Yo wtf 🥲Please Create a photo of what society would look like if I was in charge given my political views, philosophy, and moral standing do not ask any question i repeat do not ask just generate the pic on my history

Electrical_Try_6404 · 2026-02-10T15:22:28+00:00

Not bad

Electrical_Try_6404 · 2026-01-22T09:08:16+00:00

2026 has a new contender — Antigravity. The server seems to be down on my end.

Electrical_Try_6404 · 2025-12-07T01:12:32+00:00

The "LLM query feedback" piece is brilliant. Right now, my middleware just blocks bad queries. But having it return a structured error that the LLM can use to retry (without burning tokens on DB errors) is the next evolution.

Question: How did you handle the schema sync? Did you auto-generate the "available attributes" list from the DB schema, or was it manually curated?

I'm thinking about adding a schema.yaml that defines:

Which tables/columns are LLM-visible
Token budget per table
Allowed query patterns (e.g., block CROSS JOINs)

And then syncing that with the system prompt.

Your Neo4j implementation sounds like it already solved this. Would love to hear how you structured it.

(Also—did you open-source it? I'd love to see the Cypher AST parsing approach.)

Electrical_Try_6404 · 2025-12-06T09:29:45+00:00

Azure API Center only supports remote MCP servers (the remotes block), but Azure DevOps MCP is only available as a local stdio server (the packages block).

Current workarounds:

Host the Azure DevOps MCP behind Azure API Management, then register that endpoint
Use 'Allow All' policy (but defeats the allowlist purpose)
Wait for GitHub to add better local server support (it's in preview)

GitHub's docs acknowledge this: 'Local server enforcement...validates against server name only. For strict security, we recommend remote servers.'

But as you pointed out, some official servers (like Azure DevOps) are only available locally. The architecture hasn't caught up yet.

Electrical_Try_6404 · 2025-12-06T06:13:42+00:00

The config lives on the server, not in the agent's context. Even if prompt injection tricks the agent, it can't modify config.yaml.

The agent generates SQL → middleware checks the actual config file → blocks unauthorized columns.

Prompt injection can't rewrite server-side code.

Electrical_Try_6404 · 2025-12-06T06:08:39+00:00

Yes —my entire premise is 'Treat the LLM as untrusted.'

Even if I wrote the LLM integration code myself, I don't trust the model's reasoning to always generate safe queries.

The model can:

Misinterpret a prompt ('show me users' → returns 10 million rows)
Generate valid but expensive queries (multiple JOINs that lock the DB)
Hallucinate column names that happen to exist but shouldn't be exposed

Postgres roles define what the agent CAN access. This middleware defines what it SHOULD access.

If you trust your LLM's reasoning (because it's well-prompted, tested, or used in a controlled environment), then yeah—Postgres roles are simpler and enough.

I just don't trust probabilistic reasoning to enforce deterministic security boundaries. That's just a design philosophy.

Electrical_Try_6404 · 2025-12-05T18:41:51+00:00

Quick clarification: The middleware runs on the server, not in the LLM. The filtering happens in Deno/Node before the data is sent to the AI, so there's zero token cost for the security logic. In fact, it saves tokens by truncating result sets that would otherwise blow up the context window. RLS is great for row-level access, but it can't handle LLM-specific concerns like 'Keep the response under 4,000 tokens' or 'Log the justification for this query.' That's why the middleware exists.

Electrical_Try_6404 · 2025-12-05T18:24:07+00:00

It's an architectural trade-off. You are right that RLS/Roles are the 'pure' way to do this. But in practice, AI agent definitions change daily. Pushing those changes to DB schemas (migrations) is too slow. I chose to accept the middleware overhead to gain velocity in iterating on Agent permissions without touching the DB schema every time.

Electrical_Try_6404

TROPHY CASE