Oracle Cloud Infrastructure Documentation

Oracle Database Guidelines for Generative AI Agents

To make your data available to OCI Generative AI Agents, you have the following data options:

  • Object Storage data: Upload data files to OCI Object Storage and let Generative AI Agents automatically ingest the data. This option is service-managed. Skip this topic if your data files are in Object Storage.
  • OpenSearch data: Bring your own (BYO) ingested and indexed OCI Search with OpenSearch data for the agents to use. Skip this topic if you have this option.
  • Oracle Database vector store: Bring your own (BYO) vector embeddings from an Oracle Base Database 23ai or an Autonomous Database 23ai vector store to Generative AI Agents. This topic provides guidelines for this option, assuming you're already familiar with Oracle Base Database 23ai, Autonomous Database 23ai, and Database Tools.
Note

  • Perform the following steps in the US Midwest (Chicago) region. Generative AI Agents is only available in this region.
Database Requirements

Generative AI Agents doesn't manage the database, so you must set up your existing database so Generative AI Agents can connect to it. The following requirements

Database Table
Create an Oracle Database 23ai table with the following fields:

Required Fields

  • DOCID: An id assigned to each record or document
  • BODY: The actual content that you want the agent to search
  • VECTOR: The vector generated from an embedding model based on the body content

Optional Fields

  • CHUNKID: An id for the chunked document, in case the document is larger than 512 tokens.
  • URL: A URL reference for the content, if available.
  • TITLE: The title of the body content
Tip

You can create text embeddings in OCI Generative AI.
Database Function

A function is a subprogram that can take parameters and return a value. You need to set up a database function can return vector search results from each query. Here are the requirements:

Input Parameters

  • p_query: The query string
  • top_k: Number of top results

Return Type

  • SYS_REFCURSOR

Requirements

  • The embedding model that you use for the function's query field must be the same as the embedding model that transforms the table's BODY content to vector embeddings.

  • The function's return fields must match the table's required (DOCID, BODY and SCORE) and optional fields (CHUNKID, TITLE, and URL).

    The BODY content is processed by an embedding model to produce a VECTOR for each content. The function calculates the distances between the query vector and each VECTOR, returning the top_k rows. The SCORE field represents the distances between the query vector and the VECTOR from the BODY.

  • If the function's return field names don't match the table field names, you must use aliases in the function.

Example

Here is an example of a database function:

create or replace FUNCTION RETRIEVAL_FUNC (p_query IN VARCHAR2,top_k IN NUMBER) RETURN SYS_REFCURSOR IS
    v_results SYS_REFCURSOR;
    query_vec VECTOR;
BEGIN
    query_vec := dbms_vector.utl_to_embedding(
        p_query,
        json('{
            "provider": "OCIGenAI",
            "credential_name": "OCI_VECTOR_CREDENTIAL",
            "url": "https://inference.generativeai.us-chicago-1.oci.oraclecloud.com/20231130/actions/embedText",
            "model": "cohere.embed-english-v3.0"
        }')
    );

    OPEN v_results FOR
        select l.id as DOCID, lv.chunk_id as CHUNKID, l.file_name as TITLE, 
        'https://objectstorage.us-chicago-1.oraclecloud.com/n/{namespace}/b/{bucket_name}/o/' || l.file_name as URL,
        lv.chunk_txt as BODY, vector_distance(embed_vector, query_vec) AS SCORE
        from legislation_vector lv, legislation l
        where l.id = lv.id
        order by SCORE 
        fetch first top_k rows only;

    RETURN v_results;
END;
Networking and Security Requirements

Here are high-level networking guidelines:

Networking Requirements
  • Add the database to the private subnet of a virtual cloud network (VCN) in OCI.
  • Set up the following properties for the for the subnet's ingress rule:
    • Source Type: CIDR
    • Source CIDR: The VCN's IPv4 CIDR Block (such as 10.0.0.0/16)
    • IP Protocol: TCP
    • Source Port Range: All
    • Destination Port Range: 1521-1522
Security Requirements
  • Create a Vault to save the secrets for the database.
  • Create the vault in the same compartment as the database.
Database Tools Connection Requirements

You can create reusable connections to an Oracle database in OCI, by using the Database Tools service. Follow these guidelines to create a connection for your database.

Guidelines for Oracle Base Database 23ai Connection

Generative AI Agents can access an Oracle Base Database 23ai only through a private endpoint with a connection that's set up without a mutual TLS (mTLS) authentication. Perform these tasks to create a database connection with a private endpoint access:

  1. Gather the following information:

    In the Console, open the navigation menu, click Oracle Database and then select Oracle Base Database Service. Click the database system name and then select the database name. Copy the following properties to use for the connection information in the next step:
    • Database System
    • Database
    • Database Home

    • On the left side, select Pluggable Databases and click the pluggable database name. Click PDB connection and copy the connection string with the Long format.

      Example connection string with a long format:

      (DESCRIPTION=(CONNECT_TIMEOUT=5)(TRANSPORT_CONNECT_TIMEOUT=3)(RETRY_COUNT=3)
(ADDRESS_LIST=(LOAD_BALANCE=on)(ADDRESS=(PROTOCOL=TCP)(HOST=10.0.0.62)(PORT=1521)))
(CONNECT_DATA=(SERVICE_NAME=xxx_pdb1.xxx.dbsvcn.oraclevcn.com)))

  2. Create a connection with the following properties:

    • Use the Select database option to select Oracle Base Database.
    • Select the Database system, Database home, and Database.
    • Select the Pluggable database.
    • Enter Username and Role. Ensure the database user has the necessary permissions, can run the database function that you prepared in the first topic, and is assigned an appropriate role. For example, for the Username SYS, assign the SYSDBA role.
    • For User password secret, select Create password secret and create a secret to store the password in the vault that you created in the previous section.
    • For Connection string, paste the long format for the pluggable database from step 1.
    • Check the box for Access database via a private network.
    • Select Select private endpoint.
    • Click Create private endpoint and for Subnet, select the private subnet of the database and click Create.
    • For Wallet format, select None to create a connection without mutual TLS (mTLS) authentication.
Guidelines for Autonomous Database 23ai Connection
Generative AI Agents can access an Autonomous Database 23ai only through a private endpoint with a connection that's set up without a mutual TLS (mTLS) authentication. Perform these tasks to create a database connection with a private endpoint access:
  1. In the Console, open the navigation menu, click Oracle Database and then select Autonomous Database.
  2. Create an autonomous database with the following properties:
    • Choose network access: Select Private endpoint access only.
    • Require mutual TLS (mTLS) authentication: Uncheck the box.

  3. If you have an autonomous database, go the database details page, select More actions, and then click Update network access. Select Private endpoint access only and click Update. Then in the autonomous database details page, under Network, for the Mutual TLS (mTLS) authentication, click Edit, uncheck the box and Save.

  4. From the database details page, gather the following information:

    • Database name
    • Under the Network section:
      • Private endpoint IP
      • Private endpoint URL
    • Click Database connection and in the list of TNS names, find the TNS name that ends with _high, and copy its connection string.

  5. Create a connection with the following properties:

    • Use the Select database option to select Oracle Autonomous Database.
    • Select the Database.
    • Enter a Username that has the necessary permissions and can run the database function that you prepared in the first topic.
    • For User password secret, select Create password secret and create a secret to store the password in the vault that you created in the previous section.
    • For Connection string, paste the connection string that ends with _high, the one that you copied from Database connection information of your database details page. Update the connection and reduce the retry count from 20 to 3 and replace the host from Private endpoint URL with Private endpoint IP.

      Connection string example:

      (description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1522)
(host=<private-endpoint-URL>)(connect_data=(service_name=xxx_high.adb.oraclecloud.com))
(security=(ssl_server_dn_match=no)))

      Updated connection string example:

      (description= (retry_count=3)(retry_delay=3)(address=(protocol=tcps)(port=1522)
(host=<private-endpoint-IP>)(connect_data=(service_name=xxx_high.adb.oraclecloud.com))
(security=(ssl_server_dn_match=no)))
    • Check the box for Access database via a private network.
    • Select Select private endpoint.
    • Click Create private endpoint and for Subnet, select the private subnet of the database and click Create.
    • For Wallet format, select None to create a connection without mutual TLS (mTLS) authentication.