Overview
Use synapsor from @synapsor/cli for Cloud administration, shared human review, and audit. Use synapsor-runner from @synapsor/runner for the local MCP and database enforcement boundary. @synapsor/client remains the application SDK; it is not the Cloud administration package.
The Cloud CLI calls the same versioned control-plane APIs as the web UI. The server remains authoritative for identity, project roles, API-key scopes, paid feature entitlement, immutable contract versions, human approval policy, and audit records.
Cloud never receives your source database URL or write credential through this CLI. A separately scoped Runner token connects a customer-operated Runner, while a human session or scoped service API key authorizes Cloud administration.
Cloud-linked mode is optional. Local-only Runner mode needs no Synapsor account. In cloud-linked mode, Cloud is authoritative for contract activation, human decisions, job leasing, and terminal governance state; the local Runner store remains the durable operational spool and local evidence/replay ledger. The SQLite file is never uploaded.
Credential boundaries
Each credential has one purpose. Authentication never substitutes for role/scope authorization or current product entitlement.
Interactive Cloud administration and proposal decisions, subject to role, recent-auth, quorum, and policy.
Project-scoped CI automation with explicit scopes; human approval is denied by default.
Runner machine protocol only: sync, leases, heartbeat, and terminal results. It is rejected by Cloud CLI admin routes.
Read and write URLs stay with the customer-operated Runner and are never sent to Cloud or stored in a contract.
Developer notes
- Use a human browser/device login for proposal decisions and role-sensitive administration.
- Use SYNAPSOR_API_KEY or a mode-0600 secret-file reference for CI; never place a secret in a command-line flag.
- Create Runner tokens separately and never use them as Cloud CLI credentials.
- A valid credential can still receive payment_required, feature_not_entitled, or project_inactive because auth, authorization, and entitlement are independent.
- Use --json and --no-interactive for automation, and use caller-supplied idempotency keys for retryable mutations.
- Cloud V2 is a controlled design-partner beta and does not claim multi-region durability, managed Runner fleet, SSO/SCIM completeness, or enterprise GA.