CLI Reference

Installation

Binary is distributed as lexega-sql (or lexega-sql.exe on Windows).

Commands

Init (Project Setup)

# Initialize in current directory
lexega-sql init

# Preview without writing files
lexega-sql init --dry-run

# Include CI workflow (GitHub Actions or GitLab CI)
lexega-sql init --with-ci

# Initialize specific directory
lexega-sql init /path/to/project

Creates:

• .lexega/policy.yml — Permissive baseline policy (warns on critical/high, nothing blocked)
• .lexega/exceptions.yml — Scaffold for approved overrides
• .lexega/baseline.sarif — SARIF evidence snapshot

See Policy Reference for details on policy configuration.

Semantic Diff (Primary Command)

# Diff between git refs
lexega-sql diff main..HEAD models/

# Recursive directory scan
lexega-sql diff main..HEAD models/ -r

# Output as JSON for CI
lexega-sql diff main..HEAD models/ --format json

# With policy enforcement
lexega-sql diff main..HEAD models/ --policy policy.yaml

# Compare specific files
lexega-sql diff main..HEAD file1.sql file2.sql

# Markdown output for PR comments
lexega-sql diff main..HEAD models/ --format markdown

Code Review (Git Integration)

# Review recent commits
lexega-sql review HEAD~10..HEAD

# Review with output directory
lexega-sql review HEAD~5..HEAD --report-out /tmp/reports

# Review with minimum severity filter
lexega-sql review HEAD~1..HEAD --min-severity high

# Markdown format for PR automation
lexega-sql review HEAD~1..HEAD --format markdown

# Post review as PR comment (GitHub, GitLab, Bitbucket)
lexega-sql review HEAD~1..HEAD --pr-comment

The --pr-comment flag automatically detects your CI platform and posts the review as a PR/MR comment. Supported platforms:

If run outside CI, falls back to stdout output with a warning.

Risk Analysis

# Analyze single file
lexega-sql analyze file.sql

# Analyze with catalog metadata
lexega-sql analyze --catalog catalog.json file.sql

# Analyze stdin
cat file.sql | lexega-sql analyze --stdin

# Output as JSON
lexega-sql analyze --format json -q file.sql > report.json

# Filter signals by minimum severity
lexega-sql analyze --min-severity critical file.sql

# With custom rules
lexega-sql analyze --custom-rules rules.yaml file.sql

# With policy enforcement (exit code 2 if blocked)
lexega-sql analyze --policy policy.yaml --env prod file.sql

# Disable all built-in rules (custom rules only)
lexega-sql analyze --no-builtin --custom-rules rules.yaml file.sql

Dashboard (Visualization)

# Start dashboard (local directory)
lexega-sql dashboard --data-dir .lexega/

# Read from cloud storage
lexega-sql dashboard --data-dir s3://my-bucket/lexega-data

# Custom port, don't auto-open browser
lexega-sql dashboard --data-dir .lexega/ --port 8080 --no-open

# Custom bind address (e.g. expose on network)
lexega-sql dashboard --data-dir .lexega/ --host 0.0.0.0 --port 3000

The data directory must contain decisions/ and reports/ subdirectories with JSON artifacts. See Integration Options for the expected structure and cloud storage details.

Format

# Format file (implicit format command)
lexega-sql fmt file.sql

# Format in-place
lexega-sql fmt -w file.sql

# Format stdin to stdout
cat file.sql | lexega-sql fmt --stdin

# Format with specific style
lexega-sql fmt --style compact file.sql

# Check mode (exit 0 if no changes needed)
lexega-sql fmt --check file.sql

# Verify safety without writing
lexega-sql fmt --verify-only file.sql

Dialect Selection

Lexega defaults to Snowflake dialect. Use --dialect for PostgreSQL, BigQuery, or Databricks:

# Format PostgreSQL
lexega-sql fmt --dialect postgresql query.sql

# Analyze PostgreSQL
lexega-sql analyze --dialect postgresql query.sql

# Diff PostgreSQL files
lexega-sql diff main..HEAD models/ -r --dialect postgresql

# Review PostgreSQL
lexega-sql review main..HEAD models/ -r --dialect postgresql

# Analyze BigQuery
lexega-sql analyze --dialect bigquery query.sql

# Analyze Databricks
lexega-sql analyze --dialect databricks query.sql

Supported values: snowflake (default), postgresql, bigquery, databricks.

Catalog Management

# Pull catalog from Snowflake (requires sidecar)
lexega-sql catalog pull --out catalog.json

# Inspect catalog file
lexega-sql catalog inspect catalog.json

# Diff two catalogs
lexega-sql catalog diff old.json new.json

Policy Management

# Generate starter policy from a risk report
lexega-sql policy init --from-report report.json

# Specify action (allow/warn/block) and environment
lexega-sql policy init --from-report report.json --action warn --env prod

Policy Lint

# Validate policy file
lexega-sql policy-lint policy.yaml

# Also validate exceptions file
lexega-sql policy-lint policy.yaml --exceptions exceptions.yaml

# Treat warnings as errors (for CI)
lexega-sql policy-lint policy.yaml --strict

License Management

# Check license status
lexega-sql license status

# Activate license
lexega-sql license activate <KEY>

# Remove license
lexega-sql license remove

Environment Variables

Tip: The --dialect flag is available on all commands (fmt, analyze, diff, review). Default is snowflake. Use --dialect postgresql, --dialect bigquery, or --dialect databricks as needed.

CI/CD License Setup:

Store your license key as a secret and pass it via environment variable:

# GitHub Actions
env:
  LEXEGA_LICENSE_KEY: ${{ secrets.LEXEGA_LICENSE_KEY }}

# GitLab CI
variables:
  LEXEGA_LICENSE_KEY: $LEXEGA_LICENSE_KEY

# Azure DevOps
env:
  LEXEGA_LICENSE_KEY: $(LEXEGA_LICENSE_KEY)

Exit Codes

• 0: Success
• 1: Parse error, CLI argument error, file I/O error, or verification failure
• 2: Policy blocked (when using --policy and the policy returns block)

Note: Exit code 2 is for explicit policy blocks. The policy layer is the only way to fail CI — use --policy with a policy bundle. Set LEXEGA_CI=1 to require --policy in CI environments (prevents accidental bypass).