Hello everyone,
I'm currently building a chat feature for my SaaS users where they can ask questions about their (financial) data and get answers directly in the chat as tables. For example: "Show me the 10 products with the biggest price changes in the last 6 months where total purchase amounts exceeded €10,000 during that period."
My problem is that the only way for my agent to respond quickly and effectively to any type of question is to let it create SQL queries. But this doesn't work from a security standpoint because one client could potentially access another client's data. There's no Row Level Security like Supabase has that could prevent this.
If I use multiple tools with "query all records" functions, the agent would need to make 20 requests instead of one optimized SQL query, and the total cost of the agent's response through the LLM would be around $1, which is huge. I've tested with SQL queries created by the agent and I'm getting around $0.05 per query.
Additionally, some of my APIs already use Direct SQL Queries, which prevents having External Search generated by the Agent, and I can't work around this.
What would you recommend? One solution would be for Xano to implement RLS like Supabase so the agent can't do whatever it wants but maybe I am missing something!
Thanks for your help!
Ps: my not secured at all AI tool 😄👇
