Verbs¶
This page is generated from the PhiSQL spec artifacts for v1.0. Do not edit it by hand; change the artifact and rebuild.
A PhiSQL document is a sequence of statements, each terminated by ;. Each statement begins with a verb. The verbs below are the top-level alternatives of the statement production.
document = { statement , " ;
statement = policy decl
| configure stmt
| redact stmt
| deidentify stmt
| ignore stmt
| define identifier stmt
| define dictionary stmt
| define section stmt
| detect stmt
| discovery stmt ;
POLICY¶
Declares a named policy and, optionally, a human-readable description. The name is optional and, when present, must match the file basename after hyphen/underscore normalization.
Examples: 01-ssn-only, 02-hipaa-safe-harbor, 03-pci-dss-scope-reduction, 04-frbp-9037, 05-support-tickets-with-allowlist, 06-multi-strategy-on-one-entity, 07-format-preserving-encryption, 08-multiple-confidence-thresholds, 09-ignore-pattern-policy-wide, 10-mask-with-format-argument, 11-policy-wide-ignore-terms, 12-date-shift
CONFIGURE¶
Sets document-wide configuration: encryption keys (read from environment variables), and splitting, PDF, post-filter, analysis, and graphical-redaction settings.
configure stmt = "CONFIGURE"
, ( "CRYPTO" , "KEY" , "FROM" , "ENV" , string literal
| "FPE" , "KEY" , "FROM" , "ENV" , string literal
, "TWEAK" , "FROM" , "ENV" , string literal
| ( "SPLITTING" | "PDF" | "POSTFILTERS" | "ANALYSIS" )
, "(" , setting list , ")"
| "GRAPHICAL" , "BOX" , "(" , setting list , ")" ) ;
Examples: 20-crypto-encryption, 24-config-settings, 25-graphical-boundingbox
REDACT¶
Applies a strategy to one or more entity types, optionally gated by a WHERE predicate and tuned with per-filter OPTIONS.
redact stmt = "REDACT" , entity list
, [ "WITH" , strategy expr ]
, [ "WHERE" , predicate ]
, [ options clause ] ;
Examples: 01-ssn-only, 03-pci-dss-scope-reduction, 04-frbp-9037, 05-support-tickets-with-allowlist, 06-multi-strategy-on-one-entity, 07-format-preserving-encryption, 08-multiple-confidence-thresholds, 09-ignore-pattern-policy-wide, 10-mask-with-format-argument, 11-policy-wide-ignore-terms, 12-date-shift, 20-crypto-encryption
DEIDENTIFY¶
Assigns a strategy to each of several entity types in one statement using <entity> AS <strategy> pairs.
deidentify stmt = "DEIDENTIFY" , entity assignment
, { "," , entity assignment } ;
entity assignment = entity type , "AS" , strategy expr , [ options clause ] ;
Examples: 02-hipaa-safe-harbor, 04-frbp-9037, 27-strategy-params
IGNORE¶
Suppresses detections that match a list of terms or a regular expression, either policy-wide or scoped to specific entities.
ignore stmt = "IGNORE"
, ( "TERMS" , string list
| "PATTERN" , string literal )
, [ "FOR" , entity list ]
, [ options clause ] ;
Examples: 05-support-tickets-with-allowlist, 09-ignore-pattern-policy-wide, 11-policy-wide-ignore-terms, 26-filter-options
DEFINE IDENTIFIER¶
Defines a custom identifier from a regular expression and redacts what it matches.
define identifier stmt
= "DEFINE" , "IDENTIFIER" , string literal
, "MATCHING" , string literal
, [ "GROUP" , numeric literal ]
, [ "CASE" , ( "SENSITIVE" | "INSENSITIVE" ) ]
, "WITH" , strategy expr
, [ "WHERE" , predicate ]
, [ options clause ] ;
Examples: 13-custom-identifier
DEFINE DICTIONARY¶
Defines a custom dictionary of terms, optionally fuzzy-matched, and redacts them.
define dictionary stmt
= "DEFINE" , "DICTIONARY" , string literal
, "TERMS" , string list
, [ "FUZZY" , [ "SENSITIVITY" , id ] ]
, [ "CAPITALIZED" ]
, "WITH" , strategy expr
, [ options clause ] ;
Examples: 22-custom-dictionary, 26-filter-options, 28-nested-options
DEFINE SECTION¶
Redacts everything between a start and end regular expression.
define section stmt
= "DEFINE" , "SECTION"
, "START" , string literal
, "END" , string literal
, "WITH" , strategy expr
, [ options clause ] ;
Examples: 23-section-redaction
DETECT PHEYE¶
Runs PhEye (AI/NER) detection -- for example, person-name detection -- with optional labels and a custom endpoint.
detect stmt = "DETECT" , "PHEYE"
, [ "LABELS" , string list ]
, [ "ENDPOINT" , string literal ]
, [ "MODEL" , string literal ]
, "WITH" , strategy expr
, [ "WHERE" , predicate ]
, [ options clause ] ;
Examples: 14-pheye-person-detection, 28-nested-options
FIND PII / DISCOVER ENTITIES / SCAN / SELECT¶
Discovery and query verbs: scan a source for PII (FIND PII, DISCOVER ENTITIES, SCAN) or query the findings store (SELECT ... FROM findings).
discovery stmt = ( "FIND" , "PII" , in clause , [ where discovery ] )
| ( "DISCOVER" , "ENTITIES" , in clause , [ where discovery ] )
| ( "SCAN" , in clause , [ where discovery ] )
| ( "SELECT" , projection list , "FROM" , findings ref
, [ where discovery ]
, [ group by clause ]
, [ limit clause ] ) ;
in clause = "IN" , string literal ;
where discovery = "WHERE" , discovery predicate ;
discovery predicate
= ( column ref , "IN" , string list )
| ( column ref , compare op , ( string literal | numeric literal | boolean literal ) )
| ( "(" , discovery predicate , ")" )
| ( discovery predicate , ( "AND" | "OR" ) , discovery predicate ) ;
projection list = projection , { "," , projection } ;
projection = "*"
| aggregate
| column ref ;
aggregate = ( "COUNT" | "AVG" | "SUM" | "MIN" | "MAX" )
, "(" , ( "*" | column ref ) , ")" ;
Examples: 15-find-pii-s3, 16-discover-entities-gcs, 17-scan-azure-blob, 18-find-pii-local-filesystem, 19-select-findings-groupby