emon/larabot-ai

Conversational AI database assistant for Laravel with Schema-RAG and NLโ†’SQL capabilities

Maintainers

Details

github.com/MdIshtiaque/larabot-ai

Source

Issues

Installs: 1

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 0

Forks: 0

Open Issues: 0

pkg:composer/emon/larabot-ai

v1.0.0 2025-11-09 19:22 UTC

Requires

Requires (Dev)

MIT 945c296e3f68fde37b1231fe7902cad7ea43772e

  • Md Ishtiaque Ferdous Emon <ishtiaqueferdous109.woop@gmail.com>

databasesqlbotlaravelassistantquery-builderaichatbotGeminiragconversational-ainatural-language

This package is auto-updated.

Last update: 2025-11-09 21:38:09 UTC

README

Latest Version Total Downloads License PHP Version

Conversational AI database assistant for Laravel that combines Schema-RAG and NLโ†’SQL capabilities using Google Gemini AI.

๐Ÿš€ Features

  • ๐Ÿค– Natural Language to SQL - Ask questions about your database in plain English
  • ๐Ÿ“š Documentation RAG - Retrieval Augmented Generation from your project docs
  • ๐Ÿ” Semantic Schema Search - AI embeddings for intelligent table discovery
  • ๐Ÿ” Secure by Design - Read-only DB connection + SQL injection prevention
  • โšก Auto-Discovery - Automatically learns your database structure
  • ๐Ÿ“Š Query Logging - Track all queries with performance metrics
  • ๐Ÿ›ก๏ธ Rate Limiting - Built-in protection against abuse
  • ๐ŸŽฏ Column-Aware - Matches queries to specific columns
  • ๐Ÿ”— Relationship Discovery - Automatically follows foreign keys

๐Ÿ“‹ Requirements

  • PHP 8.1 or higher
  • Laravel 10.x or 11.x
  • MySQL 5.7+ / MariaDB 10.3+
  • Google Gemini API key (Get free key)

๐Ÿ“ฆ Installation

Step 1: Install via Composer

composer require emon/larabot-ai

Step 2: Publish Configuration

php artisan vendor:publish --tag=larabot-config

Step 3: Publish Migrations

php artisan vendor:publish --tag=larabot-migrations

Step 4: Configure Environment

Add to your .env file:

GEMINI_API_KEY=your_api_key_here
GEMINI_EMBED_MODEL=models/text-embedding-004
GEMINI_LLM_MODEL=models/gemini-2.0-flash-exp

Get your free API key from Google AI Studio.

Step 5: Add Read-Only Database Connection

Add this to config/database.php:

'mysql_readonly' => [
    'driver' => 'mysql',
    'url' => env('DB_URL'),
    'host' => env('DB_HOST', '127.0.0.1'),
    'port' => env('DB_PORT', '3306'),
    'database' => env('DB_DATABASE', 'laravel'),
    'username' => env('DB_READONLY_USERNAME', env('DB_USERNAME')),
    'password' => env('DB_READONLY_PASSWORD', env('DB_PASSWORD')),
    'charset' => 'utf8mb4',
    'collation' => 'utf8mb4_unicode_ci',
    'prefix' => '',
    'strict' => true,
],

Security Tip: Create a read-only MySQL user:

CREATE USER 'readonly'@'localhost' IDENTIFIED BY 'password';
GRANT SELECT ON your_database.* TO 'readonly'@'localhost';
FLUSH PRIVILEGES;

Then add to .env:

DB_READONLY_USERNAME=readonly
DB_READONLY_PASSWORD=password

Step 6: Run Migrations

php artisan migrate

Step 7: Embed Your Database Schema

php artisan schema:embed

This command will:

  • Discover all tables in your database
  • Extract column information and relationships
  • Generate AI embeddings for semantic search
  • Store everything for lightning-fast queries

Note: This may take 2-5 minutes depending on database size due to API rate limits.

Step 8 (Optional): Embed Documentation

If you have markdown documentation in a docs/ directory:

php artisan docs:embed

๐ŸŽฏ Usage

API Endpoints

The package automatically registers these routes:

POST   /api/bot/ask      - Ask a question
GET    /api/bot/history  - Get query history (requires auth)
GET    /api/bot/stats    - Get statistics

Ask Questions

curl -X POST http://localhost:8000/api/bot/ask \
  -H "Content-Type: application/json" \
  -d '{"query": "How many users are active?"}'

Response:

{
  "success": true,
  "data": {
    "answer": "There are 150 active users in the system.",
    "intent": "sql",
    "response_time_ms": 1250,
    "sql": "SELECT COUNT(*) FROM users WHERE is_active = 1;",
    "sources": null
  },
  "error": null
}

Example Queries

SQL Queries:

- "How many orders were placed today?"
- "Show me the top 10 products by sales"
- "List all users who joined this month"
- "What's the average order value?"
- "Find customers with more than 5 orders"

Documentation Queries:

- "How do I set up authentication?"
- "Explain the payment flow"
- "What is the API rate limit?"

Programmatic Usage

use Emon\LarabotAi\Services\HybridBotService;

class MyController
{
    public function __construct(private HybridBotService $bot) {}

    public function askQuestion(Request $request)
    {
        $result = $this->bot->ask(
            query: $request->input('question'),
            userId: auth()->id()
        );

        return response()->json($result);
    }
}

โš™๏ธ Configuration

Authentication

By default, bot routes are publicly accessible. To require authentication:

Option 1: Environment Variables (Recommended)

Add to .env:

GEMINI_REQUIRE_AUTH=true
GEMINI_AUTH_GUARD=sanctum  # or 'api', 'web'

Option 2: Config File

Edit config/gemini.php:

'require_auth' => true,
'auth_guard' => 'sanctum', // or 'api', 'web', 'passport'

Option 3: Custom Middleware (Advanced)

Edit config/gemini.php and customize the middleware array:

'route_middleware' => [
    'api',
    'auth:sanctum',           // Add authentication
    'bot.rate-limit',
    'verified',               // Add email verification
    'throttle:60,1',          // Additional rate limiting
],

Testing Authenticated Requests:

# With Sanctum token
curl -X POST http://localhost:8000/api/bot/ask \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_TOKEN_HERE" \
  -d '{"query": "How many users?"}'

Common Auth Guards:

  • sanctum - Laravel Sanctum (SPA/mobile apps)
  • api - Token-based authentication
  • web - Session-based authentication
  • passport - Laravel Passport OAuth2

Rate Limiting

Default: 10 requests per minute per user/IP

To customize, modify src/Http/Middleware/BotRateLimitMiddleware.php:

$executed = RateLimiter::attempt("bot-query:{$userId}", 20, fn () => true);

Query Length

Default: 500 characters max

Change in middleware:

if (strlen($query) > 1000) { // Increased to 1000
    // ...
}

Gemini Models

In config/gemini.php:

'embed_model' => env('GEMINI_EMBED_MODEL', 'models/text-embedding-004'),
'llm_model' => env('GEMINI_LLM_MODEL', 'models/gemini-2.0-flash-exp'),

๐Ÿ”’ Security Features

โœ… Read-Only Database - Queries execute on separate read-only connection
โœ… SQL Injection Prevention - Blocks dangerous SQL patterns
โœ… No Mutations - DROP, DELETE, UPDATE, INSERT automatically blocked
โœ… Optional Authentication - Support for Sanctum, Passport, and custom guards
โœ… Rate Limiting - Prevents API abuse (10 req/min default)
โœ… Query Validation - Validates generated SQL before execution
โœ… Audit Logging - All queries logged with user ID and timestamps

๐Ÿงช How It Works

Architecture

User Query โ†’ Intent Detection โ†’ Hybrid Bot Service
                                       โ†“
                         โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
                         โ†“                           โ†“
                   SQL Intent                    RAG Intent
                         โ†“                           โ†“
              Schema Retrieval              Knowledge Retrieval
            (Semantic Search + FKs)       (Document Embeddings)
                         โ†“                           โ†“
               SQL Generation                  Context Assembly
            (Gemini LLM + Rules)                     โ†“
                         โ†“                    Answer Generation
                   SQL Validation                 (Gemini LLM)
                         โ†“                           โ†“
                  Execute Query                      โ”‚
                         โ†“                           โ”‚
                         โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                                     โ†“
                              Format Response
                                     โ†“
                              Query Logging
                                     โ†“
                            Return to User

Key Components

  1. Schema Embeddings - Vector representations of your database tables
  2. Semantic Search - Finds relevant tables using AI similarity matching
  3. Relationship Discovery - Automatically includes related tables via foreign keys
  4. Column-Aware Matching - Matches query terms to specific columns
  5. SQL Generation - Gemini LLM generates optimized SQL queries
  6. SQL Validation - Multi-layer security checks before execution

๐Ÿ“Š Query Logging

All queries are logged to query_logs table:

DB::table('query_logs')
    ->where('user_id', auth()->id())
    ->orderBy('created_at', 'desc')
    ->get();

Fields: query, intent, generated_sql, retrieved_tables, response_time_ms, success, error_message

๐Ÿ”ง Maintenance

Re-embed Schema After Changes

Run this after migrations or schema changes:

php artisan schema:embed

Update Documentation

After updating docs:

php artisan docs:embed

๐Ÿ› Troubleshooting

"403 Forbidden" from Gemini API

Solution: Remove API key restrictions in Google AI Studio.

"429 Too Many Requests"

Solution: Hitting free tier quota limit. Wait or upgrade plan.

"Table X is not in allowed list"

Solution: Schema not embedded. Run php artisan schema:embed

SQL Validation Errors

Solution: Generated SQL contains dangerous operations or syntax errors. Check query logs.

๐Ÿ“š Documentation

๐Ÿค Contributing

Contributions welcome! Please:

  1. Fork the repository
  2. Create a feature branch
  3. Add tests for new features
  4. Submit a pull request

๐Ÿ“„ License

MIT License - see LICENSE file for details.

๐Ÿ™ Credits

Built with:

๐Ÿ’ฌ Support

๐ŸŒŸ Star History

If this package helped you, please star it on GitHub! โญ

Made with โค๏ธ for the Laravel community