Getting Started

Connect an existing database in 15 minutes

Create a least-privilege source user, connect Postgres/MySQL, inspect schema, import selected tables, generate a capability, bind SESSION values, invoke it, and inspect evidence.

Overview

Use this path when you already have a Postgres or MySQL app and want an agent-safe read workflow without migrating data.

The current public connector path is live-read: Synapsor reads selected rows/columns from your existing database at capability runtime through least-privilege credentials. It does not copy your whole database.

For writes, keep the read connector read-only. Synapsor stages approved proposals; your backend worker applies them later with a separate write credential.

Do not connect your most sensitive production database first. Start with staging, a read-only replica, or safe views that expose only the rows/columns an agent workflow needs.

External DB modes Connect Postgres Connect MySQL Existing DB security CDC glossary Production-oriented architecture

Developer notes

Use a read-only user and safe views first.
Require SSL/TLS for remote databases.
Import only the columns the agent workflow needs.
Bind tenant_id, principal, and object ids through SESSION/HIDDEN values.
Inspect evidence and query audit before adding proposal writeback.
Use live-read mappings today; CDC/mirrored subsets are private preview/hardening work and are not customer-production supported.

15-minute path

existing-db-quickstart.txt

1. Create a least-privilege read-only Postgres/MySQL user.
2. Prefer safe views over raw production tables.
3. Remember the two-phase rule:
   Synapsor reads with the read-only source credential.
   Your backend worker applies approved proposals with a separate write credential.
4. Create or open a Synapsor project/database.
5. Create a database-scoped Synapsor API key.
6. Connect the external source with synapsor sources create postgres/mysql.
7. Test the connection.
8. Inspect schema metadata.
9. Import only the selected tables/views and allowed columns.
10. Choose the tenant column.
11. Generate a context/capability.
12. Bind trusted SESSION values from your backend.
13. Invoke the read-only capability.
14. Inspect evidence and query audit.
15. Add proposal writeback only after the read-only path is proven.

Examples

bash

export SYNAPSOR_API_KEY="syn_..."              # database-scoped key from the Synapsor console
export SYNAPSOR_PROJECT_ID="proj_..."          # project id from the workspace
export SYNAPSOR_DATABASE_ID="db_..."           # database id from the workspace
export APP_POSTGRES_URL="postgres://synapsor_reader:<password>@db.example.com:5432/appdb?sslmode=require"

synapsor sources create postgres --name app_postgres --url env:APP_POSTGRES_URL --ssl require --mode live_read
synapsor sources test app_postgres
synapsor sources inspect app_postgres --schema public
synapsor sources import app_postgres --schema public --tables tickets,customers,policy_chunks --tenant-column tenant_id --mode live_read
synapsor sources generate app_postgres --template support-ticket-agent --namespace support