v1.1.0 — 48 rules, auto-fix, risk scoring

Know what your migration
will do to production

48 safety rules powered by the real PostgreSQL parser. Lock analysis, risk scoring, auto-fix, and safe alternatives — all without touching your database. Works as a CLI, GitHub Action, and Node.js library.

Get Started Free View on GitHub

45 rules free forever. Pro adds production context.

migrationpilot analyze 002_alter_users.sql

  MigrationPilot — migrations/002_alter_users.sql

  Risk:  RED  Score: 80/100

  ┌───┬───────────────────────────────────────┬──────────────────┬────────┬───────┐
  │ # │ Statement                             │ Lock Type        │ Risk   │ Long? │
  ├───┼───────────────────────────────────────┼──────────────────┼────────┼───────┤
  │ 1 │ CREATE INDEX idx_users_email ON us... │ SHARE            │ RED    │ YES   │
  │ 2 │ ALTER TABLE users ADD CONSTRAINT... │ ACCESS EXCLUSIVE │ RED    │ YES   │
  └───┴───────────────────────────────────────┴──────────────────┴────────┴───────┘

  Violations:

  ✗ [MP001] CRITICAL
    CREATE INDEX blocks writes on "users". Use CREATE INDEX CONCURRENTLY.
    Why: Blocks all INSERT/UPDATE/DELETE for the entire duration of index creation.
    Safe alternative:
    CREATE INDEX CONCURRENTLY idx_users_email ON users (email);

  ✗ [MP005] CRITICAL
    ADD CONSTRAINT without NOT VALID scans entire table under ACCESS EXCLUSIVE.

  ⚠ [MP004] WARNING
    No SET lock_timeout before DDL on "users".
    Auto-fixable: run with --fix

  48 rules checked in 23ms

Everything you need for safe migrations

Static analysis powered by the real PostgreSQL parser (libpg-query). No regex heuristics. PG-version-aware advice (9-20).

🔒

Lock Analysis

Know exactly which PostgreSQL lock each DDL statement acquires — SHARE through ACCESS EXCLUSIVE — and whether it blocks reads, writes, or both.

🛡️

48 Safety Rules

From missing CONCURRENTLY to type narrowing. Catches the patterns that cause production outages. More rules than any competitor.

🔧

Auto-fix

6 rules can be automatically fixed with --fix. Missing CONCURRENTLY, lock_timeout, statement_timeout, NOT VALID — applied in-place.

📊

Risk Scoring

RED / YELLOW / GREEN scores (0-100) based on lock severity, table size, and query frequency. Production context powers Pro scoring.

🤖

GitHub Action

Posts safety reports as PR comments. Auto-updates on each push. SARIF output for GitHub Code Scanning integration.

🔍

14 Framework Detection

Auto-detects Prisma, Django, Rails, Flyway, Alembic, Knex, TypeORM, Drizzle, Sequelize, goose, dbmate, Sqitch, Liquibase, Ecto.

👁️

Watch Mode

Watch migration files and re-analyze on change. Plus git pre-commit hook integration for catching issues before they leave your machine.

⚙️

Config + Presets

3 built-in presets (recommended, strict, ci). Per-rule severity overrides, custom thresholds, inline disable comments, .migrationpilotrc.yml.

📋

6 Output Formats

Text, JSON (versioned schema), SARIF v2.1.0, Markdown, quiet (gcc-style), verbose. Pipe from stdin, output to any CI system.

48 rules. Zero false positives.

Built from real production incidents. More free rules than Squawk (31) and Atlas (~15). Every rule catches a specific dangerous pattern.

Lock Safety

MP001CRITICALrequire-concurrent-indexCREATE INDEX without CONCURRENTLY

MP002CRITICALrequire-check-not-nullSET NOT NULL without CHECK pattern

MP003CRITICALvolatile-default-rewriteADD COLUMN with volatile DEFAULT

MP004CRITICALrequire-lock-timeoutDDL without SET lock_timeout

MP005CRITICALrequire-not-valid-fkFK without NOT VALID

MP006CRITICALno-vacuum-fullVACUUM FULL blocks everything

MP007CRITICALno-column-type-changeALTER COLUMN TYPE rewrites table

MP008CRITICALno-multi-ddl-transactionMultiple DDL in one transaction

MP025CRITICALban-concurrent-in-transactionCONCURRENTLY inside transaction

MP026CRITICALban-drop-tableDROP TABLE permanently

MP027CRITICALdisallowed-unique-constraintUNIQUE without USING INDEX

MP030CRITICALrequire-not-valid-checkCHECK without NOT VALID

MP031CRITICALban-exclusion-constraintEXCLUSION constraint

MP032CRITICALban-clusterCLUSTER rewrites table

MP046CRITICALconcurrent-detach-partitionDETACH PARTITION without CONCURRENTLY

MP047CRITICALban-set-logged-unloggedSET LOGGED/UNLOGGED rewrites table

Data Safety

MP034CRITICALban-drop-databaseDROP DATABASE in migration

MP035CRITICALban-drop-schemaDROP SCHEMA permanently

MP036CRITICALban-truncate-cascadeTRUNCATE CASCADE across tables

Best Practices

MP009WARNINGrequire-drop-index-concurrentlyDROP INDEX without CONCURRENTLY

MP010WARNINGno-rename-columnRENAME COLUMN breaks queries

MP011WARNINGunbatched-backfillUPDATE without WHERE

MP012WARNINGno-enum-add-in-transactionADD VALUE inside transaction

MP015WARNINGno-add-column-serialSERIAL → use IDENTITY

MP016WARNINGrequire-fk-indexFK without index

MP017WARNINGno-drop-columnDROP COLUMN risks

MP018WARNINGno-force-set-not-nullSET NOT NULL scan

MP020WARNINGrequire-statement-timeoutDDL without timeout

MP021WARNINGrequire-concurrent-reindexREINDEX without CONCURRENTLY

MP022WARNINGno-drop-cascadeCASCADE drops dependents

MP023WARNINGrequire-if-not-existsNon-idempotent CREATE

MP024WARNINGno-enum-value-removalDROP TYPE destroys enum

MP028WARNINGno-rename-tableRENAME TABLE breaks refs

MP029WARNINGban-drop-not-nullDROP NOT NULL risks

MP033WARNINGconcurrent-refresh-matviewREFRESH without CONCURRENTLY

MP037WARNINGprefer-text-over-varcharVARCHAR → use TEXT

MP038WARNINGprefer-bigint-over-intINT PK → use BIGINT

MP039WARNINGprefer-identity-over-serialSERIAL → use IDENTITY

MP040WARNINGprefer-timestamptzTIMESTAMP → use TIMESTAMPTZ

MP041WARNINGban-char-fieldCHAR(n) wastes space

MP042WARNINGrequire-index-nameUnnamed index

MP043WARNINGban-domain-constraintDomain constraint risk

MP044WARNINGno-data-loss-type-narrowingNarrowing column type

MP045WARNINGrequire-primary-keyTable without PK

MP048WARNINGban-alter-default-volatileVolatile SET DEFAULT

Production Context

MP013PROhigh-traffic-table-ddlDDL on high-traffic table

MP014PROlarge-table-ddlLock on 1M+ row table

MP019PROexclusive-lock-connectionsACCESS EXCLUSIVE + many connections

Simple, transparent pricing

45 rules free forever. Pro when you need production context.

Free

$0forever

Static analysis for every team

45 safety rules (MP001-MP048)
CLI + GitHub Action
6 output formats (text, JSON, SARIF, markdown)
Auto-fix (6 rules)
PR comments
Config file + 3 presets
Watch mode + pre-commit hooks
14 framework auto-detection

Get Started

Pro

$29/month

Production context for critical apps

Everything in Free
Production context queries (pg_stat_*, pg_class)
Table size + query frequency scoring
3 production rules (MP013, MP014, MP019)
Affected queries in PR comments
Enhanced risk scoring (0-100)
Priority support

Get Pro

Enterprise

Custom

For large teams and compliance

Everything in Pro
Team license management
SSO / SAML
Audit logs
Dedicated support
Custom rules

Stop shipping dangerous migrations

Add MigrationPilot to your CI in 30 seconds. 48 rules catch lock issues before they reach production.

# .github/workflows/migration-check.yml
- uses: mickelsamuel/migrationpilot@v1
  with:
    migration-path: "migrations/*.sql"
    fail-on: critical

Know what your migrationwill do to production