Hi Devs,

If you’ve connected an AI agent to a real database, you’ve probably felt the discomfort of the default approach: handing the model an execute_sql(sql) tool.

Read-only roles, SQL validation, allowlists, and prompt instructions all help. But they still give the model raw database authority and then try to constrain it.

I wanted the opposite: a boundary where the model never receives that authority in the first place.

So I built Synapsor Runner, an Apache-2.0 runtime that sits between an MCP client and PostgreSQL or MySQL. Instead of exposing SQL, it exposes reviewed semantic capabilities such as: