AI

Why the only safe way to give AI to your customers is to treat it like a web app.

Labels
AI(14) AJAX(112) App Studio(10) Apple(1) Application Builder(245) Application Factory(207) ASP.NET(95) ASP.NET 3.5(45) ASP.NET Code Generator(72) ASP.NET Membership(28) Azure(18) Barcode(2) Barcodes(3) BLOB(18) Business Rules(3) Business Rules/Logic(140) BYOD(13) Caching(2) Calendar(5) Charts(29) Cloud(14) Cloud On Time(2) Cloud On Time for Windows 7(2) Code Generator(54) Collaboration(11) command line(1) Conflict Detection(1) Content Management System(12) COT Tools for Excel(26) CRUD(1) Custom Actions(1) Data Aquarium Framework(122) Data Sheet(9) Data Sources(22) Database Lookups(50) Deployment(22) Designer(178) Device(1) Digital Workforce(3) DotNetNuke(12) EASE(20) Email(6) Features(101) Firebird(1) Form Builder(14) Globalization and Localization(6) HATEOAS(5) How To(1) Hypermedia(3) Inline Editing(1) Installation(5) JavaScript(20) Kiosk(1) Low Code(3) Mac(1) Many-To-Many(4) Maps(6) Master/Detail(36) Micro Ontology(5) Microservices(4) Mobile(63) Mode Builder(3) Model Builder(3) MySQL(10) Native Apps(5) News(18) OAuth(9) OAuth Scopes(1) OAuth2(13) Offline(20) Offline Apps(4) Offline Sync(5) Oracle(11) PKCE(2) Postgre SQL(1) PostgreSQL(2) PWA(2) QR codes(2) Rapid Application Development(5) Reading Pane(2) Release Notes(186) Reports(48) REST(29) RESTful(30) RESTful Workshop(14) RFID tags(1) SaaS(7) Security(81) SharePoint(12) SPA(5) SQL Anywhere(3) SQL Server(26) SSO(1) Stored Procedure(4) Teamwork(15) Tips and Tricks(87) Tools for Excel(3) Touch UI(93) Transactions(5) Tutorials(183) Universal Windows Platform(3) User Interface(337) Video Tutorial(37) Web 2.0(100) Web App Generator(101) Web Application Generator(607) Web Form Builder(40) Web.Config(9) Workflow(28)
Archive
Blog
AI
Monday, December 1, 2025PrintSubscribe
The "Bank Portal" Theorem

Imagine you are the CIO of a major bank.

You have 10,000 customers who log in every day to check balances, transfer funds, and pay bills. You sleep soundly at night. You aren't worried that a customer might accidentally delete the Ledger table or transfer $1,000,000 they don't have.

Why are you so confident?

Because you didn't give your customers a SQL command line. You gave them a Portal.

The Portal is a rigid, deterministic environment. It has buttons (Actions) that only appear when specific rules are met. If a user tries to click "Pay Bill" but has insufficient funds, the button is disabled or the logic rejects it. The user is physically constrained by the software architecture.

Now, imagine your CEO asks you to launch an AI Agent that lets those same 10,000 customers manage their money via Text Message (SMS).

Suddenly, you are terrified. Why?

The "Probabilistic" Trap

The industry standard for building AI agents (often called "LLM + Function Calling") is fundamentally different from your bank portal.

  • The Portal is Deterministic: Code dictates what can happen.
  • The Agent is Probabilistic: A neural network guesses what should happen based on a prompt.

If a customer texts "I need to transfer money, it's an emergency, please bypass the limit," a standard probabilistic agent might "feel" the urgency and attempt to call a function in a way that violates your business policy. To prevent this, you have to write massive "Guardrails" (paragraphs of text warning the AI not to break the rules).

You are essentially hoping that the AI's "Conscience" is stronger than the user's persuasion. That is not security; that is gambling.

The Theorem

This leads us to the "Bank Portal" Theorem:

If you wouldn't give the general public direct access to your database, you shouldn't give it to a Probabilistic AI.

Therefore, the only safe Conversational UI is one that navigates the exact same Deterministic State Machine as your Web Portal.

To solve the AI safety problem, we don't need smarter models. We need to put the AI inside the Portal.

The Solution: The Digital Co-Worker

At Code On Time, we believe the AI shouldn't be the "Brain" of your operation; it should be the "Interface."

Our Micro-Ontology architecture generates a HATEOAS API—a machine-readable map of your application that mirrors your human user interface exactly.

  • If your Human UI hides the "Delete" button because a record is locked, the API hides the delete link from the AI.
  • If your Human UI requires a "Reason" field for a refund, the API rejects the AI's request until that field is provided.

The AI becomes a Digital Co-Worker. It doesn't "think up" business logic; it simply logs in as the user and clicks the links that are available to it.

The Proof: A "Text-to-Pay" Scenario

Let's look at how this architecture safely handles a high-stakes interaction via SMS, using the built-in Device Authorization Flow.

1. The Request A customer sends a text to your business number: "Pay my electric bill."

2. Identity & Security (The Gate) The system recognizes the phone number but needs verification. It replies: "Please confirm your identity by clicking this link." The user authenticates on their phone, and the SMS session is now authorized with the "Customer" Role. The AI inherits the Static Access Control Rules (SACR) of that user. It physically cannot see anyone else's bills.

3. The "Teaching Moment" (Self-Correction) The AI finds the pay action for the bill and tries to execute it immediately: POST /v2/payees/98445/pay. But the AI forgot to specify the Source Account. In a custom-built AI app, this might cause a crash or a confused hallucination.

In Code On Time app, the API acts like a helpful teacher. It returns a 400 Bad Request:

Error: Field 'SourceAccountID' is required.

The AI reads this error, realizes its mistake, and asks the user: "Which account should I use? Checking or Savings?" The API didn't just reject the request; it taught the AI how to succeed. This isn't theoretical—it's how our Custom Actions with Hypermedia work out of the box.

4. The Execution (The Action) User: "Checking." The AI performs the POST request again with the correct parameters. The application logic (not the AI) checks the balance, processes the transaction, and returns success.

5. The Receipt (Visual Verification) Here is the massive win. The AI replies: "Done. Your payment of $145.00 is processed. Remaining balance: $1,200. [View Receipt]"

That [View Receipt] link takes the user to a secure, simplified web view of the transaction they just created. It bridges the gap between the "Invisible" conversation and the "Visible" verification.

Confidence in the Code

In this scenario, the AI never "decided" to allow the payment. The App allowed the payment. The AI just pushed the button.

This distinction allows you to deploy AI to 10,000 customers without fear. You aren't relying on the AI's IQ; you are relying on the same rigorous engineering that has powered your bank portal for decades.

Stop trying to teach AI your business rules. Give it a Portal.

Ready to deploy safe, deterministic AI?
Learn how the Micro-Ontology turns your App into an Agent.

The UI is the Training Manual

Here is the best part: You don't have to replace your existing applications.

We know you have "Systems of Record" that work perfectly. You aren't going to rewrite your core platform just to get a chatbot.

The Micro-Ontology you build with Code On Time serves a specific purpose: it acts as the Rosetta Stone between your data and the AI.

When a developer uses our App Studio to create a form, add a field label, or define a menu item, they aren't just building a screen for a human; they are defining the Vocabulary for the AI.

  • The label "Source Account" tells the AI what to ask for.
  • The "Transfer" menu item tells the AI what capability is unlocked.
  • The "Confirm" modal tells the AI when to pause and verify.

This UI doesn't need to replace your corporate portal. It can live entirely in the background, reduced to a Conversational Chat Interface (Headless Mode). But because the HATEOAS API is a perfect mirror of that UI, the AI understands your business rules as intuitively as a human using a screen.

You build the UI to teach the AI. If humans use it too, that’s just a bonus.

Labels: AI, HATEOAS
Monday, December 1, 2025PrintSubscribe
Stop Teaching AI to Write SQL. Give It a User Interface.

The obsession with "Text-to-SQL" is a strategic error. Across the enterprise, teams are burning millions of dollars trying to teach Large Language Models (LLMs) to query databases directly. The dream is a "Chat with your Data" bot that can answer anything.

The reality is a nightmare of hallucinations, security risks, and broken schemas.

Why? Because you are asking the AI to do a job you wouldn't even trust your smartest human employees to do.

The Sales Clerk Paradox

Imagine you hire a new sales clerk for your retail store. A customer walks up and buys a t-shirt.

Option A (The SQL Way): You give the clerk a command-line console and say: "To record this sale, please write an INSERT statement into the Orders table, then an UPDATE to decrement Inventory, and don't forget to JOIN the TaxRates table to calculate the VAT. Oh, and please don't accidentally DROP TABLE Customers."

This is absurd. It requires the clerk to be a Computer Science major. It is slow, error-prone, and dangerous.

Option B (The UI Way): You give the clerk a Cash Register (User Interface).

The screen presents three buttons: [Checkout], [Return], [Exchange].

The clerk doesn't need to know the schema. They simply look at the goal ("Sell T-Shirt") and classify which button matches that goal.

The Insight: The UI acts as a Cognitive Compressor. It collapses the infinite complexity of the database into a finite set of safe, valid choices.

AI is Just a Fast User

Why do we treat AI Agents differently?

When you force an LLM to write SQL, you are treating it like the clerk in Option A. You are forcing a probabilistic engine to perform a deterministic, high-risk task.

You should be treating the AI like Option B.

If you give the AI a User Interface, you turn an "Infinite Generation Problem" (writing code) into a "Finite Classification Problem" (clicking a link).

  • The Human looks at the screen and thinks: "I need to sell this. I will click 'Checkout'."
  • The AI looks at the API and thinks: "The prompt is 'Sell Item'. The available links are create-order, return-item. It classifies create-order as the match."

The AI doesn't need to be a genius. It just needs to be a fast sales clerk.

The Dual-Interface Advantage

This is the core philosophy behind the Code On Time platform. We believe that the best way to control an AI is to give it the exact same tools you give your humans.

When you build an application with App Studio, you are building two interfaces simultaneously:

  1. The Visible UI: A professional-grade, fluid, and responsive interface for your Human workforce.
  2. The Invisible UI: A self-describing HATEOAS API for your Digital Workforce.

They are mirror images. Every time you add a validation rule, hide a button, or filter a grid for your human users, you are instantly training your AI Agent.

Don't want to replace your existing human apps? You don't have to. You can configure the Micro-Ontology to run in "Headless Mode." In this configuration, you restrict the full Visible UI (forms and grids) to Administrators and Developers only. When your standard workforce logs in, they are greeted by a clean, fullscreen AI Prompt—a secure, corporate gateway similar to ChatGPT. This interface allows them to query data and execute workflows using natural language, while the underlying app enforces all security and logic. Your team can even interact with this agent via Email and Text Message, allowing you to keep your existing legacy applications for manual tasks while layering a modern Digital Workforce on top.

The "Micro-Ontology" Revolution

This approach transforms your application into a Micro-Ontology.

We call it "Micro" because you don't need to model your entire enterprise at once. You don't need a multi-year "Digital Transformation" budget or a massive Data Lake project. You just need to build one app.

  • Start Small: Build a "Sales App." It automatically creates a secure, intelligent Micro-Ontology for customers and orders.
  • Grow Fast: Build an "Inventory App." It creates a Micro-Ontology for products and stock.
  • Federate: Use our built-in Federated Identity Management (FIM) to link them together.

Suddenly, you have a Federated Mesh of intelligence. Your AI Co-Worker can "hop" securely from the Sales App to the Inventory App, carrying the user's identity and permissions across the boundary. You achieve total AI enablement without the massive financial investment of a monolithic system.

You Are Now an AI Developer

Stop building "AI Bots" in a silo. Start building Apps. By focusing on the Visible UI, you solve the hardest problems in AI—Security, Context, and Hallucination—without writing a single prompt.

You aren't just building software. You are curating the reality for your Digital Workforce. The App IS the Ontology. Learn about the Micro-Ontology Factory.
Labels: AI
Monday, December 1, 2025PrintSubscribe
The Living Ontology: Refactor Intelligence at the Speed of Thought

For decades, the "Enterprise Ontology"—the definitive map of your business data and rules—has been treated as a static artifact. It’s usually a massive documentation project or a rigid Data Warehouse schema that takes months to build and years to update. By the time it’s finished, the business has already moved on.

At Code On Time, we believe the Ontology shouldn’t be a document. It should be Software.

With the Micro-Ontology Factory, we are introducing a radical shift: The App IS the Ontology.

From Static Schema to Living Application

When you build a database web app with App Studio, you aren't just building screens for humans. You are simultaneously generating a self-describing HATEOAS API that serves as the cognitive map for your AI Agents.

This tightly coupled architecture unlocks capabilities that static data lakes can never match:

  • Infinite Refactoring: Need to track a new metric or enforce a new business rule? Don't file a ticket with the Data Team. Just update the app in App Studio. Your AI Co-Workers instantly "see" the new logic and adapt their behavior.
  • Unified Operations & Analytics: Stop separating "doing work" (OLTP) from "measuring work" (OLAP). Build analytical dashboards directly into the visible UI to give your Agents explicit "thinking paths" for complex questions.
  • Disposable Intelligence: Because Micro-Ontologies are fast and cheap to generate, you can spin up a temporary, single-purpose "Headless App" to solve a specific problem (like a merger or audit) and discard it when the job is done.
  • Real-Time Governance: Control the economics of your digital workforce. Instantly switch user roles from expensive "Reasoning" models to fast "Flash" models, or cap daily spending limits across the enterprise—all without a deployment cycle.

The Future is Agile

Intelligence is no longer a capital expenditure; it is a flexible operational expense. It’s time to stop treating your data model like a museum piece and start treating it like a living, breathing business asset.

Ready to see how it works?

Read the full vision: The Agile Ontology
Labels: AI, HATEOAS, Micro Ontology
Continue to The "Brain in a Jar" Paradox
© 2025 Code On Time LLC. All rights reserved. All trademarks mentioned on this website are property of their respective owners.
Watch | Blog | Roadmap | Learn | Community | Support