Is this a new feature, an improvement, or a change to existing functionality?
Change
How would you describe the priority of this feature request
Medium
Please provide a clear description of problem this feature solves
Feature Request: text2sql should not execute Destructive SQL Operations
Description
Currently, the Vanna plugin text2sql function appears to execute generated SQL queries directly (when execute_sql=true). While this is efficient for SELECT statements, it poses a significant risk when the model generates queries that modify, delete, or structure data (e.g., INSERT, UPDATE, DELETE, DROP, ALTER).
To improve security and prevent accidental data loss, I propose hardening the execution rules so that any non-read-only query is returned to the user as text for manual review and execution, rather than being run automatically.
Suggested Behavior
- Generate any SQL statement
- use
vanna_instance.is_sql_valid(sql=... check if the SQL should be run.
Conditional Execution:
- Read-only (
SELECT): Continue to execute and display results as usual.
- Destructive/Modifying: Instead of executing, the plugin display the SQL with explanation to the user.
- User Confirmation: User review the SQL and run it manually in her database terminal if it looks correct.
Use Case / Rationale
- Safety: Prevents the LLM from accidentally hallucinating a
WHERE clause incorrectly on a DELETE or UPDATE statement.
- Security: Reduces the risk of "Prompt Injection" resulting in unauthorized data modification.
Describe your ideal solution
@register_function(config_type=Text2SQLConfig, framework_wrappers=[LLMFrameworkEnum.LANGCHAIN])
async def text2sql(config: Text2SQLConfig, builder: Builder):
"""Register the Text2SQL function with Vanna integration."""
# ...
sql = str(sql_result.get("sql", ""))
explanation: str | None = sql_result.get("explanation")
is_valid_sql = vanna_instance.is_sql_valid(sql) # <------ add this check
# If execute_sql is enabled, run the query
if config.execute_sql and is_valid_sql:
yield ResponseIntermediateStep(
id=str(uuid.uuid4()),
parent_id=parent_id,
type="markdown",
name="text2sql_status",
payload=StatusPayload(message="Executing SQL query...").model_dump_json(),
)
# Execute SQL and propagate errors
# Note: run_sql is dynamically set as async function in setup_vanna_db_connection
df = await vanna_instance.run_sql(sql) # type: ignore[misc]
logger.info(f"SQL executed successfully: {len(df)} rows returned")
# Yield final result as Text2SQLOutput
yield Text2SQLOutput(sql=sql, explanation=explanation)Additional context
https://try.vanna.ai/docs/hardening-guide/
Code of Conduct
Is this a new feature, an improvement, or a change to existing functionality?
Change
How would you describe the priority of this feature request
Medium
Please provide a clear description of problem this feature solves
Feature Request:
text2sqlshould not execute Destructive SQL OperationsDescription
Currently, the Vanna plugin
text2sqlfunction appears to execute generated SQL queries directly (whenexecute_sql=true). While this is efficient forSELECTstatements, it poses a significant risk when the model generates queries that modify, delete, or structure data (e.g.,INSERT,UPDATE,DELETE,DROP,ALTER).To improve security and prevent accidental data loss, I propose hardening the execution rules so that any non-read-only query is returned to the user as text for manual review and execution, rather than being run automatically.
Suggested Behavior
vanna_instance.is_sql_valid(sql=...check if the SQL should be run.Conditional Execution:
SELECT): Continue to execute and display results as usual.Use Case / Rationale
WHEREclause incorrectly on aDELETEorUPDATEstatement.Describe your ideal solution
Additional context
https://try.vanna.ai/docs/hardening-guide/
Code of Conduct