Signal Analysis
Signal Analysis runs pre-execution checks on SQL to surface risks and governance issues (without connecting to Snowflake unless you opt into catalog pulling).
What You Get
- A risk report (what was detected) via
lexega-sql analyze. - Optional policy enforcement (allow/warn/block) via
--policy+--env+--decision-out.
Lexega ships with hundreds of built-in rules (the exact set depends on your installed version). Rather than duplicating them here, the recommended workflow is: discover what's available from the CLI so docs never drift. For a browsable list, see Builtin Rule Reference.
Dialect Coverage
| Dialect | Coverage | Signal Categories |
|---|---|---|
| Snowflake | Extensive | Security, governance, performance, correctness, semantics |
| PostgreSQL | Extensive | Security (RLS, roles, privileges), DDL governance, operations |
| BigQuery | Core | Data movement, governance, BQML lifecycle/security, external data paths |
| Databricks | Extensive | Delta operations, Unity Catalog governance, row/column security controls, storage credentials |
All dialects use the same signal architecture and policy engine. Custom rules work across dialects.
Discover Rules and Signals
# List built-in rule IDs available in your version
lexega-sql analyze --list-signals
# Show which signals were extracted per statement
lexega-sql analyze --explain-signals query.sql
# Full detail mode (includes all statements/signals)
lexega-sql analyze --trace --format json query.sql
Diff Signals (Semantic Diff)
In addition to static analysis signals (emitted by lexega-sql analyze), Lexega also emits diff signals when you run Semantic Diff.
- Diff signals describe semantic changes between a baseline and a head version of SQL.
- They are emitted by
lexega-sql diff(and by unified review workflows that include semantic diff). - Custom rules can match diff signals via
diff_triggers(instead ofsignals). The allowed change types are validated bySemanticChangeTypein the Custom Rules schema.
See: Semantic Diff
Signal Categories (for Custom Rules)
Custom rules match structured signals. The category field uses these technical categories:
SECURITY— Authentication, encryption, access controlGOVERNANCE— Policies, tags, compliance metadataDATA_ACCESS— Table/column reads and writesDATA_INTEGRITY— Data correctness/trustworthiness signalsPERFORMANCE— Cost and efficiency signalsOPERATIONS— Reliability/lifecycle/administrative signalsQUERY— Query pattern signalsSEMANTICS— SQL logic hazards (NULL handling, 3-valued logic, etc.)
Need Help?
Can't find what you're looking for? Check out our GitHub or reach out to support.