Mostly my concerns are around authorization (who can access what) and those two tools handle that before generating a database query. So maybe the approach would be to go from natural lang -> SQL (as you do now) then to Hasura's or PostgREST's specific query syntax (which are already pretty SQL like). And specifically with Hasura, since it's GraphQL - you can get all the available types. But that might all be to far out of scope of what you're trying to do.
Re: security - assuming your RDBMS supports row-level security then you should be fine as-is - otherwise let users only query VIEW objects with security filters baked-in to them.
