Quick Start
Go from zero to policy-enforced SQL review in under 5 minutes.
Installation
One-liner (macOS / Linux)
curl -sSL https://lexega.com/install.sh | sh
This auto-detects your platform (Linux/macOS, x64/ARM64), downloads the latest binary, and installs to ~/.local/bin.
Manual Download
Download the latest release for your platform from GitHub Releases:
| Platform | Binary |
|---|---|
| Linux x64 | lexega-sql-linux-x64 |
| Linux ARM64 | lexega-sql-linux-arm64 |
| macOS Intel | lexega-sql-darwin-x64 |
| macOS Apple Silicon | lexega-sql-darwin-arm64 |
| Windows x64 | lexega-sql-windows-x64.exe |
| Windows ARM64 | lexega-sql-windows-arm64.exe |
Then add it to your PATH:
# Linux / macOS
chmod +x lexega-sql-*
sudo mv lexega-sql-* /usr/local/bin/lexega-sql
# Or add to your user bin directory (no sudo required)
mkdir -p ~/.local/bin
mv lexega-sql-* ~/.local/bin/lexega-sql
export PATH="$HOME/.local/bin:$PATH" # Add to ~/.bashrc or ~/.zshrc
# Windows (PowerShell)
mkdir -Force "$env:USERPROFILE\.local\bin"
Move-Item lexega-sql-*.exe "$env:USERPROFILE\.local\bin\lexega-sql.exe"
$env:PATH = "$env:USERPROFILE\.local\bin;$env:PATH"
Verify Installation
lexega-sql --version
License Key
Formatting (fmt) is free — no license required.
Risk analysis (analyze, diff, review) requires a license key. Request a free 30-day trial.
Set your key:
export LEXEGA_LICENSE_KEY="LEXEGA-TRIAL-..."
Or for CI/CD, add it as a secret (see Integration Options).
Initialize Your Project (Recommended)
The fastest way to get started is to run init in your project root:
cd your-dbt-project/ # or any directory with SQL files
lexega-sql init
This automatically:
- Detects your project context (dbt, git, SQL files)
- Runs baseline analysis on all SQL files
- Generates
.lexega/policy.yml— a permissive baseline (warns on critical/high, nothing blocked) - Generates
.lexega/exceptions.yml— scaffold for approved policy overrides - Generates
.lexega/baseline.sarif— evidence snapshot (SARIF format, compatible with GitHub Code Scanning)
What you get:
.lexega/
├── policy.yml # Baseline policy (warns, nothing blocked)
├── exceptions.yml # Empty scaffold for overrides
└── baseline.sarif # SARIF evidence snapshot
Commit .lexega/ to version control. Then tighten the policy over time by changing warn to block for critical signals.
Try It on a Single Query
Before running on your whole project, try a quick sanity check:
# Safe query — no signals
echo "SELECT * FROM users WHERE id = 1;" | lexega-sql analyze --stdin
# Query with high-risk pattern — CRITICAL signal
echo "DELETE FROM users;" | lexega-sql analyze --stdin
You should see:
signals:
[CRITICAL] Unbounded write operation detected - no WHERE clause.
This affects ALL rows in the target table(s).
Note: Signals are informational. Whether this blocks a deploy depends on your policy configuration.
Other Dialects
Lexega defaults to Snowflake dialect. For PostgreSQL, BigQuery, or Databricks, pass --dialect:
# Analyze PostgreSQL
echo "DELETE FROM users;" | lexega-sql analyze --stdin --dialect postgresql
# Analyze BigQuery
echo "EXPORT DATA OPTIONS(uri='gs://bucket/*', format='CSV') AS SELECT * FROM t;" | lexega-sql analyze --stdin --dialect bigquery
# Analyze Databricks
echo "OPTIMIZE my_catalog.my_schema.my_table;" | lexega-sql analyze --stdin --dialect databricks
# Format PostgreSQL
lexega-sql fmt --dialect postgresql query.sql
The --dialect flag is available on all commands (fmt, analyze, diff, review).
Core Commands
| Command | Purpose |
|---|---|
init | Initialize project with baseline policy |
analyze | Static risk analysis on SQL files |
diff | Semantic diff between git commits |
review | Unified PR workflow (diff + analyze) |
dashboard | Local web UI to explore results |
Related docs:
1) Analyze (Static Signals)
Pre-execution risk analysis on SQL files.
# Analyze a file
lexega-sql analyze query.sql
# Analyze a directory (recursive)
lexega-sql analyze models/ -r
# JSON output for tooling
lexega-sql analyze --format json -q query.sql > report.json
# SARIF (for GitHub code scanning, etc.)
lexega-sql analyze --format sarif -q query.sql > results.sarif
--min-severity is a display filter (it does not block by itself):
lexega-sql analyze --min-severity low query.sql
Note: the --min-severity default is high
2) Semantic Diff (Diff Signals)
Use this to detect semantic changes (baseline vs head) across a commit range.
lexega-sql diff main..HEAD models/ -r
# JSON output
lexega-sql diff main..HEAD -o json > diff.json
3) Review (PR Workflow)
review is a single command that runs both:
- Diff: what changed between commits?
- Analyze: what risks exist in new/changed files?
lexega-sql review main..HEAD models/ -r
# Markdown output for PR comments
lexega-sql review main..HEAD -o markdown
# Auto-post as PR comment (GitHub, GitLab, Bitbucket)
lexega-sql review main..HEAD -r --pr-comment
The --pr-comment flag auto-detects your CI platform and posts results directly to the PR. See Integration for full CI examples.
4) CI Gate (Policy Enforcement)
To enforce allow/warn/block in CI, evaluate a policy bundle and write a decision artifact.
LEXEGA_CI=1 lexega-sql analyze \
--policy .lexega/policy.yml \
--env prod \
--decision-out .lexega/decisions/$GITHUB_RUN_ID/ \
models/ -r
Tip: If you write artifacts to a persistent directory or cloud storage, use a unique per-run prefix (like $GITHUB_RUN_ID) to avoid overwriting previous runs.
Schemas (IDE Validation)
These JSON Schemas are the source of truth for authoring and IDE validation:
- Policy: policy.schema.json
- Rules: custom_rules.schema.json
- Exceptions: exceptions.schema.json
- Decision: decision.schema.json
Help Is Authoritative
If you're unsure which flags exist in your installed version, see the built-in help:
lexega-sql analyze -h
lexega-sql diff -h
lexega-sql review -h
lexega-sql init -h
Need Help?
Can't find what you're looking for? Check out our GitHub or reach out to support.