Middleware Query Skill
Implement natural-language query workflows with strict safety controls.
1) Collect required inputs
Require all connection parameters explicitly for each datasource:
- - �INLINECODE0
- INLINECODE1
- INLINECODE2
- INLINECODE3
- optional:
database (MySQL/Mongo), db (Redis logical DB)
Store connection profiles in scripts/connections.json (or provide env vars) before execution.
Use scripts/connections.example.json as a template and keep real connections.json local-only (gitignored).
Prefer middleware-list config with env/alias entries, e.g. {"redis":[{"env":"local","alias":"main",...}]} and use profiles like redis.local or redis.main.
2) Enforce read-only safety
Always keep operations read-only:
- - SQL:
SELECT, WITH, EXPLAIN SELECT only - Redis:
GET, MGET, HGET, HGETALL, SMEMBERS, ZRANGE, SCAN, TTL, �INLINECODE23 - Mongo:
find, count_documents, aggregate with read-only stages
Reject write/dangerous operations.
3) Prefer deterministic executors
Use scripts under scripts/:
- -
nl_query.py (single command entry: NL -> plan -> guard -> execute) - INLINECODE29� (LLM NL -> plan JSON with retry repair)
- INLINECODE30� +
references/plan-schema.json (JSON Schema validation) - INLINECODE32� (rule-based fallback)
- INLINECODE33� (semantic guard)
- INLINECODE34� (validated plan execution)
- INLINECODE35
- INLINECODE36
- INLINECODE37
Pass validated parameters; never execute free-form shell commands for database access.
4) Output format
Return:
- 1. Datasource + profile used
- Executed query/operation (sanitized)
- Row/document/key count
- Tabular/JSON preview (truncated)
- Short interpretation in Chinese
5) Configuration sources
Priority order:
- 1. Explicit CLI args
- Env vars (see
references/config.md) - INLINECODE39
Fail with clear error if any required field is missing.
6) Reference docs
Read when needed:
- -
references/config.md: connection and env conventions - INLINECODE41�: guardrails and denylist
- INLINECODE42�: common command examples
中间件查询技能
实现具有严格安全控制的自然语言查询工作流。
1) 收集必需输入
对每个数据源明确要求所有连接参数:
- - host
- port
- username
- password
- 可选:database(MySQL/Mongo)、db(Redis逻辑数据库)
在执行前,将连接配置文件存储在 scripts/connections.json 中(或提供环境变量)。
使用 scripts/connections.example.json 作为模板,并将真实的 connections.json 仅保留在本地(已加入gitignore)。
优先使用包含环境/别名条目的中间件列表配置,例如 {redis:[{env:local,alias:main,...}]},并使用类似 redis.local 或 redis.main 的配置文件。
2) 强制只读安全
始终保持操作只读:
- - SQL:仅限 SELECT、WITH、EXPLAIN SELECT
- Redis:GET、MGET、HGET、HGETALL、SMEMBERS、ZRANGE、SCAN、TTL、TYPE
- Mongo:find、count_documents、仅包含只读阶段的 aggregate
拒绝写入/危险操作。
3) 优先使用确定性执行器
使用 scripts/ 下的脚本:
- - nlquery.py(单命令入口:自然语言 -> 计划 -> 防护 -> 执行)
- plannerllm.py(大语言模型自然语言 -> 带重试修复的JSON计划)
- planschema.py + references/plan-schema.json(JSON Schema验证)
- routernl.py(基于规则的备用方案)
- plannerguard.py(语义防护)
- executeplan.py(已验证的计划执行)
- querysql.py
- queryredis.py
- query_mongo.py
传递已验证的参数;绝不执行自由形式的shell命令进行数据库访问。
4) 输出格式
返回:
- 1. 使用的数据源 + 配置文件
- 执行的查询/操作(已清理)
- 行数/文档数/键数
- 表格/JSON预览(截断)
- 简短的中文解释
5) 配置来源
优先级顺序:
- 1. 显式CLI参数
- 环境变量(参见 references/config.md)
- scripts/connections.json
如果缺少任何必需字段,则报错并给出清晰的错误信息。
6) 参考文档
需要时阅读:
- - references/config.md:连接和环境约定
- references/safety-policy.md:护栏和黑名单
- references/examples.md:常用命令示例
