The query language for PII operations

PhiSQL

Q: What can PhiSQL express today?

Policy authoring end to end: POLICY declarations; REDACT and DEIDENTIFY across entity types and strategies (including date shifting with SHIFT and TRUNCATE_TO_YEAR ); WHERE predicates such as confidence thresholds; IGNORE clauses for allowlisted terms and patterns; custom regex identifiers via DEFINE IDENTIFIER ... MATCHING ; and AI/NER detection (for example, person names) via DETECT PHEYE .

Q: How do I run the compiler?

Clone the repository, then run mvn verify in the reference/ directory, or add ai.philterd:phisql as a Maven dependency. The compiler turns a .phisql file into a Phileas JSON policy.

PhiSQL is a declarative query language for PII privacy operations across the Philterd toolkit. Write a few readable lines instead of hand-editing JSON, and PhiSQL compiles them to the same Phileas policy schema that Philter and Phileas already run. One language for your PII policies, version-controlled and reviewable like any other code. Read the launch announcement for the full story.

Read the specification → View on GitHub

Star 1

Write the rule. PhiSQL compiles it to a Phileas policy.

-- Redact U.S. Social Security Numbers.
POLICY ssn_only;

REDACT SSN WITH MASK;

-- Compiles to a standard Phileas JSON policy.

GitHub → Read the specification →

Why PhiSQL

Readable by humans

REDACT SSN WITH MASK says exactly what it does. Policies become something a compliance reviewer can read in a pull request, not a wall of nested JSON.

One language across the toolkit

The same policy drives detection and redaction in Philter and Phileas. Author once in PhiSQL; run everywhere the JSON policy runs.

Maps to regulations

Express HIPAA Safe Harbor, PCI DSS scope reduction, or court-filing redaction as a short, auditable policy. The shipped examples mirror the rules auditors cite.

Version-controlled and reviewable

.phisql files diff cleanly in Git. Policy changes go through the same review and CI pipeline as the rest of your code.

No new runtime

PhiSQL compiles to the Phileas JSON your stack already executes. Adopt it for authoring without changing anything downstream.

Open and Apache-2.0

The specification, grammar, reference implementation, and examples are all open source under the permissive Apache 2.0 license.

A specification with a reference implementation

PhiSQL is defined as an open specification, with a Java reference implementation that proves it. Both live in one Apache-2.0 repository.

The specification

Versioned under spec/v1.0/: an ANTLR4 grammar and EBNF, a catalog of entity types, strategies, keywords, and predicates, plus worked examples that pair each .phisql file with the JSON it compiles to.

The reference implementation

A Java parser and compiler published to Maven as ai.philterd:phisql. Build it with mvn verify in the reference/ directory, or pull it in as a dependency.

Phileas JSON leads, PhiSQL follows

PhiSQL never adds capabilities the JSON schema does not already have. Anything you express in PhiSQL maps cleanly to a Phileas policy, so there is no lock-in and no second source of truth.

How PhiSQL works

PhiSQL is an authoring layer, not a new runtime. Your .phisql source compiles to a standard Phileas JSON policy, which Philter, Phileas, and the rest of the toolkit already execute. The redaction policy JSON schema stays the source of truth: Phileas JSON leads, PhiSQL follows.

PhiSQL source

a .phisql file

PhiSQL compiler ai.philterd:phisql

Parse ANTLR4 grammar (PhiSQL.g4) · POLICY, REDACT, DEIDENTIFY, IGNORE, DEFINE IDENTIFIER, and DETECT PHEYE statements · comments and named arguments
Validate entity-type catalog · strategy catalog · WHERE predicates such as CONFIDENCE thresholds · IGNORE terms and patterns
Emit canonical Phileas JSON policy · one-to-one with hand-written JSON · no proprietary extensions

Phileas JSON policy

run by Philter, Phileas, and the toolkit

Example queries

PhiSQL covers redaction (REDACT, DEIDENTIFY, IGNORE), custom regex identifiers (DEFINE IDENTIFIER), AI/NER detection (DETECT PHEYE), and date shifting (SHIFT). Each query below is a complete, working policy drawn from the specification's worked examples.

Every example compiles to a standard Phileas JSON policy. The same rules you would otherwise hand-write in JSON, expressed in a few readable lines.

-- Minimal example: redact U.S. Social Security Numbers.
POLICY ssn_only;

REDACT SSN WITH MASK;

-- HIPAA Safe Harbor de-identification (45 CFR 164.514(b)(2)).
POLICY hipaa_safe_harbor
  DESCRIPTION 'HIPAA Safe Harbor de-identification.';

DEIDENTIFY
  PHYSICIAN_NAME  AS RANDOM_REPLACE,
  HOSPITAL        AS RANDOM_REPLACE,
  DATE            AS TRUNCATE,
  AGE             AS REDACT,
  SSN             AS REDACT,
  PHONE_NUMBER    AS REDACT,
  EMAIL_ADDRESS   AS REDACT,
  STREET_ADDRESS  AS REDACT,
  CITY            AS REDACT,
  STATE           AS REDACT,
  ZIP_CODE        AS REDACT;

-- PCI DSS v4.0 Req 3.2-3.4: PAN to last 4 only.
-- A WHERE predicate gates the rule on detection confidence.
POLICY pci_dss_scope_reduction
  DESCRIPTION 'PCI DSS v4.0 scope reduction.';

REDACT CREDIT_CARD WITH LAST_4 WHERE CONFIDENCE > 0.85;

-- Customer support tickets, with an allowlist for company names.
POLICY support_tickets
  DESCRIPTION 'Customer support ticket redaction with allowlist.';

REDACT FIRST_NAME, SURNAME WITH STATIC_REPLACE(value='Customer', scope=document);
REDACT EMAIL_ADDRESS WITH MASK;
REDACT PHONE_NUMBER WITH MASK;

IGNORE TERMS ('Acme', 'AcmeCorp') FOR FIRST_NAME;
IGNORE TERMS ('Corp', 'Support', 'Engineering') FOR SURNAME;

-- Format-preserving encryption keeps the surface format of an
-- identifier while making the value cryptographically opaque.
POLICY fpe_ssn;

REDACT SSN WITH FPE_ENCRYPT;

-- Define a custom regex identifier and redact what it matches,
-- here a medical record number like "MRN: 12345".
POLICY custom_identifier;

DEFINE IDENTIFIER 'MRN' MATCHING '\bMRN[\s:#]*\d{5,}\b' CASE INSENSITIVE
  WITH REDACT(format='{{{REDACTED-MRN}}}');

-- Detect person names with the PhEye AI/NER model and redact them.
-- Add ENDPOINT '<url>' to point at a specific PhEye service.
POLICY person_detection;

DETECT PHEYE LABELS ('PERSON') WITH REDACT;

-- Shift detected dates by a fixed offset (a date-only strategy).
-- Use SHIFT(random=TRUE) for a random offset instead.
POLICY date_shift;

REDACT DATE WITH SHIFT(days=30);

On the roadmap

Today PhiSQL handles policy authoring: redaction, custom identifiers, AI detection, and date shifting. Later versions extend the same language to the rest of the toolkit: discovery, monitoring, and benchmarking. The syntax below illustrates that direction and is not yet implemented.

-- Discovery (planned): inventory where PII lives.
FIND PII IN 's3://patient-records/' WHERE CONFIDENCE > 0.8;

-- Benchmarking (planned): score a policy on precision and recall.
BENCHMARK POLICY hipaa_safe_harbor AGAINST 'gold-standard/';

-- Monitoring (planned): alert on unexpected PII flow.
MONITOR PII ON 'kafka://topic/events' ALERT WHEN VOLUME > 1000;

Grammar and semantics for these statements are still being designed in the open. Follow the repository and its RFCs to weigh in.

Frequently asked questions

If something here isn’t covered, get in touch and we’ll answer.

Is PhiSQL stable?

Yes. PhiSQL v1.0 is stable: the grammar and semantics of the v1.0 surface are frozen, and conforming implementations may claim conformance to v1.0. Later changes follow semantic versioning, so additive features land in a minor version and a breaking change requires a new major version. The authoring statements run today through the Java reference implementation, published as ai.philterd:phisql.

Does PhiSQL replace Phileas JSON policies?

No. PhiSQL is a convenience authoring layer that compiles to the same JSON. The JSON schema remains the canonical execution contract, and you can keep hand-writing JSON wherever you prefer.

What can PhiSQL express today?

Policy authoring end to end: POLICY declarations; REDACT and DEIDENTIFY across entity types and strategies (including date shifting with SHIFT and TRUNCATE_TO_YEAR); WHERE predicates such as confidence thresholds; IGNORE clauses for allowlisted terms and patterns; custom regex identifiers via DEFINE IDENTIFIER ... MATCHING; and AI/NER detection (for example, person names) via DETECT PHEYE.

How do I run the compiler?

Clone the repository, then run mvn verify in the reference/ directory, or add ai.philterd:phisql as a Maven dependency. The compiler turns a .phisql file into a Phileas JSON policy.

How does PhiSQL relate to the Redaction Policy Editor?

They solve the same problem from two directions. The Redaction Policy Editor is a visual, no-code way to build policies; PhiSQL is a text-first, version-controllable way. Both produce standard Phileas JSON.

How is PhiSQL governed, and how do I propose a change?

Philterd, LLC stewards the specification, and changes to the language or the underlying policy schema go through a public RFC process in the repository: open a proposal issue, iterate on a pull request, and the change is accepted by merging the RFC and bumping the spec version. See the governance section below and CONTRIBUTING.md for the full process.

Governance and the RFC process

Stewardship. Philterd, LLC is the steward of the PhiSQL specification and the PhiSQL trademark. The specification, its grammar, and the reference implementation live together in one Apache-2.0 repository, philterd/phisql, and each spec release is tagged there. The redaction policy JSON schema in that repository is the canonical contract, published at www.philterd.ai/schemas/redaction-policy/1.0.0/schema.json; PhiSQL is an authoring layer over it, so the schema leads and PhiSQL follows.

The RFC process. Substantive changes go through a public RFC (Request for Comments) process. Adding a PII entity type, a redaction strategy, a schema field or enum value, or a grammar construct starts as a proposal issue, is reviewed in the open on a pull request, and is accepted by merging the RFC and bumping the spec version. The full process, the review criteria, and the current merge authority are documented in CONTRIBUTING.md. Anyone can open an RFC proposal; accepted, rejected, and withdrawn RFCs are kept as a permanent record under rfcs/.

Versioning. The specification follows semantic versioning. Additive, backward-compatible features land in a minor version; a change that removes or renames a construct, tightens a previously permissive rule, or alters the compiled Phileas JSON for existing input requires a new major version. The redaction policy schema is versioned independently, so policies written against an older schema keep validating.

Conformance. The name PhiSQL is reserved for implementations that pass the conformance test suite, which is being developed in the open at philterd/phisql-conformance. An implementation claims conformance to a specific spec version by passing that version's suite.

Trademark. PhiSQL is a registered trademark of Philterd, LLC. The specification is freely readable and implementable under the Apache 2.0 license, but the PhiSQL name is reserved for conforming implementations.

Ready to use PhiSQL?

Three ways to get going: deploy the open source yourself, spin it up from a cloud marketplace, or work with our team directly. Pick the path that fits.

See your options