Project 01 · Case study
Agentic RAG for Natural-Language SQL
LangGraph-based agent that converts natural language into validated SQL with conversational memory, prompt-injection defenses, and multi-format output.
Case study
The problem
Most natural-language-to-SQL tools are demos. They handle toy queries and fall apart once conversation context or ambiguous references show up. I wanted one with memory, proper error handling, and defenses against prompt-driven SQL injection.
The approach
LangGraph-based agent orchestration. The agent decomposes the user's request, generates candidate SQL, validates it against a schema-introspection layer, then executes under parameterized queries with rate limits. Azure OpenAI for reasoning, SQLite as the target database. I picked LangGraph over plain LangChain because the loop needs genuine branching (retry, clarify, escalate), not a linear chain.
What worked
Context held across 90%+ of 50 multi-turn test conversations. Prompt-injection attempts got caught by the validation layer in every case I threw at it. Multi-format output (tables, summaries, matplotlib charts) meant non-technical users could actually use what came back.
What I'd do differently
The first validation layer rejected legitimate queries that used less common joins. I had to add schema introspection so the validator knew what joins were valid. Broader lesson: validators on LLM output need to know as much about the domain as the LLM does.
More detail
A conversational AI that turns natural-language questions into SQL, runs them safely, and returns tables, summaries, or charts. Built on LangGraph for genuine branching logic (retry, clarify, escalate) rather than a linear chain.