Core Concepts

Agent capabilities

Capabilities expose approved agent actions over a context with explicit modes and evidence policy.

Overview

A capability names what the agent can do.

ARG declarations name caller-provided values. HIDDEN declarations read trusted SESSION values. The caller can choose ARG values, but cannot choose HIDDEN tenant/principal/current-object scope unless your backend sets those session values.

Read-only capabilities can answer or classify without mutating state, and their contexts can include hybrid search steps for policy, memory, or evidence retrieval. Developers do not need to pull external model embeddings into app code to use the documented hybrid-search path.

PROPOSAL capabilities are write proposal actions: the agent or app calls one approved capability, and Synapsor stages the write as a proposal instead of letting the agent mutate production directly.

Proposal target determines branch behavior. If the proposal target is a Synapsor-native table, auto_branch stages the write on a real Synapsor branch. If the proposal target references an external Postgres/MySQL mapping, auto_branch stages a Synapsor review branch with the proposed external row update and trusted writeback intent.

When an HTTP or SDK proposal-capable invocation uses auto_branch, the caller receives compact Synapsor-produced ids for the branch/review branch, proposal, evidence bundle, and replay record.

Applications can request auto_branch at invocation time. Capabilities that should auto-merge policy-approved results by default do that with SQL-authored settlement policy attached to the capability, not by trusting the app or prompt.

Production-visible changes happen only after a human approval path or deterministic settlement policy. Synapsor-native targets can merge into Synapsor main; external Postgres/MySQL targets can be approved for trusted worker writeback. The model still never receives raw SQL or direct write credentials.

Branching modes Existing DB write proposals Settlement policies

Proposal target determines branch behavior

If the proposal target is a Synapsor-native table, auto_branch stages the write on a real Synapsor branch. If the proposal target references an external Postgres/MySQL mapping, auto_branch stages a Synapsor review branch with the proposed external row update and trusted writeback intent.

The app should display external source proposals as reviewable row diffs, not as writes already applied to Postgres/MySQL.

Capability-owned auto branch

Auto-branching is part of the proposal-capability runtime path: one capability call creates the branch, proposal, evidence, and replay records.

main

Production-visible state is untouched while the capability runs.

agent calls capability

The app or agent framework invokes a reviewed EXECUTION PROPOSAL capability.

hidden scope

Tenant, principal, current object, and optional branch policy come from SESSION bindings, not the prompt.

auto branch

Synapsor creates an isolated branch for this invocation when auto_branch is enabled on the HTTP or SDK call.

stage proposal

The capability writes only allowed columns to a wrp:// proposal on that branch.

review or settle

A reviewer previews the diff, or a deterministic settlement policy handles policy-approved cases.

merge or hold

Only approved/settled proposals merge to main; rejected, canceled, conflicting, or ambiguous proposals stay isolated.

Developer notes

Default risky HTTP/SDK workflows to EXECUTION PROPOSAL with auto_branch enabled.
Use SQL settlement policies for default auto-approve, auto-commit, and auto-merge behavior; do not put that authority in app prompts.
For SQL shell tests, create and use an explicit review branch before proposing.
Require evidence when output affects customers or money.
Treat returned branch and wrp:// proposal lookup ids as durable Synapsor workflow state.
Limit write proposal targets to the exact tables the capability owns.
Merge auto-branch results only through human approval or deterministic settlement policy.
Audit capability changes like schema migrations.

Capability and runtime grammar

Syntax

-- Use <namespace.action> as a placeholder for your stable capability name.
CREATE AGENT CAPABILITY <namespace.action> -- replace with e.g. support.answer_ticket
DESCRIPTION '<human-readable purpose>'     -- short catalog description for reviewers
ARG <visible_arg> VARCHAR REQUIRED         -- replace with e.g. question or invoice_id
HIDDEN tenant_id FROM SESSION tenant_id    -- session key copied from backend auth
HIDDEN principal FROM SESSION principal    -- authenticated actor identity
USE CONTEXT <namespace.context_name>       -- reviewed context used by this capability
EXECUTION READ ONLY | PROPOSAL             -- READ ONLY answers; PROPOSAL stages writes
RETURNS JSON '{"type":"object","properties":{"decision":{},"evidence_bundle":{}}}'
PROFILE MINIMAL                            -- compact response profile
INLINE EVIDENCE handles_only;              -- return evidence lookup records, not full facts

Runtime action envelope for HTTP/SDK proposal-capable calls:
  capability = <namespace.proposal_action> -- e.g. billing.propose_late_fee_waiver
  # mode/auto_branch/response_envelope are request fields, not SQL keywords.
  mode = "propose_only"                    -- stage a proposal, not direct write
  auto_branch = true                       -- create an isolated branch automatically
  response_envelope = true                 -- include branch/proposal/evidence/run handles

Examples

sql

CREATE AGENT CONTEXT support.ticket_context -- context owns retrieval; app does not fetch embeddings
ROOT tickets AS ticket                      -- tickets table, ticket alias
LOOKUP ticket.id = SESSION current_ticket_id -- ticket id selected by backend session
BIND tenant_id FROM SESSION tenant_id       -- trusted tenant slot
BIND principal FROM SESSION principal       -- trusted actor slot
SEARCH policy_chunks AS policy_hits USING HYBRID(policy_chunks.body) -- retrieval step name
  QUERY ARG question                        -- caller's question text
  FILTER policy_chunks.tenant_id = SESSION tenant_id -- backend tenant scope
  TOP 5                                      -- max policy chunks
OUTPUT SLOTS
  ticket_id AS ticket.id,                    -- output slot from root row
  subject AS ticket.subject,
  status AS ticket.status
EVIDENCE ON;

CREATE AGENT CAPABILITY support.answer_ticket -- capability name your app invokes
DESCRIPTION 'Answer ticket questions using governed context and evidence'
ARG question VARCHAR REQUIRED                -- caller-provided question
HIDDEN tenant_id FROM SESSION tenant_id      -- trusted tenant/account id
HIDDEN principal FROM SESSION principal      -- authenticated actor
HIDDEN current_ticket_id FROM SESSION current_ticket_id -- selected ticket id
USE CONTEXT support.ticket_context           -- context above
EXECUTION READ ONLY                          -- cannot create proposals/writes
RETURNS JSON '{"type":"object","properties":{"decision":{},"answer":{},"evidence_bundle":{}}}'
PROFILE MINIMAL
INLINE EVIDENCE handles_only;