DB-003 recommended general

AI-assisted migration review with human override

Migrations reviewed for risky patterns (DROP, ALTER COLUMN, DELETE, etc.) with automated flagging and required human approval before merge.

Question to ask

"Who caught the last DROP COLUMN before it hit production?"

Verification guide

Severity: Recommended

Check automatically:

  1. Look for migration review automation in CI:

    grep -r "migration\|schema" .github/workflows/ -A 5 | grep -i "review\|danger\|comment"

  2. Check for Danger.js or similar PR automation:

    ls dangerfile.ts dangerfile.js .danger/ 2>/dev/null

  3. Look for documented migration review process:

    grep -ri "migration" README.md CONTRIBUTING.md docs/ 2>/dev/null | grep -i "review\|approve"

Risky patterns to flag:

  • DROP TABLE, DROP COLUMN
  • ALTER COLUMN (type changes)
  • DELETE, TRUNCATE
  • Removing NOT NULL constraints
  • Renaming columns (can break app)

If no automation found, ask user:

  • Is there a documented process for migration review?
  • Who must approve migrations before merge?

Pass criteria:

  • Automated review mechanism exists, OR
  • Documented manual review process with human approval requirement

Fail criteria:

  • No review process for migrations
  • Migrations can be merged without oversight

Evidence to capture:

  • Review mechanism (automated tool or documented process)
  • Approval requirements

Section

05. Database & Connections

Database & Data

← Previous

DB-002

CI verifies migrations on ephemeral test DB

 Next →

DB-004

Database users documented (including read-only user)