1
0
simple-ai-gateway-tool/scenes/01-allow-db-read.md
Nilton Constantino d48172539a
first commit
2026-04-22 14:55:58 +01:00

75 lines
2.2 KiB
Markdown

# Scene 1 — ALLOW: Read-Only Database Query
**Policy rule:** Scope-based (`db.read` scope grants access to `db.queryReadonly`)
**Expected result:** ALLOW
---
## Presentation Rule
> **Language:** All AI narration and communication during scenes must be in **English**.
>
> The AI must narrate every interaction with the gateway in detail. **Before** calling the gateway, explain what it is about to do, which endpoint it will call, what payload it will send, and what it expects to happen. **After** receiving the response, explain what the gateway returned, what the decision means, and why it matters. The goal is to make the audience understand exactly what is happening between the AI and the gateway at every step.
---
## Communication Flow
```mermaid
sequenceDiagram
participant AI as AI Agent
participant GW as Gateway
participant PE as Policy Engine
participant DB as Database Service
AI->>GW: POST /api/gateway/execute<br/>{tool: db.queryReadonly, action: query,<br/>arguments: {sql: "SELECT ..."}}
GW->>GW: Validate JWT + extract scopes
GW->>PE: Evaluate policy rules
PE->>PE: Scope check: db.read ✓
PE-->>GW: Decision: ALLOW (rule: allow-db-readonly)
GW->>DB: Execute read-only query
DB-->>GW: Result rows
GW->>GW: Write audit entry
GW-->>AI: 200 OK {decision: ALLOW, result: {rows, count}}
```
## Demo Script
> **Presenter says:** "Let's start with a simple, safe operation. The AI wants to read some data from the database."
### Action
Example request:
> "Query the database to show me all active users"
Send a gateway request for `db.queryReadonly` with SQL like `SELECT * FROM users WHERE active = true`.
### Expected Response
```json
{
"request_id": "req-...",
"decision": "allow",
"result": {
"rows": [...],
"row_count": 5
}
}
```
---
## What This Proves
- The token has `db.read` scope -> the policy engine allows read-only queries
- The query goes through the gateway, not directly to the database
- The AI never sees connection strings or DB credentials
- Audit log captures: who queried, what SQL, when, decision=ALLOW
---
## Transition to Next Scene
> "OK, reads work fine. But what happens when the AI tries something more dangerous?"