A web application that converts natural language queries to SQL using AI, built with FastAPI and Vite + TypeScript.
- 🗣️ Natural language to SQL conversion using OpenAI or Anthropic
- 📁 Drag-and-drop file upload (.csv and .json)
- 📊 Interactive table results display
- 🔒 SQL injection protection
- ⚡ Fast development with Vite and uv
- Python 3.10+
- uv (Python package manager)
- Node.js 18+
- Bun (or your preferred npm tool: npm, yarn, etc.)
- OpenAI API key and/or Anthropic API key
# Backend
cd app/server
uv sync --all-extras
# Frontend
cd app/client
bun installSet up your API keys in the server directory:
cp .env.sample .envand
cd app/server
cp .env.sample .env
# Edit .env and add your API keysUse the provided script to start both services:
./scripts/start.shPress Ctrl+C to stop both services.
The script will:
- Check that
.envexists inapp/server/ - Start the backend on http://localhost:8000
- Start the frontend on http://localhost:5173
- Handle graceful shutdown when you exit
cd app/server
# .env is loaded automatically by python-dotenv
uv run python server.pycd app/client
bun run dev- Upload Data: Click "Upload Data" to open the modal
- Use sample data buttons for quick testing
- Or drag and drop your own .csv or .json files
- Uploading a file with the same name will overwrite the existing table
- Query Your Data: Type a natural language query like "Show me all users who signed up last week"
- Press
Cmd+Enter(Mac) orCtrl+Enter(Windows/Linux) to run the query
- Press
- View Results: See the generated SQL and results in a table format
- Manage Tables: Click the × button on any table to remove it
cd app/server
uv run python server.py # Start server with hot reload
uv run pytest # Run tests
uv add <package> # Add package to project
uv remove <package> # Remove package from project
uv sync --all-extras # Sync all extrascd app/client
bun run dev # Start dev server
bun run build # Build for production
bun run preview # Preview production build.
├── app/ # Main application
│ ├── client/ # Vite + TypeScript frontend
│ └── server/ # FastAPI backend
│
├── adws/ # AI Developer Workflow (ADW) - GitHub issue automation system
├── scripts/ # Utility scripts (start.sh, stop_apps.sh)
├── specs/ # Feature specifications
├── ai_docs/ # AI/LLM documentation
├── agents/ # Agent execution logging
└── logs/ # Structured session logs
POST /api/upload- Upload CSV/JSON filePOST /api/query- Process natural language queryGET /api/schema- Get database schemaPOST /api/insights- Generate column insightsGET /api/health- Health check
The application implements comprehensive SQL injection protection through multiple layers:
-
Centralized Security Module (
core/sql_security.py):- Identifier validation for table and column names
- Safe query execution with parameterized queries
- Proper escaping for identifiers using SQLite's square bracket notation
- Dangerous operation detection and blocking
-
Input Validation:
- All table and column names are validated against a whitelist pattern
- SQL keywords cannot be used as identifiers
- File names are sanitized before creating tables
- User queries are validated for dangerous operations
-
Query Execution Safety:
- Parameterized queries used wherever possible
- Identifiers (table/column names) are properly escaped
- Multiple statement execution is blocked
- SQL comments are not allowed in queries
-
Protected Operations:
- File uploads with malicious names are sanitized
- Natural language queries cannot inject SQL
- Table deletion uses validated identifiers
- Data insights generation validates all inputs
When adding new SQL functionality:
- Always use the
sql_securitymodule functions - Never concatenate user input directly into SQL strings
- Use
execute_query_safely()for all database operations - Validate all identifiers with
validate_identifier() - For DDL operations, use
allow_ddl=Trueexplicitly
Run the comprehensive security tests:
cd app/server
uv run pytest tests/test_sql_injection.py -v- CORS configured for local development only
- File upload validation (CSV and JSON only)
- Comprehensive error logging without exposing sensitive data
- Database operations are isolated with proper connection handling
The ADW system is a comprehensive automation framework that integrates GitHub issues with Claude Code CLI to classify issues, generate implementation plans, and automatically create pull requests. ADW processes GitHub issues by classifying them as /chore, /bug, or /feature commands and then implementing solutions autonomously.
Before using ADW, ensure you have the following installed and configured:
- GitHub CLI:
brew install gh(macOS) or equivalent for your OS - Claude Code CLI: Install from Claude Code documentation
- Python with uv:
curl -LsSf https://astral.sh/uv/install.sh | sh - GitHub authentication:
gh auth login
Set these environment variables before running ADW:
export GITHUB_REPO_URL="https://github.com/owner/repository"
export ANTHROPIC_API_KEY="sk-ant-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
export CLAUDE_CODE_PATH="/path/to/claude" # Optional, defaults to "claude"
export GITHUB_PAT="ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" # Optional, only if using different account than 'gh auth login'ADW supports three main operation modes:
Process a single GitHub issue manually:
cd adws/
uv run adw_plan_build.py <issue-number>Continuously monitor GitHub for new issues (polls every 20 seconds):
cd adws/
uv run trigger_cron.pyStart a webhook server for real-time GitHub event processing:
cd adws/
uv run trigger_webhook.py- Issue Classification: Analyzes GitHub issues and determines type (
/chore,/bug,/feature) - Planning: Generates detailed implementation plans using Claude Code CLI
- Implementation: Executes the plan by making code changes, running tests, and ensuring quality
- Integration: Creates git commits and pull requests with semantic commit messages
For detailed technical documentation, configuration options, and troubleshooting, see adws/README.md.
Backend won't start:
- Check Python version:
python --version(requires 3.12+) - Verify API keys are set:
echo $OPENAI_API_KEY
Frontend errors:
- Clear node_modules:
rm -rf node_modules && bun install - Check Node version:
node --version(requires 18+)
CORS issues:
- Ensure backend is running on port 8000
- Check vite.config.ts proxy settings