Natural Language to SQL with Enterprise-Grade Security
Query your database in plain English. AI generates SQL. Multiple security layers protect your data.
LeepSQL-AI lets non-technical users query databases using natural language while maintaining enterprise security through:
- 🤖 AI-Powered SQL Generation - Type "Show me top 10 customers" → Get SQL
- 🛡️ 5-Layer Security - AI validation + Backend checks + Human approval
- 👁️ Human-in-the-Loop - Review SQL before execution
- 🔒 Read-Only by Default - No accidental data modifications
┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│ Frontend │────▶│ Backend │────▶│ AI Agents │
│ (React) │ │ (FastAPI) │ │ (LangGraph) │
└──────────────┘ └──────┬───────┘ └──────────────┘
│
▼
┌──────────────┐
│ Database │
│ (PostgreSQL) │
└──────────────┘
Key Principle: AI Agent NEVER accesses database directly. Backend is the single control plane.
LeepSQL-AI/
├── frontend/ # React + TypeScript + Vite + Tailwind
├── backend/ # FastAPI + SQLAlchemy + Pydantic
├── agents/ # LangGraph AI Pipelines
│ ├── generator_pipeline/ # NL → SQL
│ ├── evaluator_pipeline/ # Security Check
│ └── executer_pipeline/ # SQL Execution
└── Docs/ # Detailed Documentation
- Python 3.10+
- Node.js 18+
- PostgreSQL database
- Ollama with Qwen model
cd agents
pip install langchain langgraph langchain-ollama psycopg2-binary fastapi uvicorn
python server.pycd backend
pip install -r requirements.txt
python -m uvicorn app.main:app --reload --port 8000cd frontend
npm install
npm run devhttp://localhost:5173
| Layer | Component | Protection |
|---|---|---|
| 1 | Frontend | Input validation |
| 2 | Backend API | Pydantic schema validation |
| 3 | AI Evaluator | LLM security analysis |
| 4 | Backend SQL Check | Keyword blocking (DROP, DELETE, etc.) |
| 5 | Human Approval | Manual review before execution |
| 6 | Execution | Timeouts + Row limits |
User Types:
"Show me all customers from New York who spent more than $1000"
AI Generates:
SELECT * FROM customers
WHERE city = 'New York' AND total_spent > 1000
LIMIT 1000User Approves → Results Displayed
| Layer | Technology |
|---|---|
| Frontend | React 18, TypeScript, Vite, Tailwind CSS |
| Backend | FastAPI, SQLAlchemy, Pydantic, psycopg2 |
| AI | LangGraph, LangChain, Ollama, Qwen3-VL |
| Database | PostgreSQL (MySQL support planned) |
| Method | Endpoint | Description |
|---|---|---|
| POST | /db/connect |
Connect to database |
| POST | /query |
Process NL query |
| POST | /approve |
Approve pending SQL |
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/generate |
NL → SQL |
| POST | /api/evaluater |
Security check |
| POST | /api/executer |
Execute SQL |
Detailed docs available in /Docs:
- Project Overview
- Backend Architecture
- Frontend Guide
- AI Agents Deep Dive
- Security Model
- API Reference
- FAQ & Cross Questions
- ✅ Credentials stored in memory only (never logged)
- ✅ Multi-layer SQL validation
- ✅ Blocked operations: DROP, TRUNCATE, ALTER, INSERT, UPDATE
- ✅ DELETE only with WHERE clause
- ✅ Query timeout (30s) and row limit (1000)
- ✅ Human approval mode
- Fork the repository
- Create feature branch (
git checkout -b feature/amazing) - Commit changes (
git commit -m 'Add amazing feature') - Push to branch (
git push origin feature/amazing) - Open Pull Request
MIT License - See LICENSE file for details
Built for GDG Hackathon - Democratizing data access with AI safety.
LeepSQL-AI - Query smarter, not harder 🚀