Migration Safety Checker

v1.0.0

Database migration safety reviewer — detect locks, data loss risks, missing rollback plans, and performance issues in SQL and ORM migrations before they hit...

⭐ 0· 16·0 current·0 all-time

by@charlie-morrison

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for charlie-morrison/migration-safety-checker.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Migration Safety Checker" (charlie-morrison/migration-safety-checker) from ClawHub.
Skill page: https://clawhub.ai/charlie-morrison/migration-safety-checker
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install charlie-morrison/migration-safety-checker

ClawHub CLI

Package manager switcher

npx clawhub@latest install migration-safety-checker

Security Scan

Capability signals

Crypto

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description (migration safety review) align with the instructions: the SKILL.md describes how to find migration files, what patterns to look for, ORM-specific checks, and output templates. It does not request unrelated credentials or binaries.

✓

Instruction Scope

Runtime instructions are prose and example shell snippets (find, git diff) intended to run against a repository to locate migration files and review them. The guidance focuses on reading migration and application code and producing a review — no instructions to exfiltrate data or call external services. It does suggest queries like checking row counts but does not include commands that would connect to a production DB or require secrets.

✓

Install Mechanism

Instruction-only skill with no install spec and no code files; nothing is written to disk or downloaded during installation.

✓

Credentials

Requires no environment variables, credentials, or config paths. This is proportional for a static/code-review checklist. If you later provide DB credentials or other secrets to the agent while using the skill, those are external to this skill.

✓

Persistence & Privilege

always:false and no mechanism to persist or modify other skills or agent configuration. The skill does not request elevated or persistent privileges.

Assessment

This is an instruction-only, read-and-check checklist intended to run against your repo files — it does not request credentials or install software. Before enabling: (1) review the SKILL.md so you understand the exact commands it suggests (it will run find/git-like checks against the repository); (2) be careful not to supply production DB credentials to the agent unless you intend it to run live queries—this skill does not require them; (3) if you want to limit risk, keep the skill user-invocable (not always-enabled) and review outputs before acting on suggested schema changes.

Like a lobster shell, security has layers — review code before you run it.

latestvk9787x87weehxd78as98r3f1z985mssf

16downloads

0stars

1versions

Updated 5h ago

v1.0.0

MIT-0

Migration Safety Checker

Review database migrations for safety issues before they run in production. Catches table locks, data loss, missing rollbacks, and performance problems that would otherwise cause outages.

Use when: "review this migration", "is this migration safe", "check before we deploy", or when reviewing a PR that contains migration files.

Step 1 — Find Migrations

# Common migration locations
find . -type f \( \
  -path "*/migrations/*.sql" -o \
  -path "*/migrations/*.py" -o \
  -path "*/migrate/*.sql" -o \
  -path "*/db/migrate/*.rb" -o \
  -path "*/alembic/versions/*.py" -o \
  -path "*/prisma/migrations/*" -o \
  -path "*/drizzle/*.sql" -o \
  -path "*/knex/migrations/*" -o \
  -path "*/flyway/*.sql" -o \
  -path "*/liquibase/*.xml" -o \
  -path "*/sequelize/migrations/*" \
\) -not -path '*/node_modules/*' 2>/dev/null | sort | tail -10

# Latest migration (the one being reviewed)
git diff --name-only HEAD~1 | grep -i migrat

Step 2 — Check for Dangerous Operations

Read the migration file and check for each of these issues:

Locking Risks (HIGH)

Operation	Risk	Fix
`ALTER TABLE ... ADD COLUMN ... NOT NULL`	Full table lock on large tables (PostgreSQL <11, MySQL)	Add column as nullable first, backfill, then add constraint
`ALTER TABLE ... ADD COLUMN ... DEFAULT`	Rewrites entire table (PostgreSQL <11)	Add without default, backfill in batches, then set default
`CREATE INDEX`	Blocks writes for duration of index build	Use `CREATE INDEX CONCURRENTLY` (Postgres) or `ALGORITHM=INPLACE` (MySQL)
`ALTER TABLE ... ALTER COLUMN TYPE`	Full table rewrite + exclusive lock	Create new column, backfill, swap — never alter type on large tables
`ALTER TABLE ... ADD CONSTRAINT`	Validates all rows (lock)	Use `NOT VALID` then `VALIDATE CONSTRAINT` separately (Postgres)
`LOCK TABLE`	Explicit lock — why?	Almost never needed; remove or justify

Data Loss Risks (CRITICAL)

Operation	Risk	Check
`DROP TABLE`	Permanent data deletion	Is there a backup? Is the table truly unused?
`DROP COLUMN`	Column data lost	Is the column read anywhere? Check app code
`TRUNCATE`	All data deleted	Should this be in a migration at all?
`DELETE FROM` without WHERE	Deletes everything	Missing WHERE clause?
`ALTER COLUMN ... TYPE` with cast	Possible data truncation	Do current values fit the new type?
`DROP INDEX`	Query performance regression	Was this index used? Check query plans

Rollback Issues (MEDIUM)

Issue	Check
No down/rollback migration	Every `up` must have a `down`
Irreversible `down`	`DROP TABLE` can't be rolled back with data
Data migration without reverse	If you transformed data, can you reverse it?
Schema + data in one migration	Split them — data migrations should be separately rollbackable

Performance Issues (MEDIUM)

Pattern	Issue	Fix
Backfill in migration	Blocks deployment, holds transaction	Use background jobs for large backfills
No batching	One giant UPDATE/INSERT	Batch in chunks of 1000-5000
Multiple ALTERs on same table	Each one locks separately	Combine into one ALTER when possible
Large DEFAULT values	Rewrites table	Add column, then set default separately

Step 3 — ORM-Specific Checks

Django / Alembic (Python)

# Watch for these in migration files:
# - RunPython without reverse_code → no rollback
# - AddField with default on large table → lock
# - AlterField changing type → rewrite
# - RemoveField → data loss
# - RunSQL without reverse_sql → no rollback

Rails (Ruby)

# Watch for:
# - add_column with null: false without default → fails on existing rows
# - add_index without algorithm: :concurrently → table lock
# - change_column → type change, possible lock
# - remove_column → data loss
# - No reversible block or no down method

Prisma / Drizzle / Knex (Node.js)

# Watch for:
# - Column made required (@required/NOT NULL) without default
# - Type changes on existing columns
# - Dropped columns or tables
# - No migration squashing on 50+ migration files

Step 4 — Production Readiness

Check these before approving:

Migration runs in a transaction (or explicitly opted out with reason)
Estimated row count for affected tables (< 1M rows = usually safe, > 10M = needs careful planning)
Tested on staging with production-size data
Rollback tested (run down migration, verify data intact)
Application code is backward-compatible with both old and new schema
Deploy order: schema first (additive), then code, then cleanup migration

Output Template

# Migration Review: [filename]

## Safety Rating: 🟢 Safe / 🟡 Caution / 🔴 Dangerous

## Operations
| # | Operation | Table | Risk | Issue |
|---|-----------|-------|------|-------|
| 1 | ADD COLUMN | users | 🟡 | NOT NULL without default — will lock on 2M rows |
| 2 | CREATE INDEX | orders | 🔴 | Not CONCURRENTLY — will block writes on 5M rows |

## Recommendations
1. [specific fix for each issue]

## Rollback Plan
- [does a rollback migration exist?]
- [is it tested?]
- [any data loss on rollback?]

## Estimated Impact
- Tables affected: X
- Estimated lock time: ~Xs on [table] ([row count] rows)
- Downtime required: yes/no

Notes

PostgreSQL 11+ handles ADD COLUMN ... DEFAULT without a table rewrite (but NOT NULL still needs NOT VALID trick)
MySQL 8.0+ supports instant ADD COLUMN at the end of the table
Always check the actual row count: SELECT reltuples FROM pg_class WHERE relname = 'table_name'
For zero-downtime deploys, follow the expand/contract pattern: add new → backfill → migrate code → drop old

Comments

Loading comments...