Researchers introduce PCC-SQL, a system that integrates column-use policies into text-to-SQL generation to ensure deterministic compliance with data access rules. The approach formalizes policies based on semantic use—output, filter condition, and aggregation argument—and aligns them with grammar productions tracked by the decoder.

  • PCC-SQL applies a per-token logits mask to eliminate single-query column-use violations in a single decoding pass.
  • Across three benchmarks and three open-source models, the system achieves 0% Leakage Rate.
  • Coverage reaches up to 88.7% on Spider-CU while staying within +10% tokens of direct prompting.

The method allows text-to-SQL systems to balance policy compliance, answer coverage, and bounded cost across trust boundaries without relying on stochastic refusal mechanisms.