your database second,
5
+ then read the concepts once the safety boundary is visible.
5
6
 
6
- ## First Setup
7
+ ## 01 Quickstart
8
+
9
+ - [README](../README.md): wedge, no-DB quick demo, five-line model, and the
10
+ shortest own-database path.
11
+ - [Troubleshooting First Run](troubleshooting-first-run.md): common first-run
12
+ failures, redacted diagnostics, and fixes.
13
+
14
+ ## 02 Why Raw SQL Is Dangerous
15
+
16
+ - [Security Boundary](security-boundary.md): what the model can and cannot see.
17
+ - [MCP Audit](mcp-audit.md): static review for risky database MCP tools such as
18
+ `execute_sql`, broad query tools, model-controlled tenant filters, or
19
+ model-facing approval/commit tools.
20
+
21
+ ## 03 Run The Demo
22
+
23
+ - `examples/support-billing-agent/`: flagship support/billing agent demo with
24
+ `make demo`, expected output, and the raw-SQL-vs-Synapsor contrast.
25
+ - `examples/raw-sql-vs-synapsor/`: no-database fear/fix demo.
26
+ - `examples/reference-support-billing-app/`: shared fixture used by the
27
+ flagship demo and package smoke tests.
28
+
29
+ ## 04 Connect Your DB
7
30
 
8
31
  - [Connect Your Own Database](getting-started-own-database.md): inspect a
9
32
  staging Postgres/MySQL database, generate `synapsor.runner.json`, preview
10
33
  semantic tools, and serve them over MCP.
34
+ - [Use Your Own Database](use-your-own-database.md): short entry point that
35
+ links to the canonical own-database guide.
36
+ - [Doctor](doctor.md): redacted setup checks, handler probes, direct SQL
37
+ writeback probes, and receipt-table guidance.
38
+
39
+ ## 05 Generate Capabilities
40
+
41
+ - [Capability Authoring](capability-authoring.md): define read/proposal
42
+ capabilities, model-facing descriptions, result envelopes, trusted context,
43
+ and writeback guards.
44
+ - [Recipes](recipes.md): starter business-capability templates.
45
+ - [JSON Schema](../schemas/synapsor.runner.schema.json): editor validation for
46
+ `synapsor.runner.json`.
47
+
48
+ ## 06 Serve MCP
49
+
11
50
  - [MCP Client Setup](mcp-client-setup.md): connect Claude, Cursor, VS Code, or
12
51
  another stdio MCP client.
52
+ - `examples/claude-desktop-postgres/`: copy-paste Claude Desktop config for the
53
+ Postgres billing fixture.
54
+ - `examples/cursor-postgres/`: copy-paste Cursor config for the Postgres
55
+ billing fixture.
13
56
  - [HTTP MCP](http-mcp.md): run Synapsor Runner as an authenticated HTTP MCP
14
57
  service for app/server agents.
58
+ - [OpenAI Agents SDK](openai-agents-sdk.md): use Streamable HTTP MCP with
59
+ OpenAI-safe tool aliases.
15
60
 
16
- ## Safety And Operations
61
+ ## 07 Propose, Approve, Apply
17
62
 
18
- - [Security Boundary](security-boundary.md): what the model can and cannot see.
19
- - [Current Limitations](limitations.md): current alpha scope.
20
- - [Troubleshooting First Run](troubleshooting-first-run.md): common setup
21
- failures and fixes.
22
63
  - [Local Mode](local-mode.md): local store, proposals, approval, replay, and
23
64
  writeback flow.
24
-
25
- ## Features
26
-
27
- - [MCP Audit](mcp-audit.md): static risk review for database MCP tools.
28
- - [Recipes](recipes.md): starter business-capability templates.
29
65
  - [Writeback Executors](writeback-executors.md): app-owned writeback handlers
30
66
  for approved proposals.
67
+ - [App-Owned Executors](app-owned-executors.md): short entry point for rich
68
+ business transactions handled by your app.
69
+ - [Handler Helper](handler-helper.md): TypeScript helper for safe app-owned
70
+ rich-write handlers.
71
+
72
+ ## 08 Replay And Audit
73
+
74
+ - [Result Envelope v2](result-envelope-v2.md): stable
75
+ `ok`/`summary`/`data`/`proposal`/`error` MCP tool results.
76
+ - [Store Lifecycle](store-lifecycle.md): active-store leases, prune safety,
77
+ deleted-store behavior, and concurrent server guardrails.
78
+ - `synapsor-runner activity search`, `evidence`, `query-audit`, `receipts`,
79
+ `events tail`, and `events webhook`: local evidence, audit, receipt, replay,
80
+ and lifecycle inspection.
81
+ - `examples/mysql-refund-agent/`: MySQL order/refund review example using the
82
+ same proposal, approval, guarded writeback, and replay loop.
83
+
84
+ ## 09 App-Owned Handlers
85
+
86
+ - [Writeback Executors](writeback-executors.md): call direction, endpoint
87
+ contract, receipt shape, and the requirement to re-check tenant/scope,
88
+ expected version, idempotency, and allowed action inside your handler.
89
+ - [Handler Helper](handler-helper.md): helper API and examples.
90
+
91
+ ## 10 Concepts
92
+
93
+ - [Current Scope](current-scope.md): compact v0.1 scope summary.
94
+ - [Current Limitations](limitations.md): intentional safety limits.
95
+ - [Cloud Mode](cloud-mode.md): what stays local and what Cloud-linked mode adds.
96
+ - [Release Notes](release-notes.md): release history and behavior changes.
97
+ - [Release Policy](release-policy.md): stable gates and publish verification.
98
+ - [Licensing](licensing.md): Apache-2.0 scope, trademark boundary, and what is
99
+ not included in this runner repo.
100
+ - [Dependency License Inventory](dependency-license-inventory.md): current
101
+ dependency license summary for release review.
102
+ - RFC source context:
103
+ [001 result envelope](rfcs/001-result-envelope-v2.md),
104
+ [002 handler helper](rfcs/002-app-owned-handler-helper.md),
105
+ [003 integrator teardown](rfcs/003-integrator-feedback-teardown.md).
31
106
 
32
- The public docs intentionally stay small. Historical implementation reports,
33
- release checklists, and internal planning notes are not part of the public
107
+ The public docs intentionally stay task-first. Historical implementation
108
+ reports, release checklists, and internal planning notes are not part of the
34
109
  getting-started path.
@@ -0,0 +1,38 @@
1
+ # App-Owned Executors
2
+
3
+ The canonical guide is [Writeback Executors](writeback-executors.md).
4
+
5
+ Use app-owned executors when an approved proposal needs a real business
6
+ transaction instead of Runner-managed single-row SQL.
7
+
8
+ Examples:
9
+
10
+ - create a credit row;
11
+ - open a ticket;
12
+ - call Stripe or Zendesk;
13
+ - write ledger/event rows;
14
+ - update multiple tables in one application transaction.
15
+
16
+ The model-facing MCP tool only creates a proposal. Approval happens outside MCP.
17
+ After approval, Runner calls your `http_handler` or `command_handler`, records
18
+ the receipt, and includes the result in replay.
19
+
20
+ > **Important:** your app handler owns the final business write. Runner creates
21
+ > the proposal and calls your handler only after approval, but your handler must
22
+ > still enforce tenant/scope checks, expected-version or conflict guards,
23
+ > idempotency keys, allowed business actions, transaction/rollback, and safe
24
+ > error receipts. If you skip those checks, you can reintroduce cross-tenant
25
+ > writes, lost updates, or duplicate writes. Keep handler credentials out of MCP.
26
+
27
+ A handler is your application endpoint or script. It is not a second Synapsor
28
+ package that users need to install. Install `@synapsor/runner`, then generate
29
+ or copy a handler template only when your approved write needs app-owned
30
+ business logic.
31
+
32
+ Do not use generic SQL for rich business transactions. Let the model propose,
33
+ let Synapsor Runner approve/replay, and let your app execute the transaction.
34
+
35
+ For TypeScript services, prefer the first-party helper in `packages/handler`.
36
+ It enforces bearer/HMAC auth, tenant scope, expected-version guards,
37
+ idempotency, transaction rollback, and safe receipt formatting around your
38
+ business effect. See [Handler Helper](handler-helper.md).
@@ -0,0 +1,265 @@
1
+ # Capability Authoring
2
+
3
+ Use `synapsor.runner.json` to define the database actions an MCP client can see.
4
+ The model sees semantic capabilities such as `billing.inspect_invoice`, not raw
5
+ SQL, table names, write credentials, approval tools, or commit tools.
6
+
7
+ For editor validation, use the JSON Schema:
8
+
9
+ ```text
10
+ schemas/synapsor.runner.schema.json
11
+ ```
12
+
13
+ ## Minimal Shape
14
+
15
+ ```json
16
+ {
17
+ "version": 1,
18
+ "mode": "review",
19
+ "result_format": 2,
20
+ "storage": { "sqlite_path": "./.synapsor/local.db" },
21
+ "sources": {
22
+ "app_postgres": {
23
+ "engine": "postgres",
24
+ "read_url_env": "DATABASE_URL",
25
+ "write_url_env": "SYNAPSOR_DATABASE_WRITE_URL",
26
+ "statement_timeout_ms": 3000
27
+ }
28
+ },
29
+ "trusted_context": {
30
+ "provider": "environment",
31
+ "values": {
32
+ "tenant_id_env": "SYNAPSOR_TENANT_ID",
33
+ "principal_env": "SYNAPSOR_PRINCIPAL"
34
+ }
35
+ },
36
+ "capabilities": []
37
+ }
38
+ ```
39
+
40
+ `result_format: 2` makes every MCP tool call return one envelope:
41
+
42
+ ```json
43
+ {
44
+ "ok": true,
45
+ "summary": "Created proposal wrp_123. Source database changed: no.",
46
+ "action": "billing.propose_late_fee_waiver",
47
+ "kind": "proposal",
48
+ "data": null,
49
+ "proposal": {},
50
+ "error": null,
51
+ "evidence": {
52
+ "bundle_id": "ev_123",
53
+ "note": "audit/replay handle; you do not need to act on it during this turn"
54
+ },
55
+ "source_database_changed": false,
56
+ "_meta": {
57
+ "canonical_capability": "billing.propose_late_fee_waiver"
58
+ }
59
+ }
60
+ ```
61
+
62
+ Use `--result-format v2` on `mcp serve` or `mcp serve-streamable-http` if you
63
+ want to opt in from the command line instead of config.
64
+
65
+ ## Read Capability
66
+
67
+ Read capabilities inspect one scoped row or view and save evidence/query-audit
68
+ records locally.
69
+
70
+ ```json
71
+ {
72
+ "name": "billing.inspect_invoice",
73
+ "kind": "read",
74
+ "description": "Inspect one invoice in the trusted tenant before proposing a waiver or credit.",
75
+ "returns_hint": "Returns invoice amount, late fee, status, policy facts, and an audit evidence handle.",
76
+ "source": "app_postgres",
77
+ "target": {
78
+ "schema": "public",
79
+ "table": "invoices",
80
+ "primary_key": "id",
81
+ "tenant_key": "tenant_id"
82
+ },
83
+ "args": {
84
+ "invoice_id": {
85
+ "type": "string",
86
+ "required": true,
87
+ "max_length": 128,
88
+ "description": "Invoice id, e.g. INV-3001."
89
+ }
90
+ },
91
+ "lookup": { "id_from_arg": "invoice_id" },
92
+ "visible_columns": ["id", "tenant_id", "status", "late_fee_cents", "updated_at"],
93
+ "evidence": "required",
94
+ "max_rows": 1
95
+ }
96
+ ```
97
+
98
+ Model-facing descriptions matter. They should explain when to use the tool and
99
+ what the result contains. Runner also adds evidence-handle guidance so the model
100
+ does not waste a turn trying to call an audit handle.
101
+
102
+ ## Proposal Capability
103
+
104
+ Proposal capabilities create an exact before/after diff. They do not mutate your
105
+ source database. Approval and writeback stay outside the model-facing MCP tool
106
+ surface.
107
+
108
+ ```json
109
+ {
110
+ "name": "billing.propose_late_fee_waiver",
111
+ "kind": "proposal",
112
+ "description": "Propose waiving one invoice late fee after inspecting invoice and policy evidence.",
113
+ "returns_hint": "Returns a review-required proposal id, exact field diff, evidence handle, and source_database_changed:false.",
114
+ "source": "app_postgres",
115
+ "target": {
116
+ "schema": "public",
117
+ "table": "invoices",
118
+ "primary_key": "id",
119
+ "tenant_key": "tenant_id"
120
+ },
121
+ "args": {
122
+ "invoice_id": {
123
+ "type": "string",
124
+ "required": true,
125
+ "description": "Invoice id, e.g. INV-3001."
126
+ },
127
+ "reason": {
128
+ "type": "string",
129
+ "required": true,
130
+ "max_length": 500,
131
+ "description": "Business reason for the proposed waiver."
132
+ }
133
+ },
134
+ "lookup": { "id_from_arg": "invoice_id" },
135
+ "visible_columns": ["id", "tenant_id", "status", "late_fee_cents", "waiver_reason", "updated_at"],
136
+ "patch": {
137
+ "late_fee_cents": { "fixed": 0 },
138
+ "waiver_reason": { "from_arg": "reason" }
139
+ },
140
+ "allowed_columns": ["late_fee_cents", "waiver_reason"],
141
+ "numeric_bounds": {
142
+ "late_fee_cents": { "minimum": 0, "maximum": 10000 }
143
+ },
144
+ "conflict_guard": { "column": "updated_at" },
145
+ "approval": { "mode": "human", "required_role": "billing_lead" }
146
+ }
147
+ ```
148
+
149
+ ## Trusted Context
150
+
151
+ Tenant, principal, approval authority, source ids, and row-version authority
152
+ must come from trusted backend/session context, not from model arguments.
153
+
154
+ Good:
155
+
156
+ ```json
157
+ "trusted_context": {
158
+ "provider": "environment",
159
+ "values": {
160
+ "tenant_id_env": "SYNAPSOR_TENANT_ID",
161
+ "principal_env": "SYNAPSOR_PRINCIPAL"
162
+ }
163
+ }
164
+ ```
165
+
166
+ Bad:
167
+
168
+ ```json
169
+ "args": {
170
+ "tenant_id": { "type": "string" }
171
+ }
172
+ ```
173
+
174
+ Runner rejects model-facing trust-scope arguments.
175
+
176
+ ## Direct SQL Writeback
177
+
178
+ Use direct SQL writeback only for simple bounded single-row `UPDATE` proposals.
179
+ Runner validates:
180
+
181
+ - fixed table and column names;
182
+ - primary-key targeting;
183
+ - tenant guard;
184
+ - `allowed_columns`;
185
+ - numeric bounds and transition guards;
186
+ - optimistic conflict guard such as `updated_at`;
187
+ - one affected row;
188
+ - idempotency receipt.
189
+
190
+ Runner does not expose generic SQL, model-generated SQL, DDL, INSERT, DELETE,
191
+ UPSERT, or multi-row writes.
192
+
193
+ Direct SQL writeback uses the source `write_url_env`, such as
194
+ `SYNAPSOR_DATABASE_WRITE_URL`. The writer needs permission for
195
+ `synapsor_writeback_receipts` or an administrator must pre-create and grant that
196
+ table.
197
+
198
+ ## App-Owned Executors
199
+
200
+ Use an app-owned executor when an approved proposal needs richer business work:
201
+ creating a credit row, inserting an outbox event, updating multiple app tables,
202
+ or calling your own service.
203
+
204
+ ```json
205
+ "executors": {
206
+ "billing_handler": {
207
+ "type": "http_handler",
208
+ "url_env": "BILLING_WRITEBACK_URL",
209
+ "method": "POST",
210
+ "auth": {
211
+ "type": "bearer_env",
212
+ "token_env": "BILLING_WRITEBACK_TOKEN"
213
+ },
214
+ "signing_secret_env": "BILLING_WRITEBACK_SIGNING_SECRET",
215
+ "timeout_ms": 5000
216
+ }
217
+ }
218
+ ```
219
+
220
+ Then reference it from a proposal capability:
221
+
222
+ ```json
223
+ {
224
+ "name": "billing.propose_account_credit",
225
+ "kind": "proposal",
226
+ "executor": "billing_handler"
227
+ }
228
+ ```
229
+
230
+ Approval still happens outside MCP. Runner sends the approved job to your
231
+ handler, and the handler returns an applied/conflict/failed receipt for replay.
232
+ See [App-Owned Executors](app-owned-executors.md) and
233
+ [Writeback Executors](writeback-executors.md).
234
+
235
+ ## OpenAI Aliases
236
+
237
+ Canonical Synapsor names use dots, such as `billing.inspect_invoice`. Some
238
+ clients require function-safe names. Use:
239
+
240
+ ```bash
241
+ synapsor-runner mcp serve-streamable-http \
242
+ --config ./synapsor.runner.json \
243
+ --store ./.synapsor/local.db \
244
+ --auth-token-env SYNAPSOR_RUNNER_HTTP_TOKEN \
245
+ --alias-mode openai
246
+ ```
247
+
248
+ The model sees aliases such as `billing__inspect_invoice`. Runner includes the
249
+ canonical name in tool metadata and descriptions so audit/replay still use the
250
+ real capability name.
251
+
252
+ ## Why Not `execute_sql`
253
+
254
+ `execute_sql(sql)` gives the model database authority. Synapsor Runner gives the
255
+ model proposal authority:
256
+
257
+ ```text
258
+ model-facing MCP tool -> trusted context -> scoped read -> evidence -> proposal
259
+ ```
260
+
261
+ Commit authority stays outside the model:
262
+
263
+ ```text
264
+ human/operator approval -> guarded writeback or app-owned handler -> receipt/replay
265
+ ```
@@ -0,0 +1,24 @@
1
+ # Cloud Mode
2
+
3
+ Synapsor Runner is local-first. It does not require Synapsor Cloud for the local
4
+ demo, own-database onboarding, MCP serving, proposal creation, local approval,
5
+ guarded writeback, or replay.
6
+
7
+ Cloud-linked mode is for teams that need a shared control plane:
8
+
9
+ - team approvals and RBAC;
10
+ - hosted evidence/replay search;
11
+ - runner registration and heartbeat;
12
+ - job leases;
13
+ - receipt reporting;
14
+ - retention and audit visibility.
15
+
16
+ The local runner still keeps database credentials in your environment. MCP
17
+ client config snippets should contain command paths and runner arguments, not
18
+ database URLs or write credentials.
19
+
20
+ Run the local smoke for this mode with:
21
+
22
+ ```bash
23
+ corepack pnpm test:mcp-cloud-linked
24
+ ```
@@ -0,0 +1,29 @@
1
+ # Current Scope
2
+
3
+ The canonical scope page is [Current Limitations](limitations.md).
4
+
5
+ Current alpha scope:
6
+
7
+ - local semantic MCP tools for Postgres/MySQL-backed business actions;
8
+ - schema inspection and guided config generation;
9
+ - trusted context from environment/session values;
10
+ - evidence handles, query audit, proposals, receipts, and local replay;
11
+ - guarded single-row `UPDATE` writeback for simple edits;
12
+ - app-owned `http_handler` and `command_handler` executors for richer approved
13
+ business transactions;
14
+ - stdio MCP, Streamable HTTP MCP, and a small JSON-RPC bridge.
15
+
16
+ Stable `0.1.x` compatibility covers the documented `synapsor-runner` binary,
17
+ config schema version `1`, result envelope v2 with v1 opt-out, stdio/Streamable
18
+ HTTP MCP surfaces, documented MCP client snippets, proposal/evidence/replay
19
+ inspection commands, direct SQL writeback, and app-owned executor contracts.
20
+
21
+ Out of scope:
22
+
23
+ - raw `execute_sql`;
24
+ - model-generated SQL;
25
+ - generic INSERT/DELETE/UPSERT/DDL;
26
+ - generic multi-row SQL writeback;
27
+ - physical branching of external Postgres/MySQL;
28
+ - self-hosted Synapsor Cloud;
29
+ - production SLA or compliance certification.
@@ -0,0 +1,35 @@
1
+ # Dependency License Inventory
2
+
3
+ Generated from the current lockfile/install with:
4
+
5
+ ```bash
6
+ corepack pnpm licenses list --json
7
+ ```
8
+
9
+ Summary from the current dependency set:
10
+
11
+ | License | Package entries |
12
+ | --- | ---: |
13
+ | MIT | 149 |
14
+ | Apache-2.0 | 4 |
15
+ | BSD-3-Clause | 3 |
16
+ | BSD-2-Clause | 1 |
17
+ | ISC | 11 |
18
+
19
+ Apache-2.0 dependency entries reported by pnpm:
20
+
21
+ - `denque@2.1.0`
22
+ - `expect-type@1.3.0`
23
+ - `long@5.3.2`
24
+ - `typescript@5.9.3`
25
+
26
+ This file is an inventory summary, not a replacement for dependency license
27
+ review. Third-party dependency licenses and notices are not changed by the
28
+ first-party Synapsor Runner Apache-2.0 license.
29
+
30
+ Before public release:
31
+
32
+ - regenerate this inventory from a clean install;
33
+ - review dependency notices with the release owner or qualified counsel;
34
+ - keep third-party notices separate from the first-party Synapsor Runner
35
+ license.
package/docs/doctor.md ADDED
@@ -0,0 +1,98 @@
1
+ # Doctor
2
+
3
+ Use `doctor` to check a local Runner setup without printing database URLs,
4
+ passwords, bearer tokens, signing secrets, or private keys.
5
+
6
+ ```bash
7
+ synapsor-runner doctor --config synapsor.runner.json
8
+ synapsor-runner doctor --config synapsor.runner.json --json
9
+ synapsor-runner doctor --config synapsor.runner.json --report --redact --output synapsor-doctor.md
10
+ ```
11
+
12
+ The default check validates:
13
+
14
+ - config shape;
15
+ - trusted context environment variables;
16
+ - read credential environment variables;
17
+ - read/write credential separation;
18
+ - reachable source metadata when the read env var is set;
19
+ - configured target tables and columns;
20
+ - MCP tool boundary, including absence of raw SQL and commit tools;
21
+ - local store stats.
22
+
23
+ ## App-Owned Handler Checks
24
+
25
+ For `http_handler` executors, add `--check-handlers`:
26
+
27
+ ```bash
28
+ synapsor-runner doctor --config synapsor.runner.json --check-handlers
29
+ ```
30
+
31
+ This checks handler URL/token/signing-secret env vars and sends a reachability
32
+ probe to the handler endpoint. It does not apply a proposal and does not send a
33
+ writeback job.
34
+
35
+ Use `signing_secret_env` for non-loopback handler deployments so Runner signs
36
+ requests with:
37
+
38
+ ```text
39
+ X-Synapsor-Signature
40
+ X-Synapsor-Issued-At
41
+ X-Synapsor-Proposal-Id
42
+ Idempotency-Key
43
+ ```
44
+
45
+ ## Direct SQL Writeback Checks
46
+
47
+ For direct `sql_update` writeback, add `--check-writeback` only after reviewing
48
+ the receipt-table DDL/grants:
49
+
50
+ ```bash
51
+ synapsor-runner doctor --config synapsor.runner.json --check-writeback
52
+ ```
53
+
54
+ This connects with the trusted writer env var named by `write_url_env` and
55
+ checks:
56
+
57
+ - writer database connectivity;
58
+ - `synapsor_writeback_receipts` permission through the adapter doctor;
59
+ - rollback-only access to each configured proposal target table;
60
+ - rollback-only update permission for configured allowed write columns.
61
+
62
+ The target-table probe uses fixed schema/table/column identifiers from the
63
+ reviewed config. It does not accept model SQL, user SQL, arbitrary table names,
64
+ or arbitrary column names. It runs inside a transaction and rolls back.
65
+
66
+ The receipt-table probe can create `synapsor_writeback_receipts` if the writer
67
+ has permission. If your policy does not allow Runner to create tables in the
68
+ application schema, pre-create the table and grant access:
69
+
70
+ ```bash
71
+ synapsor-runner writeback migration --engine postgres --schema synapsor
72
+ synapsor-runner writeback grants --engine postgres --schema synapsor --writer-role app_writer
73
+ ```
74
+
75
+ For MySQL:
76
+
77
+ ```bash
78
+ synapsor-runner writeback migration --engine mysql --schema appdb
79
+ synapsor-runner writeback grants --engine mysql --schema appdb --writer-role "'app_writer'@'%'"
80
+ ```
81
+
82
+ Use an app-owned `http_handler` or `command_handler` executor when your
83
+ application should own richer business writes or receipt storage.
84
+
85
+ ## Redaction
86
+
87
+ Doctor output intentionally uses safe categories such as:
88
+
89
+ ```text
90
+ connection failed
91
+ authentication failed
92
+ permission denied
93
+ configured object not found
94
+ database probe failed
95
+ ```
96
+
97
+ Raw driver errors, connection strings, passwords, tokens, signing secrets, and
98
+ handler URLs are not printed in the report.