migflow 0.2.0

data/app/assets/migflow/index.html

@@ -0,0 +1,14 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <link rel="icon" type="image/svg+xml" href="/vite.svg" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>frontend</title>
+    <script type="module" crossorigin src="/app.js"></script>
+    <link rel="stylesheet" crossorigin href="/app.css">
+  </head>
+  <body>
+    <div id="root"></div>
+  </body>
+</html>

data/app/assets/migflow/vite.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="31.88" height="32" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 257"><defs><linearGradient id="IconifyId1813088fe1fbc01fb466" x1="-.828%" x2="57.636%" y1="7.652%" y2="78.411%"><stop offset="0%" stop-color="#41D1FF"></stop><stop offset="100%" stop-color="#BD34FE"></stop></linearGradient><linearGradient id="IconifyId1813088fe1fbc01fb467" x1="43.376%" x2="50.316%" y1="2.242%" y2="89.03%"><stop offset="0%" stop-color="#FFEA83"></stop><stop offset="8.333%" stop-color="#FFDD35"></stop><stop offset="100%" stop-color="#FFA800"></stop></linearGradient></defs><path fill="url(#IconifyId1813088fe1fbc01fb466)" d="M255.153 37.938L134.897 252.976c-2.483 4.44-8.862 4.466-11.382.048L.875 37.958c-2.746-4.814 1.371-10.646 6.827-9.67l120.385 21.517a6.537 6.537 0 0 0 2.322-.004l117.867-21.483c5.438-.991 9.574 4.796 6.877 9.62Z"></path><path fill="url(#IconifyId1813088fe1fbc01fb467)" d="M185.432.063L96.44 17.501a3.268 3.268 0 0 0-2.634 3.014l-5.474 92.456a3.268 3.268 0 0 0 3.997 3.378l24.777-5.718c2.318-.535 4.413 1.507 3.936 3.838l-7.361 36.047c-.495 2.426 1.782 4.5 4.151 3.78l15.304-4.649c2.372-.72 4.652 1.36 4.15 3.788l-11.698 56.621c-.732 3.542 3.979 5.473 5.943 2.437l1.313-2.028l72.516-144.72c1.215-2.423-.88-5.186-3.54-4.672l-25.505 4.922c-2.396.462-4.435-1.77-3.759-4.114l16.646-57.705c.677-2.35-1.37-4.583-3.769-4.113Z"></path></svg>

data/app/controllers/migflow/api/diff_controller.rb

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+module Migflow
+  module Api
+    class DiffController < ApplicationController
+      def show
+        return render_error("params 'from' and 'to' are required") unless from_version && to_version
+
+        migrations = Parsers::MigrationParser.call(migrations_path: migrations_path)
+        from_data  = find_migration(migrations, from_version)
+        to_data    = find_migration(migrations, to_version)
+
+        return render_error("One or both migrations not found", status: :not_found) unless from_data && to_data
+
+        result = build_diff(migrations, from_data, to_data)
+        render_json(diff: serialize_diff(result))
+      end
+
+      private
+
+      def from_version = params[:from]
+      def to_version   = params[:to]
+
+      def find_migration(migrations, version)
+        migrations.find { |m| m[:version] == version }
+      end
+
+      def build_diff(migrations, from_data, to_data)
+        ordered = migrations.sort_by { |migration| migration[:version] }
+        from_idx = ordered.find_index { |migration| migration[:version] == from_data[:version] }
+        previous_from = from_idx&.positive? ? ordered[from_idx - 1] : nil
+
+        from_tables = if previous_from
+                        previous_result = Services::SnapshotBuilder.call(migrations: migrations,
+                                                                         up_to_version: previous_from[:version])
+                        previous_result[:schema_after][:tables]
+                      else
+                        {}
+                      end
+        to_result   = Services::SnapshotBuilder.call(migrations: migrations, up_to_version: to_data[:version])
+
+        diff = Services::DiffBuilder.call(
+          from_tables: from_tables,
+          to_tables: to_result[:schema_after][:tables],
+          from_version: from_data[:version],
+          to_version: to_data[:version]
+        )
+
+        {
+          diff: diff,
+          from_tables: from_tables,
+          to_tables: to_result[:schema_after][:tables]
+        }
+      end
+
+      def serialize_diff(result)
+        diff = result[:diff]
+        changed_tables = diff.changes.map(&:table).uniq
+
+        {
+          from_version: diff.from_version,
+          to_version: diff.to_version,
+          changes: diff.changes.map { |c| { type: c.type, table: c.table, detail: c.detail } },
+          **serialize_schema_patches(
+            from_tables: result[:from_tables],
+            to_tables: result[:to_tables],
+            changed_tables: changed_tables
+          )
+        }
+      end
+    end
+  end
+end

data/app/controllers/migflow/api/migrations_controller.rb

@@ -0,0 +1,97 @@
+# frozen_string_literal: true
+
+module Migflow
+  module Api
+    class MigrationsController < ApplicationController
+      def index
+        migrations = Parsers::MigrationParser.call(migrations_path: migrations_path)
+        render_json(migrations: migrations.map { |m| serialize_summary(m, migrations) })
+      end
+
+      def show
+        migrations = Parsers::MigrationParser.call(migrations_path: migrations_path)
+        migration  = migrations.find { |m| m[:version] == params[:id] }
+
+        return render_error("Migration not found", status: :not_found) unless migration
+
+        result   = Services::SnapshotBuilder.call(migrations: migrations, up_to_version: params[:id])
+        snapshot = snapshot_model_from(result[:schema_after], migration[:version])
+        warnings = Services::ScopedMigrationWarnings.call(snapshot: snapshot, migration: migration, diff: result[:diff])
+        risk     = Services::RiskScorer.new.call(warnings)
+
+        render_json(migration: serialize_detail(migration, result, warnings, risk))
+      end
+
+      private
+
+      def snapshot_model_from(schema_after, version)
+        Models::MigrationSnapshot.new(
+          version: version,
+          name: "Historical schema",
+          tables: schema_after[:tables],
+          raw_content: ""
+        )
+      end
+
+      def serialize_summary(migration, all_migrations)
+        risk = compute_risk(migration, all_migrations)
+        {
+          version: migration[:version],
+          name: migration[:name],
+          filename: migration[:filename],
+          summary: Services::MigrationSummaryBuilder.call(
+            raw_content: migration[:raw_content],
+            version: migration[:version]
+          ),
+          risk_score: risk[:score],
+          risk_level: risk[:level]
+        }
+      end
+
+      def serialize_detail(migration, snapshot_result, warnings, risk)
+        schema_before_tables = snapshot_result[:schema_before][:tables]
+        schema_after_tables  = snapshot_result[:schema_after][:tables]
+        diff = snapshot_result[:diff]
+        changed_tables = (
+          diff[:added_tables] +
+          diff[:removed_tables] +
+          diff[:modified_tables].keys
+        ).uniq
+
+        {
+          version: migration[:version],
+          name: migration[:name],
+          raw_content: Migflow.configuration.expose_raw_content ? migration[:raw_content] : nil,
+          schema_after: { tables: schema_after_tables },
+          diff: diff,
+          **serialize_schema_patches(
+            from_tables: schema_before_tables,
+            to_tables: schema_after_tables,
+            changed_tables: changed_tables
+          ),
+          warnings: warnings.map { |w| serialize_warning(w) },
+          risk_score: risk[:score],
+          risk_level: risk[:level],
+          risk_factors: risk[:factors]
+        }
+      end
+
+      def serialize_warning(warning)
+        {
+          rule: warning.rule,
+          severity: warning.severity,
+          table: warning.table,
+          column: warning.column,
+          message: warning.message
+        }
+      end
+
+      def compute_risk(migration, all_migrations)
+        result   = Services::SnapshotBuilder.call(migrations: all_migrations, up_to_version: migration[:version])
+        snapshot = snapshot_model_from(result[:schema_after], migration[:version])
+        warnings = Services::ScopedMigrationWarnings.call(snapshot: snapshot, migration: migration, diff: result[:diff])
+        Services::RiskScorer.new.call(warnings)
+      end
+    end
+  end
+end

data/app/controllers/migflow/application_controller.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+module Migflow
+  class ApplicationController < Migflow.configuration.parent_controller.constantize
+    layout false
+    protect_from_forgery with: :null_session
+    before_action :run_user_before_action
+
+    def index
+      render "migflow/application/index"
+    end
+
+    private
+
+    def run_user_before_action
+      hook = Migflow.configuration.authentication_hook
+      instance_exec(&hook) if hook
+    end
+
+    def request_authentication
+      redir = Migflow.configuration.unauthenticated_redirect
+      if redir
+        session[:return_to_after_authenticating] = request.url
+        redirect_to instance_exec(&redir)
+      else
+        super
+      end
+    end
+
+    def migrations_path
+      Migflow.configuration.resolved_migrations_path
+    end
+
+    def schema_path
+      Migflow.configuration.resolved_schema_path
+    end
+
+    def render_json(status: :ok, **data)
+      render json: data, status: status
+    end
+
+    def render_error(message, status: :unprocessable_entity)
+      render json: { error: message }, status: status
+    end
+
+    def serialize_schema_patches(from_tables:, to_tables:, changed_tables: nil)
+      {
+        schema_patch: Services::SchemaPatchBuilder.call(
+          from_tables: from_tables,
+          to_tables: to_tables,
+          changed_tables: changed_tables,
+          include_unchanged: false
+        ),
+        schema_patch_full: Services::SchemaPatchBuilder.call(
+          from_tables: from_tables,
+          to_tables: to_tables,
+          include_unchanged: true
+        )
+      }
+    end
+  end
+end

data/app/views/migflow/application/index.html.erb

@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Migflow</title>
+    <%= stylesheet_link_tag "migflow/app" %>
+  </head>
+  <body>
+    <div
+      id="schema-trail-root"
+      data-api-base="<%= migflow.root_path %>api"
+    ></div>
+    <%= javascript_include_tag "migflow/app", defer: true %>
+  </body>
+</html>

data/config/routes.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+Migflow::Engine.routes.draw do
+  root to: "application#index"
+
+  namespace :api do
+    resources :migrations, only: %i[index show]
+    get "diff", to: "diff#show"
+  end
+end

data/docs/architecture.md

@@ -0,0 +1,130 @@
+# Architecture
+
+Migflow is a mountable Rails engine. The backend parses migration files and `schema.rb` on each request — no database tables, no background jobs. The frontend is a React SPA served as static assets from the engine's asset pipeline.
+
+## High-level structure
+
+```
+Host Rails app
+└── Migflow::Engine (mounted at /migflow)
+    ├── app/controllers/migflow/api/   # JSON REST API
+    ├── app/assets/migflow/            # Compiled frontend (React SPA)
+    └── lib/migflow/
+        ├── parsers/                   # File I/O and extraction
+        ├── models/                    # Immutable value objects (Data.define)
+        ├── services/                  # Business logic
+        ├── analyzers/rules/           # Audit rules
+        └── reporters/                 # CI report output formats
+```
+
+## Data flow
+
+```
+db/migrate/*.rb ──► MigrationParser ──► Array<MigrationSnapshot>
+db/schema.rb    ──► SchemaParser    ──► Hash<table, columns+indexes>
+
+MigrationSnapshot
+  └──► MigrationDslScanner ──► SnapshotBuilder
+                                (replays DSL calls to reconstruct
+                                 schema state at each point in history)
+
+before_snapshot + after_snapshot
+  ├──► DiffBuilder         ──► SchemaDiff      (added/removed tables, columns, indexes)
+  ├──► SchemaPatchBuilder  ──► unified diff hunks (schema.rb format)
+  ├──► AuditAnalyzer       ──► Array<Warning>
+  ├──► RiskScorer          ──► score (0–100) + level
+  └──► MigrationSummaryBuilder ──► human-readable one-liner
+```
+
+## Layers
+
+### Parsers (`lib/migflow/parsers/`)
+
+Read files on disk and return structured data. No business logic.
+
+| Class | Input | Output |
+|---|---|---|
+| `MigrationParser` | `db/migrate/*.rb` | `Array<MigrationSnapshot>` |
+| `SchemaParser` | `db/schema.rb` | `Hash` of tables → columns + indexes |
+
+### Models (`lib/migflow/models/`)
+
+Immutable value objects using `Data.define` (Ruby 3.2+). No methods beyond accessors. Never subclass or add callbacks.
+
+Key types: `MigrationSnapshot`, `SchemaDiff`, `Warning`, `MigrationDetail`.
+
+### Services (`lib/migflow/services/`)
+
+One class, one concern. Each takes plain Ruby values in and returns plain Ruby values out.
+
+| Class | Responsibility |
+|---|---|
+| `SnapshotBuilder` | Replays DSL calls via `MigrationDslScanner` to reconstruct schema at any historical point. The most complex class in the codebase — read it first before touching snapshot or diff logic. |
+| `DiffBuilder` | Compares two schema snapshots and produces a `SchemaDiff` |
+| `SchemaPatchBuilder` | Generates unified diff hunks in `schema.rb` format |
+| `MigrationSummaryBuilder` | Produces a one-line human summary from a `SchemaDiff` |
+| `ReportGenerator` | Orchestrates the full pipeline for CI report output |
+
+### Analyzers (`lib/migflow/analyzers/rules/`)
+
+Six rule classes, each implementing `#check(migration_content, tables:) → Array<Warning>`.
+
+| Rule | What it catches |
+|---|---|
+| `MissingIndexRule` | Foreign-key columns without an index |
+| `MissingForeignKeyRule` | `_id` columns without a DB-level foreign key constraint |
+| `StringWithoutLimitRule` | String columns declared without `:limit` |
+| `MissingTimestampsRule` | Tables missing `created_at` / `updated_at` |
+| `DangerousMigrationRule` | Destructive operations: `remove_column`, `drop_table`, `rename_column` |
+| `NullColumnWithoutDefaultRule` | `null: false` column added without a `:default` |
+
+Adding a new rule: create a class in `lib/migflow/analyzers/rules/`, inherit from `BaseRule`, implement `#check`, and register it in `AuditAnalyzer`.
+
+### Controllers (`app/controllers/migflow/api/`)
+
+Thin. Deserialize params, delegate to services, serialize JSON. No business logic lives here.
+
+| Endpoint | Controller |
+|---|---|
+| `GET /api/migrations` | `MigrationsController#index` |
+| `GET /api/migrations/:version` | `MigrationsController#show` |
+| `GET /api/diff` | `DiffController#show` |
+
+### Reporters (`lib/migflow/reporters/`)
+
+Consumed by the `migflow:report` Rake task. Each reporter receives a `ReportGenerator` result and renders it to a string.
+
+| Class | Format |
+|---|---|
+| `MarkdownReporter` | Human-readable table for terminal / GitHub Step Summary |
+| `JsonReporter` | Machine-readable JSON for downstream tooling |
+
+## Frontend
+
+Built with React + TypeScript, bundled by Vite into `app/assets/migflow/`.
+
+```
+frontend/src/
+├── api/client.ts          # fetch wrappers for the three REST endpoints
+├── store/useSchemaStore.ts # Zustand store — selected version, compare target, view mode
+├── hooks/
+│   └── useSchemaComparisonData.ts  # central data hook — all React Query subscriptions
+├── components/
+│   ├── Timeline.tsx        # left-side migration list
+│   ├── CompareBar.tsx      # base/target selectors and view mode switch
+│   ├── SchemaCanvas.tsx    # ERD canvas (ReactFlow / @xyflow/react)
+│   ├── SchemaDiffView.tsx  # unified diff panel (react-diff-view)
+│   └── DetailPanel.tsx     # right-side code + warnings panel
+└── types/migration.ts      # domain types shared across components
+```
+
+**State management:** Zustand for UI state (selected version, compare target, view mode, collapsed tables). React Query (`@tanstack/react-query`) for server state with a 30-second stale time.
+
+**`useSchemaComparisonData`** is the single hook that all canvas/diff components consume. It derives `comparePairValid`, fetches the three or four queries needed, and returns ready-to-use data plus loading flags. Avoid duplicating query logic in individual components — extend this hook instead.
+
+## Key design decisions
+
+- **No database.** Everything is derived from files on disk. This means zero setup beyond mounting the engine and zero schema migrations to run in the host app.
+- **Immutable models.** `Data.define` value objects keep services easy to test in isolation — pass data in, get data out, no shared mutable state.
+- **`SnapshotBuilder` replays history.** Rather than storing pre-computed snapshots, the engine replays migration DSL calls in order using `MigrationDslScanner`. This trades CPU for simplicity — no persistence layer, no cache invalidation problem.
+- **Asset pipeline over CDN.** The frontend is served as compiled static files by the engine's asset pipeline. No CDN dependency, works in air-gapped environments.

data/lib/migflow/analyzers/audit_analyzer.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+require_relative "rules/base_rule"
+require_relative "rules/missing_index_rule"
+require_relative "rules/missing_foreign_key_rule"
+require_relative "rules/string_without_limit_rule"
+require_relative "rules/missing_timestamps_rule"
+require_relative "rules/dangerous_migration_rule"
+require_relative "rules/null_column_without_default_rule"
+
+module Migflow
+  module Analyzers
+    class AuditAnalyzer
+      RULES = [
+        Rules::MissingIndexRule,
+        Rules::MissingForeignKeyRule,
+        Rules::StringWithoutLimitRule,
+        Rules::MissingTimestampsRule,
+        Rules::DangerousMigrationRule,
+        Rules::NullColumnWithoutDefaultRule
+      ].freeze
+
+      def self.call(snapshot:, raw_migrations: [])
+        new(snapshot: snapshot, raw_migrations: raw_migrations).analyze
+      end
+
+      def initialize(snapshot:, raw_migrations:)
+        @snapshot        = snapshot
+        @raw_migrations  = raw_migrations
+      end
+
+      def analyze
+        schema_warnings + migration_warnings
+      end
+
+      private
+
+      def schema_warnings
+        RULES.flat_map do |rule_class|
+          rule_class.new.call(@snapshot.tables)
+        rescue StandardError => e
+          Rails.logger.error "[Migflow] Rule #{rule_class} failed: #{e.message}"
+          []
+        end
+      end
+
+      def migration_warnings
+        [
+          Rules::DangerousMigrationRule.new.call_with_migrations(@raw_migrations),
+          Rules::NullColumnWithoutDefaultRule.new.call_with_migrations(@raw_migrations)
+        ].flatten
+      rescue StandardError => e
+        Rails.logger.error "[Migflow] Migration analysis failed: #{e.message}"
+        []
+      end
+    end
+  end
+end

data/lib/migflow/analyzers/rules/base_rule.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Migflow
+  module Analyzers
+    module Rules
+      class BaseRule
+        def call(tables)
+          raise NotImplementedError
+        end
+
+        private
+
+        def warning(table:, message:, column: nil, severity: :warning)
+          Models::Warning.new(
+            rule: rule_name,
+            severity: severity,
+            table: table,
+            column: column,
+            message: message
+          )
+        end
+
+        def rule_name
+          short = self.class.name.split("::").last
+          short.gsub(/([A-Z]+)([A-Z][a-z])/, '\1_\2')
+               .gsub(/([a-z])([A-Z])/, '\1_\2')
+               .downcase
+        end
+      end
+    end
+  end
+end

data/lib/migflow/analyzers/rules/dangerous_migration_rule.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module Migflow
+  module Analyzers
+    module Rules
+      class DangerousMigrationRule < BaseRule
+        DANGEROUS_OPERATIONS = {
+          remove_column: "Removes a column — may break running app instances",
+          drop_table: "Drops a table — destructive and irreversible",
+          rename_column: "Renames a column — breaks existing queries and code"
+        }.freeze
+
+        def call(_tables)
+          []
+        end
+
+        def call_with_migrations(raw_migrations)
+          raw_migrations.flat_map do |migration|
+            detect_dangers(migration[:raw_content], migration[:filename])
+          end
+        end
+
+        private
+
+        def detect_dangers(content, filename)
+          DANGEROUS_OPERATIONS.filter_map do |operation, message|
+            next unless content.match?(/\b#{operation}\b/)
+
+            warning(
+              table: extract_table(content, operation),
+              message: "#{filename}: #{message}",
+              severity: :error
+            )
+          end
+        end
+
+        def extract_table(content, operation)
+          match = content.match(/#{operation}\s*[:(]\s*[:"']?(\w+)/)
+          match ? match[1] : "unknown"
+        end
+      end
+    end
+  end
+end

data/lib/migflow/analyzers/rules/missing_foreign_key_rule.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Migflow
+  module Analyzers
+    module Rules
+      class MissingForeignKeyRule < BaseRule
+        FOREIGN_KEY_PATTERN = /foreign_key.*references/
+
+        def call(tables)
+          tables.flat_map do |table_name, table|
+            foreign_key_columns(table).map do |col|
+              warning(
+                table: table_name,
+                column: col[:name],
+                message: "Column '#{col[:name]}' looks like a foreign key but has no foreign key constraint",
+                severity: :info
+              )
+            end
+          end
+        end
+
+        private
+
+        def foreign_key_columns(table)
+          table[:columns].select { |col| col[:name].end_with?("_id") }
+        end
+      end
+    end
+  end
+end

data/lib/migflow/analyzers/rules/missing_index_rule.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Migflow
+  module Analyzers
+    module Rules
+      class MissingIndexRule < BaseRule
+        def call(tables)
+          tables.flat_map do |table_name, table|
+            foreign_key_columns(table).reject { |col| indexed?(col, table) }.map do |col|
+              warning(
+                table: table_name,
+                column: col[:name],
+                message: "Column '#{col[:name]}' looks like a foreign key but has no index",
+                severity: :warning
+              )
+            end
+          end
+        end
+
+        private
+
+        def foreign_key_columns(table)
+          table[:columns].select { |col| col[:name].end_with?("_id") }
+        end
+
+        def indexed?(column, table)
+          table[:indexes].any? { |idx| idx[:columns].include?(column[:name]) }
+        end
+      end
+    end
+  end
+end

data/lib/migflow/analyzers/rules/missing_timestamps_rule.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Migflow
+  module Analyzers
+    module Rules
+      class MissingTimestampsRule < BaseRule
+        TIMESTAMP_COLUMNS = %w[created_at updated_at].freeze
+        MAX_JOIN_TABLE_COLUMNS = 3
+
+        def call(tables)
+          tables.reject { |_, table| join_table?(table) }.filter_map do |table_name, table|
+            next if has_timestamps?(table)
+
+            warning(
+              table: table_name,
+              message: "Table '#{table_name}' is missing created_at and/or updated_at",
+              severity: :warning
+            )
+          end
+        end
+
+        private
+
+        def has_timestamps?(table)
+          column_names = table[:columns].map { |c| c[:name] }
+          TIMESTAMP_COLUMNS.all? { |ts| column_names.include?(ts) }
+        end
+
+        def join_table?(table)
+          columns = table[:columns]
+          return false if columns.size > MAX_JOIN_TABLE_COLUMNS
+
+          columns.all? { |col| col[:name].end_with?("_id") }
+        end
+      end
+    end
+  end
+end