← Back to Docs
Recipe

NL → safe SQL query

Translate natural language into parameterized SQL using Meridian's schema-aware pipeline. No raw string concatenation ever hits the wire.

Overview

This recipe wires a natural-language prompt through Meridian's query builder endpoint. The model introspects your connected database schema, generates a parameterized query, and returns it alongside bound parameters — ready for your application layer to execute.

Prerequisites

  • A Meridian project with a connected PostgreSQL or MySQL datasource.
  • Schema introspection enabled (default on connection).
  • API key with query:build scope.

Request

POST /v1/query/build
Content-Type: application/json
Authorization: Bearer mrd_live_...

{
  "prompt": "Find all users who signed up
             in the last 7 days and have
             verified their email",
  "dialect": "postgres",
  "max_rows": 100
}

Response

{
  "query": "SELECT id, email, created_at
            FROM users
            WHERE created_at > $1
              AND email_verified = $2
            LIMIT $3",
  "params": [
    "2026-05-19T00:00:00Z",
    true,
    100
  ],
  "tables_touched": ["users"],
  "cost_estimate_ms": 12
}

Safety guarantees

  • All user input is bound as parameters — never interpolated.
  • Queries are validated against the live schema before returning.
  • Write operations require an explicit allow_mutations flag.
  • Result sets are capped by max_rows (default 100).

Next step: Execute the returned query with your database driver of choice. See the Query Executor recipe for a full round-trip example.