SQL Parser Coverage

Lexega includes dedicated parsers for Snowflake and PostgreSQL SQL dialects with full semantic extraction and governance signal emission.

Snowflake

DML (Data Manipulation)

  • SELECT (including CTEs, window functions, PIVOT/UNPIVOT)
  • INSERT (single/multi-value, subquery)
  • UPDATE (simple, multi-table)
  • DELETE
  • MERGE (with complex MATCHED/NOT MATCHED branches)
  • COPY INTO (stage to table, table to stage)

DDL (Data Definition)

  • CREATE/ALTER/DROP: TABLE, VIEW, STAGE, STREAM, TASK, DATABASE, SCHEMA
  • CREATE/ALTER/DROP: MASKING POLICY, ROW ACCESS POLICY, NETWORK POLICY
  • CREATE/ALTER/DROP: SESSION POLICY, PASSWORD POLICY, AGGREGATION POLICY, PROJECTION POLICY, AUTHENTICATION POLICY
  • CREATE/ALTER/DROP: STORAGE INTEGRATION, API INTEGRATION, EXTERNAL ACCESS INTEGRATION
  • CREATE/DROP: FUNCTION, PROCEDURE, DYNAMIC TABLE
  • ALTER FUNCTION, ALTER PROCEDURE, ALTER DYNAMIC TABLE
  • GRANT/REVOKE (span-preservation mode)
  • TRUNCATE, SHOW, DESCRIBE/DESC, USE
  • UNDROP DATABASE, UNDROP SCHEMA

Not yet supported (structured parsing/analysis): CREATE/ALTER for WAREHOUSE, PIPE, FILE FORMAT. These are preserved as OpaqueContent (verbatim span emission) so formatting proceeds safely; risk analysis marks them as skipped.

Snowflake Scripting

  • DECLARE, SET, LET
  • IF/ELSEIF/ELSE, CASE statement
  • FOR/WHILE/LOOP/REPEAT...UNTIL
  • BREAK/CONTINUE
  • BEGIN/END blocks with exception handling
  • RETURN statements
  • CALL (stored procedure invocation)
  • Cursors (DECLARE CURSOR, OPEN, FETCH, CLOSE)
  • EXECUTE IMMEDIATE (dynamic SQL)
  • RAISE (exception raising)
  • Transaction control (BEGIN TRANSACTION, COMMIT, ROLLBACK)
  • Async job management (AWAIT, CANCEL)

Optional Rendering (CLI): The CLI can render/execute templates (e.g. with --render-jinja or by providing variables via --var/--var-file). Rendering produces pure SQL, so the original Jinja structure is not preserved in the formatted output.

PostgreSQL

Full parsing and governance signal support for PostgreSQL-specific constructs.

DML

  • SELECT, INSERT, UPDATE, DELETE, MERGE (PostgreSQL 15+)
  • Common Table Expressions (WITH / WITH RECURSIVE)
  • UPSERT via INSERT ... ON CONFLICT DO NOTHING / DO UPDATE

DDL

  • CREATE/ALTER/DROP TABLE (including IF EXISTS, IF NOT EXISTS, CASCADE)
  • CREATE/ALTER/DROP INDEX (including CONCURRENTLY, expression indexes)
  • CREATE/ALTER/DROP VIEW (including CREATE OR REPLACE)
  • CREATE/ALTER/DROP SCHEMA
  • CREATE/ALTER/DROP SEQUENCE (including OWNED BY)
  • CREATE/ALTER/DROP TYPE (composite types, enums, ranges, domains)
  • CREATE/ALTER/DROP FUNCTION / PROCEDURE (including LANGUAGE, RETURNS, body)
  • CREATE/ALTER/DROP TRIGGER (row-level, statement-level, BEFORE/AFTER/INSTEAD OF)
  • CREATE/ALTER/DROP EXTENSION (including CASCADE)
  • CREATE/ALTER/DROP TABLESPACE
  • COMMENT ON (tables, columns, functions, schemas, types, indexes, views)

Security & Access Control

  • CREATE/ALTER/DROP ROLE (including LOGIN, SUPERUSER, CREATEDB, CREATEROLE, INHERIT, REPLICATION, BYPASSRLS)
  • GRANT / REVOKE (table, schema, sequence, function privileges)
  • Row Level Security: CREATE POLICY, ALTER POLICY, DROP POLICY
  • ALTER TABLE ... ENABLE/DISABLE ROW LEVEL SECURITY
  • ALTER TABLE ... FORCE/NO FORCE ROW LEVEL SECURITY

Data Management

  • COPY (TO/FROM with format options)
  • TRUNCATE (with CASCADE, RESTART IDENTITY)
  • VACUUM, ANALYZE
  • CLUSTER, REINDEX
  • LISTEN, NOTIFY, UNLISTEN
  • LOCK TABLE (with lock modes)

Transaction & Session Control

  • BEGIN, COMMIT, ROLLBACK, SAVEPOINT, RELEASE SAVEPOINT
  • SET (session parameters)
  • PREPARE, EXECUTE, DEALLOCATE
  • EXPLAIN (with ANALYZE, VERBOSE, FORMAT)
  • DO (anonymous code blocks)

Governance Signal Coverage

PostgreSQL statements emit 75 built-in governance rules (PG-RLS-NEW through PG-TBLSPC-DROP) covering:

CategoryExamples
CriticalSUPERUSER granted, RLS disabled, DROP EXTENSION CASCADE, TRUNCATE CASCADE
HighBYPASSRLS granted, trigger disabled, RLS policy dropped, function security definer
MediumIndex dropped concurrently, schema dropped, role altered, type changed
LowVACUUM FULL, CLUSTER, extension version pinned, tablespace created
Info (positive)RLS enabled, trigger created, policy created, security invoker used

Need Help?

Can't find what you're looking for? Check out our GitHub or reach out to support.

GitHub IssuesEmail Support