query_guard 0.5.0 → 0.5.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d723cebf19844b600f9e9eac77de7b3f38365528445edad233c64d40ec34c4a9
-  data.tar.gz: 4d0195a46bb85f9761ffd8aed0da8f5a2826356615cea117b47e27095e99f358
+  metadata.gz: e9039102f1515cf998b7912bc94cb82f002f2f94acfc2158e77321f0ffbb9af1
+  data.tar.gz: 7fb92f2bdc470b21c2e31068bcdb6944b19a49073bd07fb76a404c95c0eff452
 SHA512:
-  metadata.gz: 19b5411f363a8fffb31360146221fce7d37014cb6be395e39ca36d14ec8c2bee0247cf357905eeb9e592854201fc414efe9195a314a671674ea2612fb0069d31
-  data.tar.gz: f07a0a99f4bce9428f26927c05b0bf4e82568a7ae554a1fbfa35eda77a45d9ce69842b021833293a77b7885bf93b30d6c13b307a09438bed45320fedea48b4cb
+  metadata.gz: 764cd0bc1304751ab303313cd9bd34f9ef9f675551eb32de9c0b30088a65ffc9f3a5403eb9303ff1e8f51d6834521ca31488716c61c155dcc1708b6e1595eea2
+  data.tar.gz: da30bd2ff0ad091ca5479f8b38d83db8690180a8166a3b9ab3ff363d2de22ade3d9380297c2dbadb21e7333c2ec367f7f6abff5411d5ac51e02a38a2e9ac3544

data/lib/query_guard/cli/command.rb

@@ -32,8 +32,21 @@ module QueryGuard
           begin
             file_findings = analyzer.analyze_migration(file)
             file_findings.each do |finding|
-              finding[:file] = file
-              findings << finding
+              # Normalize Finding objects to Hash for Formatter compatibility
+              if finding.respond_to?(:to_json_h)
+                h = finding.to_json_h
+              elsif finding.respond_to?(:to_h)
+                h = finding.to_h
+              else
+                h = finding
+              end
+
+              # Ensure file path is present on the hash
+              if h.is_a?(Hash)
+                h[:file_path] ||= file
+              end
+
+              findings << h
             end
           rescue => e
             puts "Warning: Failed to analyze #{file}: #{e.message}" if @options[:verbose]

data/lib/query_guard/migrations/migration_risk_detectors.rb

@@ -12,9 +12,11 @@ module QueryGuard
 
         # Run all detectors
         risks.concat(detect_unsafe_index_additions(migration_content, migration_name))
+        risks.concat(detect_concurrent_index_without_disable_ddl(migration_content, migration_name))
         risks.concat(detect_table_locking_operations(migration_content, migration_name))
         risks.concat(detect_non_null_additions(migration_content, migration_name))
         risks.concat(detect_full_table_updates(migration_content, migration_name))
+        risks.concat(detect_data_backfill_in_migration(migration_content, migration_name))
         risks.concat(detect_unsafe_raw_sql(migration_content, migration_name))
 
         risks
@@ -29,6 +31,8 @@ module QueryGuard
         # Find all add_index occurrences
         lines = content.lines
         lines.each_with_index do |line, index|
+          # Skip commented-out lines
+          next if line.strip.start_with?("#")
           next unless line.include?("add_index")
 
           # Check if line includes algorithm: :concurrently
@@ -54,6 +58,105 @@ module QueryGuard
         risks
       end
 
+      # Detect algorithm: :concurrently without disable_ddl_transaction!
+      # This is necessary for PostgreSQL to allow concurrent index creation
+      def self.detect_concurrent_index_without_disable_ddl(content, migration_name)
+        risks = []
+
+        # Check if migration uses algorithm: :concurrently
+        has_concurrent_index = content.include?("algorithm: :concurrently")
+        return [] unless has_concurrent_index
+
+        # Check if disable_ddl_transaction! is present (but not in a comment)
+        lines = content.lines
+        has_disable_ddl = lines.any? do |line|
+          # Remove comment part
+          code_part = line.split('#').first
+          code_part.include?("disable_ddl_transaction!")
+        end
+
+        unless has_disable_ddl
+          lines.each_with_index do |line, index|
+            # Skip if this line is commented out
+            code_part = line.split('#').first
+            next unless code_part.include?("algorithm: :concurrently")
+
+            risks << {
+              type: :concurrent_index_no_disable_ddl,
+              severity: :error,
+              line_number: index + 1,
+              migration_name: migration_name,
+              title: "algorithm: :concurrently Without disable_ddl_transaction!",
+              description: "Using algorithm: :concurrently requires disable_ddl_transaction! in the migration class to avoid transaction errors.",
+              message: "algorithm: :concurrently found but disable_ddl_transaction! not set",
+              recommendation: "Add `disable_ddl_transaction!` to the migration class definition",
+              metadata: {
+                operation: "add_index",
+                risk_level: :high,
+                module: :schema_safety
+              }
+            }
+          end
+        end
+
+        risks
+      end
+
+      # Detect data backfill / app model usage inside migrations
+      # Migrations that use ActiveRecord models are risky because:
+      # - Models can change independently of migrations
+      # - Queries can fail if code changes
+      # - Large updates lock tables
+      def self.detect_data_backfill_in_migration(content, migration_name)
+        risks = []
+        lines = content.lines
+
+        has_model_usage = false
+        model_usage_lines = []
+
+        lines.each_with_index do |line, index|
+          next if line.strip.start_with?("#")
+          next if line.strip.empty?
+
+          # Detect direct model class usage (User.find_each, Comment.update_all, etc.)
+          if line.match?(/\b[A-Z]\w*\.(find|find_each|find_in_batches|all|where|update|create|delete|update_all|delete_all|execute)\b/)
+            # Skip if it's obviously not a model (like Date, Time, etc.)
+            unless line.match?(/\b(Date|Time|DateTime|Hash|Array|String|Integer|Float|Symbol|Regexp)\b/)
+              has_model_usage = true
+              model_usage_lines << { line_num: index + 1, content: line.strip }
+            end
+          end
+
+          # Also detect batched iterations (common pattern in data migrations)
+          if line.include?("find_each") || line.include?("find_in_batches")
+            has_model_usage = true
+            model_usage_lines << { line_num: index + 1, content: line.strip }
+          end
+        end
+
+        if has_model_usage
+          model_usage_lines.each do |item|
+            risks << {
+              type: :data_backfill_in_migration,
+              severity: :error,
+              line_number: item[:line_num],
+              migration_name: migration_name,
+              title: "Data Backfill Using App Models in Migration",
+              description: "Using ActiveRecord models in migrations is risky because models can change independently. Large data operations should use batching and happen separately from schema changes.",
+              message: "ActiveRecord model usage detected (#{item[:content][0..50]}...)",
+              recommendation: "Move data backfill to a separate rake task or post-deploy job. Use raw SQL with batching if migration-embedded, or use a data migration gem.",
+              metadata: {
+                operation: "data_backfill",
+                risk_level: :high,
+                module: :schema_safety
+              }
+            }
+          end
+        end
+
+        risks
+      end
+
       # Detect operations that lock the table: remove_column, change_column, rename_column
       def self.detect_table_locking_operations(content, migration_name)
         risks = []

data/lib/query_guard/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module QueryGuard
-  VERSION = "0.5.0"
+  VERSION = "0.5.2"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: query_guard
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.5.2
 platform: ruby
 authors:
 - Chitradevi36
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2026-03-16 00:00:00.000000000 Z
+date: 2026-03-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake