Advanced LLM-powered multi-agent system for querying SQLite databases using natural language - a professional web application. This project integrates grounding techniques, secure prompt engineering, and database connectivity to provide a safe and professional database interface. The system supports multilingual queries and can be tested in Turkish & English languages.
This system allows users to query SQLite databases using natural language without requiring any SQL knowledge. It delivers accurate, reliable, and secure responses through multi-agent architecture and Google Gemini API.
- π£οΈ Natural Language Processing: Convert Turkish and English queries to SQL
- π Security-Focused: Multi-layered security measures and SQL injection protection
- π Automatic CSV Export: Download query results in CSV format
- π Modern Web Interface: React-based responsive user interface
- β‘ Real-time Chat: Instant messaging experience
- π Multi-Agent System: Reliable results with specialized agents
- π± Mobile Compatible: Responsive design that works on all devices
The project uses a 3-tier hybrid architecture:
backend/
βββ app.js # Main Express application
βββ routes/
β βββ api/
β βββ chat.js # Chat API endpoints
β βββ auth.js # Authentication endpoints
βββ services/
β βββ pythonBridge.js # Bridge to Python service
βββ bin/www # Server launcher
Responsibilities:
- RESTful API endpoints
- CORS and security middleware
- Proxy function to Python service
- Request validation and error handling
python-service/
βββ app.py # Flask API server
βββ chatbot_service.py # Main chatbot logic
βββ calculate_token.py # Token calculation and rate limiting
Responsibilities:
- LLM API integration (Google Gemini)
- Multi-agent orchestration
- SQLite database operations
- CSV file creation and management
frontend/src/
βββ App.js # Main React component
βββ App.css # Styling
βββ index.js # Entry point
Responsibilities:
- User interface
- Real-time chat experience
- CSV download operations
- Responsive design
The system uses 3 specialized agents:
- π SQL Agent: Converts natural language questions into safe and valid SQL queries (Structured Output)
- π Natural Language Agent: Converts JSON database results into user-friendly natural language responses
- π― Orchestrator Agent: Coordinates agents, manages context, and enforces security policies
The system employs multiple grounding strategies to ensure accurate and secure outputs:
- Agents with specialized roles (SQL generation, Natural Language processing, Orchestration)
- Separation of concerns β reduces hallucination risk and improves control
SQL Agent responses are constrained to predefined JSON schema:
{
"sql_query": "SELECT SupplierName FROM Suppliers WHERE SupplierID = (SELECT SupplierID FROM Products ORDER BY Price DESC LIMIT 1);",
"explanation": "Finds the supplier of the highest-priced product."
}Configuration:
sql_generation_config = {
"temperature": 0.1,
"top_p": 0.95,
"top_k": 64,
"max_output_tokens": 8192,
"response_mime_type": "application/json",
"response_schema": {
"type": "object",
"properties": {
"sql_query": {"type": "string", "description": "Valid SQLite SELECT query"},
"explanation": {"type": "string", "description": "Brief explanation of what the query does"}
},
"required": ["sql_query"]
}
}Agents are supported with:
- Explicit database schema embedded into prompts
- Clear rules for SQL generation and response formatting
database_schema = """
Northwind database schema:
- Categories: CategoryID, CategoryName, Description
- Customers: CustomerID, CustomerName, ContactName, Address, City, PostalCode, Country
- Products: ProductID, ProductName, SupplierID, CategoryID, Unit, Price
# ... other tables
"""This approach prevents the model from inventing non-existent table or column names.
- Real-time grounding via actual SQLite database execution
- SQL results are fetched directly from the database and converted to JSON
- NL Agent uses real query results β no hallucination
-
π Input Sanitization
- Detects and blocks SQL injection and prompt injection patterns
- Malicious content filtering
-
β SQL Query Validation
- Only accepts safe
SELECTstatements - Blocks dangerous commands like
DROP,INSERT,UPDATE
- Only accepts safe
-
π‘οΈ Multi-Layer Prompt Injection Protection
- Guard lists prevent malicious attempts to manipulate the model
- Context enforcement prevents agents from revealing hidden instructions
-
π Safe Database Execution
- Queries are validated before execution
- Errors are handled gracefully with user-friendly messages
To manage API rate limits and ensure high availability, the system includes automatic retry and token usage monitoring:
-
api_request_with_retryfunction catches HTTP429(rate limit) errors and retries with exponential backoff -
Token tracking:
count_tokensandget_token_usagemonitor prompt and response tokens- Global thresholds (
MAX_TOKENS,CONTEXT_WINDOW,WARNING_THRESHOLD) trigger warnings when limits are approached
- π¬ Real-time Chat UI: Instant messaging experience
- π Smart CSV Export: Automatic download of query results
- π Example Queries: Ready-to-use examples
- π± Mobile-Compatible Design: Responsive UI
- β‘ Loading States: Loading indicators for user experience
- π¨ Modern CSS: Gradients and animations
Reasons for using Flask in the Python microservice:
- π Lightweight and Fast: Minimal overhead, fast API responses
- π§ Flexibility: Easy customization for LLM integration
- π Rich Ecosystem: Google Generative AI, SQLite, Pandas integration
- π Python Advantages: Natural compatibility with AI/ML libraries
- βοΈ Microservice Compatibility: Easy integration with Node.js backend
- π RESTful API: Clean architecture with standard HTTP endpoints
graph TD
A[π€ User Query] --> B[π― Orchestrator Agent]
B --> C[π SQL Agent]
C --> D[π Structured JSON Output]
D --> E[πΎ SQLite Database]
E --> F[π Query Results]
F --> G[π Natural Language Agent]
G --> H[β
Secure Response]
B --> I[π‘οΈ Security Check]
I --> J[β Malicious Content?]
J -->|Yes| K[π« Block]
J -->|No| C
E --> L[π CSV Export]
L --> M[πΎ Automatic Save]
Detailed Workflow:
- User Query β Sent from React frontend
- Node.js Backend β Routes request to Python microservice
- Orchestrator Agent β Security check and routing
- SQL Agent β Converts natural language to SQL in JSON format
- SQLite Database β Real query execution
- NL Agent β Converts JSON results to natural language
- CSV Export β Results automatically saved to CSV
- π£οΈ Natural Language β SQL Translation: Turkish and English support
- π Structured Output: Safe and parseable queries
- π― Context-Aware Querying: Context awareness through prompt engineering
- π Automatic CSV Export: Instant download of results
- π Secure & Reliable Responses: Protected with multi-layer security
npm install express cors axios dotenv morgan express-validator jsonwebtoken uuidpip install flask flask-cors google-generativeai python-dotenv pandas sqlite3npm install react react-dom axiosCreate .env file:
# Google Gemini API
GEMINIAPI=your_gemini_api_key
# Database
DB_PATH=./Northwind.db
# Service URLs
FRONTEND_URL=http://localhost:3000
PYTHON_SERVICE_URL=http://localhost:5001- Start Python Microservice:
cd python-service
python app.py
# Runs on port 5001- Start Node.js Backend:
cd backend
npm start
# Runs on port 3001- Start React Frontend:
cd frontend
npm start
# Runs on port 3000πΉπ· Turkish:
"En pahalı ürünün tedarikçisi kim?" (Who is the supplier of the most expensive product?)
β En yΓΌksek fiyatlΔ± ΓΌrΓΌn CΓ΄te de Blaye ve tedarikΓ§isi Aux joyeux ecclΓ©siastiques.
"Beverages kategorisindeki tΓΌm ΓΌrΓΌnleri gΓΆster" (Show all products in Beverages category)
β Beverages kategorisindeki ΓΌrΓΌnler: Chai, Chang, GuaranΓ‘ FantΓ‘stica...
πΊπΈ English:
"Show all customers from Germany"
β Here are all customers from Germany: Alfreds Futterkiste, Blauer See Delikatessen...
- π€ LLM: Google Gemini 2.5 Pro (Structured Output + Context Injection)
- πΎ Database: SQLite with schema-level validation
- π‘οΈ Security: Multi-layer protection (sanitization, validation, filtering)
- π― Grounding: Real database connection prevents hallucination
- π Frontend: React 19.1.1 + Modern CSS
- β‘ Backend: Node.js Express + Flask microservice
- π Export: CSV generation with Pandas
Database-Assistant/
βββ π backend/ # Node.js Express API
β βββ app.js # Main Express application
β βββ routes/api/
β β βββ chat.js # Chat endpoints
β β βββ auth.js # Auth endpoints
β βββ services/
β β βββ pythonBridge.js # Python service bridge
β βββ package.json
β
βββ π frontend/ # React Web Interface
β βββ src/
β β βββ App.js # Main React component
β β βββ App.css # Styling
β β βββ index.js # Entry point
β βββ package.json
β
βββ π python-service/ # Flask Microservice
β βββ app.py # Flask API server
β βββ chatbot_service.py # Main chatbot logic
β βββ calculate_token.py # Token management
β βββ query_results/ # CSV outputs
β
βββ π Northwind.db # SQLite database
βββ π .env # Environment variables
βββ π README.md # This documentation
- π Hybrid Architecture: Multi-Agent LLM Architecture + real database grounding
- π‘οΈ Advanced Security: State-of-the-art security techniques
- π Structured Output: Reliable responses with Context Injection
- π Smart Analytics: Automatic CSV export and data analysis
- π Modern Web Stack: React + Node.js + Flask microservice architecture
- π£οΈ Multilingual Support: Turkish and English natural language processing
- β‘ Real-time Experience: WebSocket-like fast response times