Description
This issue tracks the implementation of a natural language AI query interface for Heureka. The goal is to allow users to query vulnerabilities, services, and components using natural language without needing to know GraphQL.
- Backend-only: Introduce a new REST endpoint without frontend changes.
- Provider-agnostic LLM abstraction: Internally we'll use the SAP AI Proxy, but should be able to support different models
Question:
Do we want:
- GraphQL generation approach: Use LLM to generate a query, executed against the existing gqlgen executor.
- Template-Based Query Generation: Develop a set of predefined templates for common queries.
Security Considerations
- Query-only: Validate generated GraphQL contains no mutation keyword before execution
- Prompt injection defense: System prompt is separated from user input using proper message roles
Description
This issue tracks the implementation of a natural language AI query interface for Heureka. The goal is to allow users to query vulnerabilities, services, and components using natural language without needing to know GraphQL.
Question:
Do we want:
Security Considerations