v1.5.0 — 83 rules, PG18-aware, VS Code extension, MCP Registry listed

Know what your migration
will do to production

83 safety rules powered by the real PostgreSQL parser. Lock analysis, risk scoring, auto-fix, and safe alternatives — all without touching your database. Works as a CLI, GitHub Action, and Node.js library.

Get Started FreeView on GitHub
GitHub starsnpm weekly downloads|Open Source (MIT)

Install in 30 seconds

npx migrationpilot analyze migrations/*.sql

83 rules (80 free). Pro adds production context.

migrationpilot analyze 002_alter_users.sql
  MigrationPilot — migrations/002_alter_users.sql

  Risk:  RED  Score: 80/100

  ┌───┬────────────────────────────────────────┬──────────────────┬────────┬───────┐
  │ # │ Statement                              │ Lock Type        │ Risk   │ Long? │
  ├───┼────────────────────────────────────────┼──────────────────┼────────┼───────┤
  │ 1 │ CREATE INDEX idx_users_email ON us...  │ SHARE            │ REDYES   │
  │ 2 │ ALTER TABLE users ADD CONSTRAINT u...  │ ACCESS EXCLUSIVE │ REDYES   │
  └───┴────────────────────────────────────────┴──────────────────┴────────┴───────┘

  Violations:

  ✗ [MP001] CRITICAL
    CREATE INDEX blocks writes on "users". Use CREATE INDEX CONCURRENTLY.
    Why: Blocks all INSERT/UPDATE/DELETE for the entire duration of index creation.
    Safe alternative:
    CREATE INDEX CONCURRENTLY idx_users_email ON users (email);

  ✗ [MP027] CRITICAL
    UNIQUE constraint without USING INDEX scans full table under ACCESS EXCLUSIVE.

  ⚠ [MP004] WARNING
    No SET lock_timeout before DDL on "users".
    Auto-fixable: run with --fix

  83 rules checked in 23ms

Everything you need for safe migrations

Static analysis powered by the real PostgreSQL parser (libpg-query). No regex heuristics. PG-version-aware advice.

🔒

Lock Analysis

Know exactly which PostgreSQL lock each DDL statement acquires — SHARE through ACCESS EXCLUSIVE — and whether it blocks reads, writes, or both.

🛡️

80 Safety Rules

From missing CONCURRENTLY to type narrowing. Catches the patterns that cause production outages. More rules than any competitor.

🔧

Auto-fix

12 rules can be automatically fixed with --fix. Missing CONCURRENTLY, lock_timeout, statement_timeout, NOT VALID, IF NOT EXISTS, VARCHAR→TEXT, TIMESTAMP→TIMESTAMPTZ — applied in-place.

📊

Risk Scoring

RED / YELLOW / GREEN scores (0-100) based on lock severity, table size, and query frequency. Production context powers Pro scoring.

🤖

GitHub Action

Posts safety reports as PR comments. Auto-updates on each push. SARIF output for GitHub Code Scanning integration.

🔍

14 Framework Detection

Auto-detects Prisma, Django, Rails, Flyway, Alembic, Knex, TypeORM, Drizzle, Sequelize, goose, dbmate, Sqitch, Liquibase, Ecto.

👁️

Watch Mode

Watch migration files and re-analyze on change. Plus git pre-commit hook integration for catching issues before they leave your machine.

⚙️

Config + Presets

5 built-in presets (recommended, strict, ci, startup, enterprise). Per-rule severity overrides, custom thresholds, inline disable comments, .migrationpilotrc.yml.

📋

6 Output Formats

Text, JSON (versioned schema), SARIF v2.1.0, Markdown, quiet (gcc-style), verbose. Pipe from stdin, output to any CI system.

Real incidents MigrationPilot prevents

These production outages happened to well-funded engineering teams. Each one would have been caught by a single MigrationPilot rule.

15-second API outage

GoCardless

Foreign key constraint locked both parent and child tables during a migration

MP069warn-fk-lock-both-tables
Service degradation

GitHub

Schema migration acquired ACCESS EXCLUSIVE lock on a hot table

MP004require-lock-timeout
12-hour outage

Resend

Accidental DROP in production migration without safety checks

MP026ban-drop-table

83 rules. Zero false positives.

Built from real production incidents. More free rules than Squawk (31) and Atlas (~15). Every rule catches a specific dangerous pattern.

Lock Safety

MP001CRITICALrequire-concurrent-indexMP002CRITICALrequire-check-not-nullMP003CRITICALvolatile-default-rewriteMP004CRITICALrequire-lock-timeoutMP005CRITICALrequire-not-valid-fkMP006CRITICALno-vacuum-fullMP007CRITICALno-column-type-changeMP008CRITICALno-multi-ddl-transactionMP025CRITICALban-concurrent-in-transactionMP026CRITICALban-drop-tableMP027CRITICALdisallowed-unique-constraintMP030CRITICALrequire-not-valid-checkMP031CRITICALban-exclusion-constraintMP032CRITICALban-clusterMP046CRITICALconcurrent-detach-partitionMP047CRITICALban-set-logged-unloggedMP049CRITICALrequire-partition-key-in-pkMP062CRITICALban-add-generated-storedMP069CRITICALwarn-fk-lock-both-tablesMP071CRITICALban-rename-in-use-columnMP074WARNINGrequire-deferrable-fk

Data Safety

MP034CRITICALban-drop-databaseMP035CRITICALban-drop-schemaMP036CRITICALban-truncate-cascadeMP064CRITICALban-disable-triggerMP065CRITICALban-lock-tableMP073CRITICALban-superuser-roleMP080CRITICALban-data-in-migration

Best Practices

MP009WARNINGrequire-drop-index-concurrentlyMP010WARNINGno-rename-columnMP011WARNINGunbatched-backfillMP012WARNINGno-enum-add-in-transactionMP015WARNINGno-add-column-serialMP016WARNINGrequire-fk-indexMP017WARNINGno-drop-columnMP018WARNINGno-force-set-not-nullMP020WARNINGrequire-statement-timeoutMP021WARNINGrequire-concurrent-reindexMP022WARNINGno-drop-cascadeMP023WARNINGrequire-if-not-existsMP024WARNINGno-enum-value-removalMP028WARNINGno-rename-tableMP029WARNINGban-drop-not-nullMP033WARNINGconcurrent-refresh-matviewMP037WARNINGprefer-text-over-varcharMP038WARNINGprefer-bigint-over-intMP039WARNINGprefer-identity-over-serialMP040WARNINGprefer-timestamptzMP041WARNINGban-char-fieldMP042WARNINGrequire-index-nameMP043WARNINGban-domain-constraintMP044WARNINGno-data-loss-type-narrowingMP045WARNINGrequire-primary-keyMP048WARNINGban-alter-default-volatileMP050WARNINGprefer-hnsw-over-ivfflatMP051WARNINGrequire-spatial-indexMP052WARNINGwarn-dependent-objectsMP053WARNINGban-uncommitted-transactionMP054WARNINGalter-type-add-value-in-txnMP055WARNINGdrop-pk-replica-identityMP056WARNINGgin-index-jsonbMP057WARNINGrls-without-policyMP058WARNINGmulti-alter-tableMP059WARNINGsequence-not-resetMP060WARNINGalter-type-rename-valueMP061WARNINGsuboptimal-column-orderMP063WARNINGwarn-do-block-ddlMP066WARNINGwarn-autovacuum-disabledMP067WARNINGwarn-backfill-no-batchingMP068WARNINGwarn-integer-pk-capacityMP070WARNINGwarn-concurrent-index-invalidMP072WARNINGwarn-partition-default-scanMP075WARNINGwarn-toast-bloat-riskMP076WARNINGwarn-xid-consuming-retryMP077WARNINGprefer-lz4-toast-compressionMP078WARNINGwarn-extension-version-pinMP079WARNINGwarn-rls-policy-completeness

Production Context

MP013PROhigh-traffic-table-ddlMP014PROlarge-table-ddlMP019PROexclusive-lock-connections

Simple, transparent pricing

83 rules (80 free). Pro when you need production context.

MonthlyAnnual

Free

$0forever

Static analysis for every team

  • 77 safety rules
  • CLI + GitHub Action
  • 3 production analyses / month
  • 6 output formats (text, JSON, SARIF, markdown)
  • Auto-fix (12 rules)
  • PR comments
  • Config file + 5 presets
  • Watch mode + pre-commit hooks
  • 14 framework auto-detection
Get Started

Pro

$19/month

Production context for critical apps

  • Everything in Free
  • Unlimited production analyses
  • Production context queries (pg_stat_*, pg_class)
  • Table size + query frequency scoring
  • 3 production rules (MP013, MP014, MP019)
  • Affected queries in PR comments
  • Enhanced risk scoring (0-100)
  • Priority support
Start 14-Day Free Trial

Team

$49/month

For growing teams with shared workflows

  • Everything in Pro
  • Up to 10 seats
  • Team license management
  • Custom rules engine (plugin API)
  • Shareable config presets
  • Audit logging
  • Priority email support
Start Team Trial

Enterprise

Custom

For large teams and compliance

  • Everything in Team
  • Unlimited seats
  • SSO / SAML
  • Air-gapped deployment
  • Dedicated support engineer
  • Custom integrations
  • SLA with guaranteed response times
Contact Sales

Stop shipping dangerous migrations

Add MigrationPilot to your CI in 30 seconds. 83 rules catch lock issues before they reach production.

# .github/workflows/migration-check.yml
- uses: mickelsamuel/migrationpilot@v1
  with:
    migration-path: "migrations/*.sql"
    fail-on: critical