What it does Vanna is a Python framework that turns natural language questions into SQL, executes them, and streams back tables, charts, and summaries through a pre-built web component. It plugs into FastAPI or Flask, talks to most major databases and LLMs, and now treats user permissions as a first-class citizen rather than an afterthought.

The interesting bit Most text-to-SQL tools slap auth on the API gateway and hope for the best. Vanna 2.0 threads user identity through system prompts, tool execution, and SQL filtering so the same “Q4 sales” question returns different rows for Alice in Finance versus Bob in Support. The <vanna-chat> web component drops into any page and reuses your existing cookies or JWTs.

Key highlights

• User-aware agent architecture: identity flows from HTTP request → LLM prompt → SQL runner → row-level filter
• Pre-built <vanna-chat> web component with streaming tables, Plotly charts, and dark/light themes
• Supports OpenAI, Anthropic, Ollama, Gemini, Bedrock, Mistral, and others; PostgreSQL, Snowflake, BigQuery, DuckDB, and 10+ more databases
• Extensible tool registry with Pydantic-typed arguments and group-based access controls
• Lifecycle hooks, LLM middlewares, conversation storage, and built-in observability tracing
• LegacyVannaAdapter for wrapping 0.x code during migration

Caveats

• Vanna 2.0 is a complete rewrite with a new Agent API; 0.x users must migrate or use the adapter
• The README pitches enterprise features heavily but leaves exact performance or accuracy benchmarks unstated
• Self-hosted setup requires wiring your own UserResolver and auth plumbing; not a one-click deploy

Verdict Worth a look if you’re building multi-tenant analytics where users must never see each other’s data. Skip it if you just need a quick CLI SQL generator or don’t want to own the auth integration.