Public demo · Existing Postgres/MySQL

Try Synapsor with an existing database.

The source database stays unchanged. Synapsor reads approved rows, records evidence, and turns risky changes into reviewable proposals instead of giving the model raw SQL or direct write access.

View developer details

No raw SQL for the model

The agent calls approved actions, not a database shell.

Only approved rows are read

Synapsor applies server-controlled scope before evidence is returned.

Proposal staged, production unchanged

The public demo stores review state in Synapsor and never mutates the seeded source database.

Writeback model

Two credentials, two phases

Synapsor uses a read-only source credential for governed reads. It does not use that credential to update Postgres or MySQL. When a write is approved, your backend worker applies the proposal using your separate write credential.

Read credential: read-only, governedWrite credential: customer backend onlySynapsor: proposal/control layer

Read-only connector

Synapsor reads approved, tenant-scoped evidence.

Synapsor proposal and approval state

Risky writes become reviewable proposals. The source database remains unchanged while review state is pending.

Customer worker writeback

Your backend applies approved proposals with your own write credential.

Guided existing database demo

Run the safety flow.

Pick Postgres or MySQL, run one seeded request, and see the important result: Synapsor reads approved evidence while the source database stays unchanged.

Live run graph

Branch graph: Postgres unchanged, Synapsor review branch staged

The graph separates the unchanged external source lane from the Synapsor review branch lane so auto-branching is visible without implying Postgres/MySQL itself is branched.

Trigger

AUTO BRANCH ON PROPOSAL forks Synapsor's change-control record, not your external database.

Main lane

Postgres stays the source of truth and remains unchanged during review.

Review branch

Synapsor owns the review branch/proposal record: diff, evidence, approval state, replay, and worker handoff.

Decision

Policy-approved proposals become worker-ready; review-gated proposals stay staged until approved.

Plain English

What branches is Synapsor's review record: proposed row diff, evidence, approval state, writeback intent, and replay. External Postgres/MySQL tables are not physically branched or merged.

1. Main/source stays unchanged2. Synapsor forks a review branch3. Approval/policy decides handoff

Source/main laneSynapsor review branch lane

Loading safe-write run graph...

The static path below mirrors the interactive graph while the canvas initializes.

Postgres
Source of truth
Your existing database keeps tables and app writes.
Mappings
Safe objects
Synapsor uses selected tables, columns, and tenant scope.
Session
Hidden fields
Tenant, principal, and current object IDs are backend-bound.
Workflow
Approved tool
The agent calls a generated capability/workflow contract.
Evidence
Rows captured
Returned rows become inspectable evidence, not raw credentials.
Audit
Query record
Tables, scope, row counts, and fingerprints are recorded.
Source
Postgres unchanged
The external database is not branched or written while Synapsor evaluates the proposal.
Auto branch
Synapsor review branch
Synapsor creates a review branch/proposal record and keeps it staged.
Review
Review required
The review branch waits for revenue_lead approval.
Replay
Run record
Inspect what was read and decided without rerunning external side effects.

Postgres

Source of truth

Your existing database keeps tables and app writes.

Mappings

Safe objects

Synapsor uses selected tables, columns, and tenant scope.

Session

Hidden fields

Tenant, principal, and current object IDs are backend-bound.

Workflow

Approved tool

The agent calls a generated capability/workflow contract.

Evidence

Rows captured

Returned rows become inspectable evidence, not raw credentials.

Audit

Query record

Tables, scope, row counts, and fingerprints are recorded.

Source

Postgres unchanged

The external database is not branched or written while Synapsor evaluates the proposal.

Auto branch

Synapsor review branch

Synapsor creates a review branch/proposal record and keeps it staged.

Review

Review required

The review branch waits for revenue_lead approval.

Replay

Run record

Inspect what was read and decided without rerunning external side effects.

Step 1 of 4

Choose an agent mission.

Pick a seeded Postgres or MySQL mission. The agent will use Synapsor-approved reads instead of raw database access.

Postgres mission

Investigate a revenue issue and prepare a reviewable proposal while Postgres stays unchanged.

Selected

MySQL mission

Investigate refund complaints and prepare a review path while MySQL stays unchanged.

Show run context

Run context

Request: Prepare the Acme Robotics follow-up and keep it staged for revenue lead review.
Database lane: Existing Postgres
Production source: Not run
Write proposal created: Not run
Approval required: Not run
Proposal path: Review branch held for review
Replay available: Not run
Risk lane: Awaiting run
Safety result: Awaiting run
Synapsor workflow SQL: CREATE AGENT WORKFLOW revenue.late_invoice_followup_flow REQUIRE SESSION (tenant_id, principal, current_invoice_id) ALLOW CAPABILITY revenue.get_customer_billing_context EVIDENCE REQUIRED AUTO BRANCH ON PROPOSAL -- creates a Synapsor review branch; external DB stays unchanged CHECKPOINT EVERY STEP; BEGIN AGENT RUN revenue.late_invoice_followup_flow WITH ARG question = :question;
External query shape: SELECT i.id, i.tenant_id, i.status, i.balance_due, i.due_date FROM invoices AS i WHERE i.tenant_id = $1 AND i.id = $2 LIMIT $3;
Trusted worker write shape: UPDATE invoices SET collection_status = $1, followup_note = $2 WHERE tenant_id = $3 AND id = $4 AND updated_at = $5;

Developer details: how Synapsor connects to Postgres/MySQL

Writeback model

Two credentials, two phases

Read credential: read-only, governedWrite credential: customer backend onlySynapsor: proposal/control layer

Read-only connector

Synapsor reads approved, tenant-scoped evidence.

Synapsor proposal and approval state

Risky writes become reviewable proposals. The source database remains unchanged while review state is pending.

Customer worker writeback

Your backend applies approved proposals with your own write credential.

How the connection works

Synapsor connects beside your database, not inside your app prompt.

Developers keep their existing Postgres/MySQL app database. Synapsor stores the safe agent contract, reads through imported mappings, and returns evidence/proposals to the app.

1. Register a least-privilege source

Your backend or CLI creates a Postgres/MySQL source in Synapsor. Connection details are stored server-side; the browser and model never receive them.

2. Inspect schema and import safe mappings

Synapsor inspects tables/views, primary keys, tenant columns, and fields suggested for review. You decide which fields agents can see before importing mappings.

3. Generate the Synapsor contract

Synapsor creates external mappings, an agent context, approved tools, and a workflow. SESSION values such as tenant_id and current_invoice_id come from your app.

4. Run parameter-bound live reads

The agent invokes a capability. Synapsor runs bounded live reads against the source using allowed mappings, tenant scope, row limits, and query audit.

5. Stage risky writes as proposals

For changes, Synapsor records a proposal and diff first. Your backend worker applies approved writeback later with a separate write credential, allowlisted columns, and bound parameters.

In this public demo, the server already registered demo-only sources and mappings. The visitor only runs the agent workflow; no customer data, account, API key, or billing is required. CDC mirrored subsets are not used in this visitor flow and remain private preview/hardening.

Developer details: generated contracts and connector code

What developers configure

A guided setup first, code only when you ask for it.

The guided demo is the UI flow above. The implementation details below are intentionally collapsed so a new developer first sees the integration path: existing DB, safe mappings, approved tool, evidence, proposal, writeback worker, and replay.

Open setup docs

1. Your app database

Postgres/MySQL remains the source of truth. Synapsor uses a least-privilege source registration instead of moving the whole database.

2. Safe mapping contract

You select tables/views, allowed columns, tenant keys, primary keys, row limits, denied fields, and query timeouts.

3. Reviewed capability

The agent calls a named capability. It does not receive a database password, arbitrary SQL access, or control over tenant_id.

4. Evidence and audit

Every run records source rows, redactions, policy chunks, query fingerprints, row counts, and trusted session scope.

5. Proposal before writeback

Risky changes are staged as reviewable proposals. Your backend worker applies approved writeback later with a separate write credential.

6. Replayable run

The run can be inspected later from stored evidence, query audit, review-branch/proposal state, and writeback status.

Low-code generator preview

Choose what Synapsor should govern.

This mirrors the signed-in setup flow: developers choose the source tables and business workflow in UI, then Synapsor generates context, capabilities, workflow, evidence rules, and proposal boundaries behind the scenes.

Synapsor generates

revenue.billing_context, revenue.get_customer_billing_context, revenue.propose_collection_followup, revenue.late_invoice_followup_flow

What the model does not get

No database password, no arbitrary SQL tool, and no authority to choose hidden session values such as tenant or current object id.

View generated schema, Synapsor contract, SDK, and UI code

These snippets are for developers who want to inspect the exact demo implementation. The normal onboarding path should use the guided setup UI first, then copy or edit generated artifacts when needed.

synapsor-external-workflow.sql

-- Synapsor safety contract for an agent reading existing Postgres/MySQL mappings.
-- SESSION values are bound by your backend; the model cannot choose tenant_id or principal.
CREATE AGENT CONTEXT revenue.billing_context
ROOT EXTERNAL external_revenue.invoices AS invoice
LOOKUP invoice.id = SESSION current_invoice_id
BIND tenant_id FROM SESSION tenant_id
BIND principal FROM SESSION principal

JOIN EXTERNAL external_revenue.customers AS customer
  ON customer.id = invoice.customer_id
  AND customer.tenant_id = SESSION tenant_id

JOIN EXTERNAL external_revenue.contracts AS contract
  ON contract.customer_id = customer.id
  AND contract.tenant_id = SESSION tenant_id

SEARCH EXTERNAL external_revenue.policy_chunks AS policy_hits
  USING TEXT(policy_hits.body)
  QUERY ARG question
  FILTER policy_hits.tenant_id = SESSION tenant_id
  TOP 5

OUTPUT SLOTS
  invoice_id AS invoice.id,
  customer_name AS customer.name,
  balance_cents AS invoice.balance_cents,
  days_late AS invoice.days_late,
  renewal_date AS contract.renewal_date,
  policy_hits AS policy_hits

EVIDENCE ON;

CREATE AGENT CAPABILITY revenue.propose_collection_followup
ARG reason TEXT REQUIRED
HIDDEN tenant_id FROM SESSION tenant_id
HIDDEN principal FROM SESSION principal
HIDDEN current_invoice_id FROM SESSION current_invoice_id
USE CONTEXT revenue.billing_context
EXECUTION PROPOSAL
REQUIRES EVIDENCE
WRITE PROPOSAL TARGET EXTERNAL external_revenue.renewal_risks
OPERATION UPDATE
LOOKUP invoice_id FROM SESSION current_invoice_id
TENANT tenant_id FROM BINDING tenant_id
COLUMNS
  status FROM VALUE 'pending_review',
  recommended_action FROM ARG reason
AUDIT revenue.writeback_audit;

CREATE AGENT WORKFLOW revenue.late_invoice_followup_flow
SESSION REQUIRE tenant_id, principal, current_invoice_id
ALLOWED CAPABILITIES (
  revenue.get_customer_billing_context,
  revenue.get_open_support_tickets,
  revenue.check_contract_terms,
  revenue.propose_collection_followup
)
EVIDENCE REQUIRED
AUTO BRANCH ON PROPOSAL -- Synapsor review branch, not a Postgres/MySQL branch
ON RISK low AUTO_APPROVE
ON RISK medium REQUIRE APPROVAL ROLE 'revenue_lead'
CHECKPOINT EVERY STEP;

CREATE SETTLEMENT POLICY revenue.low_risk_followup_policy
FOR WORKFLOW revenue.late_invoice_followup_flow
AUTO APPROVE WHEN PAYLOAD risk = 'low'
ELSE LEAVE PROPOSED;

-- External proposals are approved for trusted writeback.
-- A worker you control applies the parameterized UPDATE later.
-- No external database merge happens here.

-- MySQL lane: read-only workflow. It has no AUTO BRANCH clause because this
-- public example demonstrates scoped reads, evidence, audit, and replay only.
CREATE AGENT CONTEXT ecommerce.order_context
ROOT EXTERNAL external_ecommerce.orders AS orders
LOOKUP orders.id = SESSION current_order_id
BIND tenant_id FROM SESSION tenant_id
BIND principal FROM SESSION principal

JOIN EXTERNAL external_ecommerce.customers AS customer
  ON customer.id = orders.customer_id
  AND customer.tenant_id = SESSION tenant_id

SEARCH EXTERNAL external_ecommerce.refund_policies AS policy_hits
  USING TEXT(policy_hits.body)
  QUERY ARG question
  FILTER policy_hits.tenant_id = SESSION tenant_id
  TOP 5

OUTPUT SLOTS
  order_id AS orders.id,
  order_status AS orders.status,
  total_cents AS orders.total_cents,
  customer_name AS customer.name,
  policy_hits AS policy_hits

EVIDENCE ON;

CREATE AGENT CAPABILITY ecommerce.answer_order_question
ARG question TEXT REQUIRED
HIDDEN tenant_id FROM SESSION tenant_id
HIDDEN principal FROM SESSION principal
HIDDEN current_order_id FROM SESSION current_order_id
USE CONTEXT ecommerce.order_context
EXECUTION READ ONLY
REQUIRES EVIDENCE
RETURN JSON;

CREATE AGENT WORKFLOW ecommerce.refund_review_flow
SESSION REQUIRE tenant_id, principal, current_order_id
ALLOWED CAPABILITIES (
  ecommerce.answer_order_question
)
EVIDENCE REQUIRED
CHECKPOINT EVERY STEP;

Connect an existing DB in 15 minutes Request Builder Trial invite

Synapsor

Public demoGet access

Public demo

Preparing safe database demo...

Loading the agent timeline, policy checks, and approval workflow.

Synapsor

Seeded demoGet access

Public demo · Existing Postgres/MySQL

Try Synapsor with an existing database.

The source database stays unchanged. Synapsor reads approved rows, records evidence, and turns risky changes into reviewable proposals instead of giving the model raw SQL or direct write access.

View developer details

No raw SQL for the model

The agent calls approved actions, not a database shell.

Only approved rows are read

Synapsor applies server-controlled scope before evidence is returned.

Proposal staged, production unchanged

The public demo stores review state in Synapsor and never mutates the seeded source database.

Writeback model

Two credentials, two phases

Read credential: read-only, governedWrite credential: customer backend onlySynapsor: proposal/control layer

Read-only connector

Synapsor reads approved, tenant-scoped evidence.

Synapsor proposal and approval state

Risky writes become reviewable proposals. The source database remains unchanged while review state is pending.

Customer worker writeback

Your backend applies approved proposals with your own write credential.

Guided existing database demo

Run the safety flow.

Pick Postgres or MySQL, run one seeded request, and see the important result: Synapsor reads approved evidence while the source database stays unchanged.

Live run graph

Branch graph: Postgres unchanged, Synapsor review branch staged

The graph separates the unchanged external source lane from the Synapsor review branch lane so auto-branching is visible without implying Postgres/MySQL itself is branched.

Trigger

AUTO BRANCH ON PROPOSAL forks Synapsor's change-control record, not your external database.

Main lane

Postgres stays the source of truth and remains unchanged during review.

Review branch

Synapsor owns the review branch/proposal record: diff, evidence, approval state, replay, and worker handoff.

Decision

Policy-approved proposals become worker-ready; review-gated proposals stay staged until approved.

Plain English

What branches is Synapsor's review record: proposed row diff, evidence, approval state, writeback intent, and replay. External Postgres/MySQL tables are not physically branched or merged.

1. Main/source stays unchanged2. Synapsor forks a review branch3. Approval/policy decides handoff

Source/main laneSynapsor review branch lane

Loading safe-write run graph...

The static path below mirrors the interactive graph while the canvas initializes.

Postgres
Source of truth
Your existing database keeps tables and app writes.
Mappings
Safe objects
Synapsor uses selected tables, columns, and tenant scope.
Session
Hidden fields
Tenant, principal, and current object IDs are backend-bound.
Workflow
Approved tool
The agent calls a generated capability/workflow contract.
Evidence
Rows captured
Returned rows become inspectable evidence, not raw credentials.
Audit
Query record
Tables, scope, row counts, and fingerprints are recorded.
Source
Postgres unchanged
The external database is not branched or written while Synapsor evaluates the proposal.
Auto branch
Synapsor review branch
Synapsor creates a review branch/proposal record and keeps it staged.
Review
Review required
The review branch waits for revenue_lead approval.
Replay
Run record
Inspect what was read and decided without rerunning external side effects.

Postgres

Source of truth

Your existing database keeps tables and app writes.

Mappings

Safe objects

Synapsor uses selected tables, columns, and tenant scope.

Session

Hidden fields

Tenant, principal, and current object IDs are backend-bound.

Workflow

Approved tool

The agent calls a generated capability/workflow contract.

Evidence

Rows captured

Returned rows become inspectable evidence, not raw credentials.

Audit

Query record

Tables, scope, row counts, and fingerprints are recorded.

Source

Postgres unchanged

The external database is not branched or written while Synapsor evaluates the proposal.

Auto branch

Synapsor review branch

Synapsor creates a review branch/proposal record and keeps it staged.

Review

Review required

The review branch waits for revenue_lead approval.

Replay

Run record

Inspect what was read and decided without rerunning external side effects.

Step 1 of 4

Choose an agent mission.

Pick a seeded Postgres or MySQL mission. The agent will use Synapsor-approved reads instead of raw database access.

Postgres mission

Investigate a revenue issue and prepare a reviewable proposal while Postgres stays unchanged.

Selected

MySQL mission

Investigate refund complaints and prepare a review path while MySQL stays unchanged.

Show run context

Run context

Request: Prepare the Acme Robotics follow-up and keep it staged for revenue lead review.
Database lane: Existing Postgres
Production source: Not run
Write proposal created: Not run
Approval required: Not run
Proposal path: Review branch held for review
Replay available: Not run
Risk lane: Awaiting run
Safety result: Awaiting run
Synapsor workflow SQL: CREATE AGENT WORKFLOW revenue.late_invoice_followup_flow REQUIRE SESSION (tenant_id, principal, current_invoice_id) ALLOW CAPABILITY revenue.get_customer_billing_context EVIDENCE REQUIRED AUTO BRANCH ON PROPOSAL -- creates a Synapsor review branch; external DB stays unchanged CHECKPOINT EVERY STEP; BEGIN AGENT RUN revenue.late_invoice_followup_flow WITH ARG question = :question;
External query shape: SELECT i.id, i.tenant_id, i.status, i.balance_due, i.due_date FROM invoices AS i WHERE i.tenant_id = $1 AND i.id = $2 LIMIT $3;
Trusted worker write shape: UPDATE invoices SET collection_status = $1, followup_note = $2 WHERE tenant_id = $3 AND id = $4 AND updated_at = $5;

Developer details: how Synapsor connects to Postgres/MySQL

Writeback model

Two credentials, two phases

Read credential: read-only, governedWrite credential: customer backend onlySynapsor: proposal/control layer

Read-only connector

Synapsor reads approved, tenant-scoped evidence.

Synapsor proposal and approval state

Risky writes become reviewable proposals. The source database remains unchanged while review state is pending.

Customer worker writeback

Your backend applies approved proposals with your own write credential.

How the connection works

Synapsor connects beside your database, not inside your app prompt.

Developers keep their existing Postgres/MySQL app database. Synapsor stores the safe agent contract, reads through imported mappings, and returns evidence/proposals to the app.

1. Register a least-privilege source

Your backend or CLI creates a Postgres/MySQL source in Synapsor. Connection details are stored server-side; the browser and model never receive them.

2. Inspect schema and import safe mappings

Synapsor inspects tables/views, primary keys, tenant columns, and fields suggested for review. You decide which fields agents can see before importing mappings.

3. Generate the Synapsor contract

Synapsor creates external mappings, an agent context, approved tools, and a workflow. SESSION values such as tenant_id and current_invoice_id come from your app.

4. Run parameter-bound live reads

The agent invokes a capability. Synapsor runs bounded live reads against the source using allowed mappings, tenant scope, row limits, and query audit.

5. Stage risky writes as proposals

For changes, Synapsor records a proposal and diff first. Your backend worker applies approved writeback later with a separate write credential, allowlisted columns, and bound parameters.

Developer details: generated contracts and connector code

What developers configure

A guided setup first, code only when you ask for it.

Open setup docs

1. Your app database

Postgres/MySQL remains the source of truth. Synapsor uses a least-privilege source registration instead of moving the whole database.

2. Safe mapping contract

You select tables/views, allowed columns, tenant keys, primary keys, row limits, denied fields, and query timeouts.

3. Reviewed capability

The agent calls a named capability. It does not receive a database password, arbitrary SQL access, or control over tenant_id.

4. Evidence and audit

Every run records source rows, redactions, policy chunks, query fingerprints, row counts, and trusted session scope.

5. Proposal before writeback

Risky changes are staged as reviewable proposals. Your backend worker applies approved writeback later with a separate write credential.

6. Replayable run

The run can be inspected later from stored evidence, query audit, review-branch/proposal state, and writeback status.

Low-code generator preview

Choose what Synapsor should govern.

Synapsor generates

revenue.billing_context, revenue.get_customer_billing_context, revenue.propose_collection_followup, revenue.late_invoice_followup_flow

What the model does not get

No database password, no arbitrary SQL tool, and no authority to choose hidden session values such as tenant or current object id.

View generated schema, Synapsor contract, SDK, and UI code

synapsor-external-workflow.sql

-- Synapsor safety contract for an agent reading existing Postgres/MySQL mappings.
-- SESSION values are bound by your backend; the model cannot choose tenant_id or principal.
CREATE AGENT CONTEXT revenue.billing_context
ROOT EXTERNAL external_revenue.invoices AS invoice
LOOKUP invoice.id = SESSION current_invoice_id
BIND tenant_id FROM SESSION tenant_id
BIND principal FROM SESSION principal

JOIN EXTERNAL external_revenue.customers AS customer
  ON customer.id = invoice.customer_id
  AND customer.tenant_id = SESSION tenant_id

JOIN EXTERNAL external_revenue.contracts AS contract
  ON contract.customer_id = customer.id
  AND contract.tenant_id = SESSION tenant_id

SEARCH EXTERNAL external_revenue.policy_chunks AS policy_hits
  USING TEXT(policy_hits.body)
  QUERY ARG question
  FILTER policy_hits.tenant_id = SESSION tenant_id
  TOP 5

OUTPUT SLOTS
  invoice_id AS invoice.id,
  customer_name AS customer.name,
  balance_cents AS invoice.balance_cents,
  days_late AS invoice.days_late,
  renewal_date AS contract.renewal_date,
  policy_hits AS policy_hits

EVIDENCE ON;

CREATE AGENT CAPABILITY revenue.propose_collection_followup
ARG reason TEXT REQUIRED
HIDDEN tenant_id FROM SESSION tenant_id
HIDDEN principal FROM SESSION principal
HIDDEN current_invoice_id FROM SESSION current_invoice_id
USE CONTEXT revenue.billing_context
EXECUTION PROPOSAL
REQUIRES EVIDENCE
WRITE PROPOSAL TARGET EXTERNAL external_revenue.renewal_risks
OPERATION UPDATE
LOOKUP invoice_id FROM SESSION current_invoice_id
TENANT tenant_id FROM BINDING tenant_id
COLUMNS
  status FROM VALUE 'pending_review',
  recommended_action FROM ARG reason
AUDIT revenue.writeback_audit;

CREATE AGENT WORKFLOW revenue.late_invoice_followup_flow
SESSION REQUIRE tenant_id, principal, current_invoice_id
ALLOWED CAPABILITIES (
  revenue.get_customer_billing_context,
  revenue.get_open_support_tickets,
  revenue.check_contract_terms,
  revenue.propose_collection_followup
)
EVIDENCE REQUIRED
AUTO BRANCH ON PROPOSAL -- Synapsor review branch, not a Postgres/MySQL branch
ON RISK low AUTO_APPROVE
ON RISK medium REQUIRE APPROVAL ROLE 'revenue_lead'
CHECKPOINT EVERY STEP;

CREATE SETTLEMENT POLICY revenue.low_risk_followup_policy
FOR WORKFLOW revenue.late_invoice_followup_flow
AUTO APPROVE WHEN PAYLOAD risk = 'low'
ELSE LEAVE PROPOSED;

-- External proposals are approved for trusted writeback.
-- A worker you control applies the parameterized UPDATE later.
-- No external database merge happens here.

-- MySQL lane: read-only workflow. It has no AUTO BRANCH clause because this
-- public example demonstrates scoped reads, evidence, audit, and replay only.
CREATE AGENT CONTEXT ecommerce.order_context
ROOT EXTERNAL external_ecommerce.orders AS orders
LOOKUP orders.id = SESSION current_order_id
BIND tenant_id FROM SESSION tenant_id
BIND principal FROM SESSION principal

JOIN EXTERNAL external_ecommerce.customers AS customer
  ON customer.id = orders.customer_id
  AND customer.tenant_id = SESSION tenant_id

SEARCH EXTERNAL external_ecommerce.refund_policies AS policy_hits
  USING TEXT(policy_hits.body)
  QUERY ARG question
  FILTER policy_hits.tenant_id = SESSION tenant_id
  TOP 5

OUTPUT SLOTS
  order_id AS orders.id,
  order_status AS orders.status,
  total_cents AS orders.total_cents,
  customer_name AS customer.name,
  policy_hits AS policy_hits

EVIDENCE ON;

CREATE AGENT CAPABILITY ecommerce.answer_order_question
ARG question TEXT REQUIRED
HIDDEN tenant_id FROM SESSION tenant_id
HIDDEN principal FROM SESSION principal
HIDDEN current_order_id FROM SESSION current_order_id
USE CONTEXT ecommerce.order_context
EXECUTION READ ONLY
REQUIRES EVIDENCE
RETURN JSON;

CREATE AGENT WORKFLOW ecommerce.refund_review_flow
SESSION REQUIRE tenant_id, principal, current_order_id
ALLOWED CAPABILITIES (
  ecommerce.answer_order_question
)
EVIDENCE REQUIRED
CHECKPOINT EVERY STEP;

Connect an existing DB in 15 minutes Request Builder Trial invite