Project

ai_record_finder

0.0
No release in over 3 years
ai_record_finderjijobose/ai_record_finderHomepageDocumentationSource CodeBug Tracker
AIRecordFinder converts natural language into validated, schema-aware and tenant-safe ActiveRecord queries via an AI-generated JSON DSL.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
 Popularity
Downloads
352
Stars
0
Forks
0
Watchers
0
 Releases
Current version
0.1.2
Total releases
2
First release
1980-01-02
Latest release
1980-01-02
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
0
Merged Pull Requests
1
Pull Request Acceptance Rate
100%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2026-03-02
Reverse Dependencies
0

 Dependencies

Development

activerecord
>= 7.1
rspec
~> 3.13
sqlite3
>= 1.6

Runtime

faraday
>= 2.7
json
>= 2.6
 Project Readme

AIRecordFinder

ai_record_finder converts natural language prompts into safe ActiveRecord::Relation objects.

It is designed for B2B Rails applications that need strict query safety, tenant boundaries, and model-level authorization.

Documentation homepage: docs/HOME.md

Installation

Add to your Gemfile:

gem "ai_record_finder"

Then run:

bundle install

Configuration

Add an initializer at config/initializers/ai_record_finder.rb:

AIRecordFinder.configure do |config|
  config.api_key = ENV.fetch("OPENAI_API_KEY")
  config.model_name = "gpt-4o-mini"
  config.max_limit = 100
  config.allowed_models = [Invoice, User]

  # Optional: allow controlled joins by model.
  config.allowed_associations = {
    "Invoice" => ["user"]
  }
end

Usage

relation = AIRecordFinder.query(
  prompt: "Unpaid invoices above 50000 from last quarter",
  model: Invoice
)

# Always ActiveRecord::Relation
relation.limit(10).pluck(:id)

For associated-table constraints, reference fields as association.column in natural language intent (for example: "invoices where user.email contains @acme.com"). The gem will auto-join needed associations, but they must still be whitelisted in allowed_associations.

Security Model

ai_record_finder is fail-closed and built to avoid LLM-to-SQL injection:

  • AI is forced to return JSON DSL only (no SQL allowed).
  • AI output is sanitized (markdown/code fences stripped) and JSON-parsed safely.
  • Unknown keys/operators/fields are rejected.
  • Fields are validated against model schema introspection.
  • limit is strictly validated and hard-capped by configuration.
  • Models must be explicitly whitelisted in allowed_models.
  • Optional joins are blocked unless explicitly whitelisted in allowed_associations.
  • If model defines current_tenant_scope, it is always merged.
  • No eval, no destructive operations, no raw SQL execution from AI output.

Architecture Overview

Core components:

  • AIRecordFinder::Configuration: runtime safety and API settings.
  • AIRecordFinder::SchemaIntrospector: model table/column/association/enum summary.
  • AIRecordFinder::PromptBuilder: strict system prompt with schema and DSL contract.
  • AIRecordFinder::Client: OpenAI-compatible HTTP transport (Faraday).
  • AIRecordFinder::AIAdapter: AI response extraction and JSON parsing.
  • AIRecordFinder::DSLParser: validates DSL structure and values.
  • AIRecordFinder::SafetyGuard: model authorization, limit policies, join policies, tenant scope.
  • AIRecordFinder::QueryBuilder: converts validated DSL into ActiveRecord::Relation.
  • AIRecordFinder::Railtie: auto-load support in Rails.

Error Types

  • AIRecordFinder::InvalidModelError
  • AIRecordFinder::InvalidDSL
  • AIRecordFinder::AIResponseError
  • AIRecordFinder::UnauthorizedModel

Testing

Run:

bundle exec rspec

Included tests cover:

  • Valid query generation
  • Invalid field rejection
  • Limit overflow
  • Unknown operator
  • Unauthorized model
  • JSON injection attempt

Pro Roadmap

Potential Pro features:

  • Query explain/preview before execution
  • Auditable prompt and DSL logs with redaction controls
  • Policy packs (SOC2/HIPAA presets)
  • Per-tenant usage quotas and rate-limits
  • Multi-model query planning with approval workflows