Getting Started

Existing DB security model

How Synapsor keeps existing Postgres/MySQL access least-privilege, tenant-scoped, audited, and free from raw model SQL access.

Overview

The model never receives a Postgres/MySQL connection string or raw SQL access. It invokes a reviewed Synapsor capability. Synapsor builds constrained parameterized SELECT queries from imported mappings.

External-source metadata stores source id, database id, safe fingerprints, allowed/denied columns, tenant column, status, and audit. The connection URL/password is stored separately through the secret abstraction and is never returned in API responses.

Every live read must use imported table mappings, allowlisted columns, required tenant filters unless explicitly single-tenant, row limits, query timeout, result-size limits, query fingerprints, parameter fingerprints, evidence, and audit.

Developer notes

Never give Synapsor full production owner credentials for an external source.
Never expose raw SQL execution over the external source to the model.
Use views to pre-remove private columns whenever possible.
Review and keep out private fields before generated capabilities use them.
Review external query audit and evidence lookup records during incident response.
Disable a source rather than deleting history; evidence and audit remain inspectable.

Trusted value boundary

SESSION vs ARG

SESSION values:
  tenant_id
  principal
  current_ticket_id
  current_customer_id

ARG values:
  question
  search phrase
  user-visible filters that are not trusted scope

Rule:
  SESSION values come from your backend.
  ARG values may come from user/model input.
  Do not let the model invent trusted scope.

Examples

sql

ARG question TEXT REQUIRED              -- allowed user/model input
HIDDEN tenant_id FROM SESSION tenant_id -- cannot be supplied by prompt/model
HIDDEN principal FROM SESSION principal -- audit identity from backend/session