AI Deep Dive

Security and SSE Streaming

Secure data-entry assistants by propagating user identity, validating tools, and streaming responses for responsive UX.

Security-first principles

Require authenticated requests to the chat endpoint.
Use role checks inside tool methods for sensitive entities.
Propagate JWT to internal APIs so Snello ACL rules remain authoritative.

Token propagation

When using Quarkus Rest Client, access-token propagation lets tool calls execute as the current user identity rather than as a service account.

Prompt injection hardening

Expose only minimal tools needed for business operations.
Never expose arbitrary SQL execution tools to the model.
Validate payload keys against metadata before writes.

SSE streaming flow

Angular -> POST /chat (JWT)
Quarkus -> TokenStream / Multi<String>
Frontend -> progressively render tokens

Streaming improves perceived speed and keeps users informed during long tool chains.

UX recommendations

Show assistant state: thinking, reading metadata, writing data, done.
Support markdown rendering for structured responses.
Add confirmation steps before destructive writes.