Spencer AI
Agentic NL-to-SQL Chatbot · Internal Platform
Natural-language chatbot that lets CMS users query their business database in plain English. Converts questions into SQL, runs them against a real-time synced copy of the production DB, and returns formatted answers with charts, exports, and follow-up suggestions.
The Brief
Problem
Operations staff were blocked on data analysts for every report — attendance, invoice status, project progress. Analysts spent days writing one-off SQL.
The Architecture
Decision
Built a Gemini-powered NL→SQL pipeline with a hard SQL Guard layer (10+ injection patterns, sensitive column stripping, tenant isolation enforcement) and a 2-second incremental sync from cmshub_live → cms_ai so reads never touch prod.
The Outcome
Result
Operations now self-serve. Analysts freed for strategic work. Zero successful prompt injections. Multi-tenant from day one with client_id scoping enforced at the Guard layer.
How it actually works in production.
Auth & Intake
User question
plain English
JWT + RBAC
role check
Load context
permissions, schema
Generation & Defence
Gemini 2.5 Flash
NL → SQL
SQL Guard
10+ injection patterns
Strip sensitive cols
password, NI no.
Tenant isolation
WHERE client_id=?
Execute & Format
cms_ai (read replica)
synced every 2s
Format + chart
tables, follow-ups
Redis cache
2hr TTL
Response
streamed to UI
Always-Running Sync (parallel)
cmshub_live
production CMS DB
Incremental sync
26+ tables · 2s loop
Cursor state
cms_sync_state
cms_ai
AI replica
Animated · Built in code · No GIFs
See Spencer AI in action.
Demo video
End-to-end query → SQL → chart demo (NDA — concept video coming)
~ 0:45 · coming soon
Live chat interface — natural-language SQL
Image slot
SQL Guard rejecting an injection attempt
coming soon
Image slot
Real-time sync dashboard — 26 tables
coming soon
Image slot
Generated chart from a natural-language query
coming soon
Stack