February 2026
Code Review Can't Keep Up with AI-Generated SQL
The Problem
Whether it should or not, AI-generated code is finding its way into production.
LLMs generate text based on statistical distributions, not through some kind of mystical intelligence. Without rigorous review, production systems are at the mercy of the weakest link in the review chain.
If you're responsible for a data platform at scale, the challenge is difficult to overstate. Engineers and analysts are now producing massive amounts of SQL with LLM assistance, and "looks good to me" becomes the only feasible review mechanism when a model emits 10,000 lines of change in a single PR. (This isn't hypothetical—teams with weekly release cadences are already seeing PRs of this scale.)
Leadership sees velocity. Tests pass. Features ship.
What often goes unnoticed—until it's expensive—is that the system underneath becomes less coherent over time. Transactional and analytical databases that power enterprise decisions can drift silently as dashboards are fed by logic generated without enough context, and as "cleanup" changes remove data that was never truly stale.
The Review Bottleneck No One Can Staff Around
- Human review does not scale linearly with generated SQL volume.
- Conventional test coverage misses many governance and intent-level failures.
- Teams optimize for throughput, which can mask slow correctness and security decay.
Why Passing Tests Is Not Enough
Passing tests prove one thing: the system passed the tests that happened to be written.
They do not guarantee:
- Organizational policy compliance
- Safe data access boundaries
- Correctness under edge-case query behavior
- Performance safety under production-scale workloads
A Deterministic Control Layer for SQL Change
I created Lexega to address this gap.
Lexega is a deterministic policy engine for SQL workflows. That matters: unlike AI-based review tools, Lexega produces the same result every time, which means auditable decisions and no drift in what gets flagged. It allows teams to define what "dangerous" actually means in their environment and block those changes before they reach production.
At a high level, Lexega enables:
- Policy-based CI/CD gates for SQL code changes
- Detection and blocking of forbidden modifications in existing SQL
- Detection and blocking of unsafe patterns in newly generated SQL
- Read-only constraints for agentic workflows in production (for example, forbidding DML writes)
- Enforced security, correctness, and performance boundaries without manual line-by-line review of huge PRs
What This Looks Like in Practice
Lexega separates concerns into three layers:
- Rules define what gets flagged—unbounded deletes, dropped masking policies, encryption changes.
- Policies define what to do about it—block in production, warn in staging, allow in dev.
- Exceptions provide auditable overrides—with expiration dates, ticket references, and approval records.
# .lexega/policy.yml — Define enforcement actions
schema_version: 1
policy_id: acme-prod-policy
policies:
# Block unbounded DELETE/UPDATE in production
- rule_id: DML-WRITE-UNBOUNDED
action: block
envs: ["prod"]
requires_exception: true
# Block dropping masking policies (exposes PII)
- rule_id: MASK-DROP
action: block
requires_exception: true
severity_actions:
- critical: block
high: warn
default_action: allow
# .lexega/exceptions.yml — Auditable overrides
exceptions:
- exception_id: EXC-001
rule_id: DML-WRITE-UNBOUNDED
scope:
scoped:
paths: ["migrations/legacy_cleanup.sql"]
expires_at: "2026-06-01T00:00:00Z"
reason: "Approved legacy cleanup"
approved_by: "security-team"
ticket: "JIRA-1234"
# In CI: fail the build if policy is violated
lexega-sql analyze migrations/*.sql \
--policy .lexega/policy.yml \
--env prod \
--decision-out decisions/$GITHUB_RUN_ID/
Policies are tunable per environment. Exceptions are time-scoped and require justification—no silent bypasses.
What End-to-End Policy Evaluation Looks Like
An LLM-assisted refactor touches 200 models. The PR description says "normalize naming conventions and clean up stale staging tables." Review is realistic: someone scrolls through, looks at the git diff, confirms tests pass, and approves.
Buried on line 4,847—between two perfectly reasonable ALTER TABLE ... RENAME COLUMN statements—is this storage change:
ALTER STAGE raw_events_s3
SET URL = 's3://acme-data-lake/events/v2/'
ENCRYPTION = (TYPE = 'NONE');
This one change happened to be overlooked in a sea of mechanical renames during the fragmented reality of PR review. Tests still pass because most test suites aren’t built to understand governance semantics in SQL.
Lexega catches it:
signals:
[CRITICAL] Encryption disabled on stage. CRITICAL: This exposes data
at rest to potential breaches.
↳ Line 4847 • security:encryption:disabled
Running that exact statement through policy gives this JSON output:
$ cat << 'SQL' | lexega-sql analyze --stdin \
--policy .lexega/policy.yml \
--env prod \
--decision-out lexega-out \
--format json
ALTER STAGE raw_events_s3
SET URL = 's3://acme-data-lake/events/v2/'
ENCRYPTION = (TYPE = 'NONE');
SQL
{
"summary": {
"total_reported_signals": 1,
"critical_count": 1,
"high_count": 0,
"analysis_confidence": "high"
},
"signals": [
{
"risk_level": "Critical",
"matched_rule": "C050",
"message": "Encryption disabled on stage. CRITICAL: This exposes data at rest to potential breaches.",
"evidence": [
{
"signal_value": "security:encryption:disabled:",
"line_number": 1,
"column_number": 1
}
]
}
]
}
# command exit code: 2
And here’s what the decision artifact looks like from that same run:
$ cat lexega-out/decision.json
{
"decision_schema_version": 1,
"decision_id": "2744999ffe0e285e518a03406b009df488f9facb012b991fd6dfa15bcf38c274",
"inputs": {
"policy_id": "baseline",
"env_context": {
"env": "prod",
"path": null
}
},
"analysis": {
"risk_summary": {
"total_reported_signals": 1,
"critical_count": 1
},
"matched_rules": [
{
"rule_id": "_severity_critical",
"action": "block",
"severity": "Critical"
}
]
},
"outcome": {
"allowed": false,
"blocked_reason": "Blocked by severity_actions.critical (signal severity = critical)"
}
}
In CI, this signal is raised deterministically every time. Whether it blocks the merge depends on your policy configuration (for example, critical: block in prod). The reviewer doesn't need to find it—the system does.
Lexega Is Early—And I'm Looking for Design Partners
Lexega is early-stage, and I'm looking for up to 10 design partners for an 8-week paid pilot.
If this resonates, email hello@lexega.com with:
- Your current SQL CI/CD workflow
- Which environments you need to gate (dev/staging/prod)
- The top 2–3 classes of SQL risk you want blocked first
Before/After: The Engineering Manager Workflow
If you're an engineering manager, the value is less about "more process" and more about reducing review debt while preserving delivery speed. In practice, Lexega enforces policy boundaries before dangerous SQL reaches production.
Before (LLM-Accelerated, Human-Gated)
- Large SQL PRs (often model-generated) get merged with mostly visual review.
- Tests pass, but policy and intent violations can still slip through.
- Senior reviewers become a bottleneck for review.
- Risk decisions are implicit and inconsistent across teams.
- Post-incident analysis is expensive because guardrails were informal.
After (LLM-Accelerated, Policy-Gated)
- Changes are evaluated against explicit policy in CI before merge.
- Dangerous classes of changes are blocked automatically and consistently.
- Human review shifts from line-by-line policing to architectural judgment.
- Risk boundaries become auditable and easier to evolve over time.