Migration Auditor

Catches dangerous database migrations before they hit production.

Install
cmdop skills install agensi-migration-auditor

Migration Auditor is a skill that analyzes database migration files and produces a structured audit report before those migrations are deployed. Point it at migration files from Rails, Django, Laravel, Prisma, Drizzle, Knex, TypeORM, Sequelize, Flyway, Liquibase, or raw SQL and it checks more than 30 conditions organized around destructive operations, locking hazards, data integrity risks, index issues, migration ordering, environment-specific behavior, and transaction safety.

Checks are engine-specific, which matters because PostgreSQL, MySQL/MariaDB, and SQLite behave differently under DDL. For example, it detects ADD COLUMN NOT NULL DEFAULT on PostgreSQL versions below 11, where the operation is dangerous, versus 11 and above where fast defaults make it safe. It flags CREATE INDEX statements missing CONCURRENTLY, which block writes on large tables, and rewrites them. On MySQL it identifies ALTER TABLE operations that trigger a full table copy and suggests pt-online-schema-change or gh-ost instead. It also validates that rollback methods genuinely reverse their forward migration rather than being empty stubs, and catches foreign key constraints added without NOT VALID on PostgreSQL, which causes a locking full validation scan.

Each identified issue receives a pass, warn, or fail classification along with corrected migration code. When multiple migration files are submitted together, the report includes a recommended deploy order. The skill distinguishes between migrations that are safe on a small development database and those that will lock a large production table for minutes.

Use cases

  • Audit a set of migration files before a production deploy to identify locking hazards
  • Detect empty or incorrect rollback methods on destructive migrations
  • Find CREATE INDEX statements missing CONCURRENTLY on PostgreSQL tables
  • Identify MySQL ALTER TABLE operations that require pt-online-schema-change or gh-ost on large tables
  • Check PostgreSQL version-specific behavior for ADD COLUMN NOT NULL DEFAULT
  • Determine a safe deployment order when running multiple migrations simultaneously

When to use it

  • Running database migrations on PostgreSQL, MySQL/MariaDB, or SQLite and want automated pre-deploy safety checks
  • Using any of the supported ORMs or migration frameworks (Rails, Django, Laravel, Prisma, Drizzle, Knex, TypeORM, Sequelize, Flyway, Liquibase)
  • Reviewing migrations that affect large production tables where locking behavior differs from a small dev database
  • Validating that rollback scripts genuinely reverse their corresponding forward migrations

When not to use it

  • The target database engine is not PostgreSQL, MySQL/MariaDB, or SQLite
  • The migration tooling is outside the supported framework list and produces non-standard migration file formats
  • Looking for a live production monitoring tool rather than a pre-deploy static analysis skill
  • Needing to execute or apply migrations directly — this skill audits files, it does not run them