locksmith-mcp 0.1.0

package/dist/analyzer/rules/addColumnVolatileDefault.js

@@ -0,0 +1,36 @@
+import { alterChanges, tableName, nameOf, isConstantDefault } from "../astUtils.js";
+export const addColumnVolatileDefault = {
+    id: "add-column-volatile-default",
+    title: "ADD COLUMN with a non-constant default",
+    severity: "warning",
+    rationale: "Since PG11 a constant default is free (metadata only), but a volatile/non-constant default (e.g. now(), a function call, a sequence) still forces a full table rewrite under ACCESS EXCLUSIVE.",
+    remediation: "Add the column with no default, backfill the computed value in batches, then set the default for future rows.",
+    docsUrl: "https://www.postgresql.org/docs/current/sql-altertable.html",
+    check(stmt) {
+        for (const change of alterChanges(stmt.ast)) {
+            if (change?.type !== "add column")
+                continue;
+            const cons = change?.column?.constraints;
+            if (!Array.isArray(cons))
+                continue;
+            const def = cons.find((c) => c?.type === "default");
+            if (!def)
+                continue;
+            if (isConstantDefault(def.default))
+                continue;
+            const table = tableName(stmt.ast) ?? "your_table";
+            const col = nameOf(change.column) ?? nameOf(change.column?.name) ?? "new_col";
+            return {
+                message: `Column "${col}" uses a non-constant default; this rewrites the whole table.`,
+                lockTaken: "ACCESS EXCLUSIVE",
+                suggestedRewrite: [
+                    `ALTER TABLE ${table} ADD COLUMN ${col} <type>;`,
+                    `UPDATE ${table} SET ${col} = <expr> WHERE ${col} IS NULL; -- batch this`,
+                    `ALTER TABLE ${table} ALTER COLUMN ${col} SET DEFAULT <expr>; -- future rows`,
+                ].join("\n"),
+            };
+        }
+        return null;
+    },
+};
+//# sourceMappingURL=addColumnVolatileDefault.js.map

package/dist/analyzer/rules/addColumnVolatileDefault.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"addColumnVolatileDefault.js","sourceRoot":"","sources":["../../../src/analyzer/rules/addColumnVolatileDefault.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,EAAE,iBAAiB,EAAU,MAAM,gBAAgB,CAAC;AAE5F,MAAM,CAAC,MAAM,wBAAwB,GAAS;IAC5C,EAAE,EAAE,6BAA6B;IACjC,KAAK,EAAE,wCAAwC;IAC/C,QAAQ,EAAE,SAAS;IACnB,SAAS,EACP,gMAAgM;IAClM,WAAW,EACT,+GAA+G;IACjH,OAAO,EAAE,6DAA6D;IACtE,KAAK,CAAC,IAAI;QACR,KAAK,MAAM,MAAM,IAAI,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5C,IAAI,MAAM,EAAE,IAAI,KAAK,YAAY;gBAAE,SAAS;YAC5C,MAAM,IAAI,GAAG,MAAM,EAAE,MAAM,EAAE,WAAW,CAAC;YACzC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;gBAAE,SAAS;YACnC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,KAAK,SAAS,CAAC,CAAC;YAC5D,IAAI,CAAC,GAAG;gBAAE,SAAS;YACnB,IAAI,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC;gBAAE,SAAS;YAE7C,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC;YAClD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,SAAS,CAAC;YAC9E,OAAO;gBACL,OAAO,EAAE,WAAW,GAAG,+DAA+D;gBACtF,SAAS,EAAE,kBAAkB;gBAC7B,gBAAgB,EAAE;oBAChB,eAAe,KAAK,eAAe,GAAG,UAAU;oBAChD,UAAU,KAAK,QAAQ,GAAG,mBAAmB,GAAG,yBAAyB;oBACzE,eAAe,KAAK,iBAAiB,GAAG,qCAAqC;iBAC9E,CAAC,IAAI,CAAC,IAAI,CAAC;aACb,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAC"}

package/dist/analyzer/rules/addForeignKeyValidating.d.ts

@@ -0,0 +1,2 @@
+import type { Rule } from "../types.js";
+export declare const addForeignKeyValidating: Rule;

package/dist/analyzer/rules/addForeignKeyValidating.js

@@ -0,0 +1,26 @@
+const FK_RE = /\badd\s+(?:constraint\s+\S+\s+)?foreign\s+key\b/i;
+export const addForeignKeyValidating = {
+    id: "add-foreign-key-validating",
+    title: "ADD FOREIGN KEY validates immediately",
+    severity: "warning",
+    rationale: "Adding a foreign key validates every existing row against the referenced table while holding a SHARE ROW EXCLUSIVE lock on BOTH tables, blocking writes during the scan.",
+    remediation: "Add the constraint NOT VALID (instant), then VALIDATE CONSTRAINT in a second statement — validation takes only a weak lock and does not block writes.",
+    docsUrl: "https://www.postgresql.org/docs/current/sql-altertable.html#SQL-ALTERTABLE-DESC-ADD-TABLE-CONSTRAINT",
+    check(stmt) {
+        // NOT VALID is the safe form — and the parser rejects it, so this rule is
+        // deliberately text-based and only fires on the validating (unsafe) form.
+        if (!stmt.lower.startsWith("alter table"))
+            return null;
+        if (!FK_RE.test(stmt.lower))
+            return null;
+        if (/\bnot\s+valid\b/i.test(stmt.lower))
+            return null;
+        const withNotValid = stmt.normalized.replace(/;?\s*$/, " NOT VALID;");
+        return {
+            message: "This foreign key is validated immediately, scanning the table under a lock.",
+            lockTaken: "SHARE ROW EXCLUSIVE (both tables)",
+            suggestedRewrite: `${withNotValid}\n-- then, separately:\n-- ALTER TABLE <table> VALIDATE CONSTRAINT <name>;`,
+        };
+    },
+};
+//# sourceMappingURL=addForeignKeyValidating.js.map

package/dist/analyzer/rules/addForeignKeyValidating.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"addForeignKeyValidating.js","sourceRoot":"","sources":["../../../src/analyzer/rules/addForeignKeyValidating.ts"],"names":[],"mappings":"AAEA,MAAM,KAAK,GAAG,kDAAkD,CAAC;AAEjE,MAAM,CAAC,MAAM,uBAAuB,GAAS;IAC3C,EAAE,EAAE,4BAA4B;IAChC,KAAK,EAAE,uCAAuC;IAC9C,QAAQ,EAAE,SAAS;IACnB,SAAS,EACP,0KAA0K;IAC5K,WAAW,EACT,uJAAuJ;IACzJ,OAAO,EAAE,sGAAsG;IAC/G,KAAK,CAAC,IAAI;QACR,0EAA0E;QAC1E,0EAA0E;QAC1E,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,aAAa,CAAC;YAAE,OAAO,IAAI,CAAC;QACvD,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACzC,IAAI,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAErD,MAAM,YAAY,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;QACtE,OAAO;YACL,OAAO,EAAE,6EAA6E;YACtF,SAAS,EAAE,mCAAmC;YAC9C,gBAAgB,EAAE,GAAG,YAAY,4EAA4E;SAC9G,CAAC;IACJ,CAAC;CACF,CAAC"}

package/dist/analyzer/rules/alterColumnType.d.ts

@@ -0,0 +1,2 @@
+import type { Rule } from "../types.js";
+export declare const alterColumnType: Rule;

package/dist/analyzer/rules/alterColumnType.js

@@ -0,0 +1,31 @@
+import { alterChanges, tableName, nameOf } from "../astUtils.js";
+export const alterColumnType = {
+    id: "alter-column-type",
+    title: "ALTER COLUMN ... TYPE rewrites the table",
+    severity: "critical",
+    rationale: "Changing a column's type generally rewrites every row and holds ACCESS EXCLUSIVE for the whole operation, blocking reads and writes. (A few binary-compatible changes are exceptions, but assume a rewrite.)",
+    remediation: "Add a new column of the target type, backfill it in batches, swap reads/writes over, then drop the old column — the expand/contract pattern.",
+    docsUrl: "https://www.postgresql.org/docs/current/sql-altertable.html#SQL-ALTERTABLE-NOTES",
+    check(stmt) {
+        for (const change of alterChanges(stmt.ast)) {
+            if (change?.type !== "alter column")
+                continue;
+            if (change?.alter?.type !== "set type")
+                continue;
+            const table = tableName(stmt.ast) ?? "your_table";
+            const col = nameOf(change.column) ?? "col";
+            const newType = nameOf(change.alter?.dataType) ?? "<new_type>";
+            return {
+                message: `Changing the type of "${col}" rewrites the entire table and blocks reads and writes.`,
+                lockTaken: "ACCESS EXCLUSIVE",
+                suggestedRewrite: [
+                    `ALTER TABLE ${table} ADD COLUMN ${col}_new ${newType};`,
+                    `UPDATE ${table} SET ${col}_new = ${col}::${newType}; -- batch this`,
+                    `-- then swap in application + rename in a later migration; drop the old column last`,
+                ].join("\n"),
+            };
+        }
+        return null;
+    },
+};
+//# sourceMappingURL=alterColumnType.js.map

package/dist/analyzer/rules/alterColumnType.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"alterColumnType.js","sourceRoot":"","sources":["../../../src/analyzer/rules/alterColumnType.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAEjE,MAAM,CAAC,MAAM,eAAe,GAAS;IACnC,EAAE,EAAE,mBAAmB;IACvB,KAAK,EAAE,0CAA0C;IACjD,QAAQ,EAAE,UAAU;IACpB,SAAS,EACP,8MAA8M;IAChN,WAAW,EACT,8IAA8I;IAChJ,OAAO,EAAE,kFAAkF;IAC3F,KAAK,CAAC,IAAI;QACR,KAAK,MAAM,MAAM,IAAI,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5C,IAAI,MAAM,EAAE,IAAI,KAAK,cAAc;gBAAE,SAAS;YAC9C,IAAI,MAAM,EAAE,KAAK,EAAE,IAAI,KAAK,UAAU;gBAAE,SAAS;YACjD,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC;YAClD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC;YAC3C,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,IAAI,YAAY,CAAC;YAC/D,OAAO;gBACL,OAAO,EAAE,yBAAyB,GAAG,0DAA0D;gBAC/F,SAAS,EAAE,kBAAkB;gBAC7B,gBAAgB,EAAE;oBAChB,eAAe,KAAK,eAAe,GAAG,QAAQ,OAAO,GAAG;oBACxD,UAAU,KAAK,QAAQ,GAAG,UAAU,GAAG,KAAK,OAAO,iBAAiB;oBACpE,qFAAqF;iBACtF,CAAC,IAAI,CAAC,IAAI,CAAC;aACb,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAC"}

package/dist/analyzer/rules/createIndexNonConcurrent.d.ts

@@ -0,0 +1,2 @@
+import type { Rule } from "../types.js";
+export declare const createIndexNonConcurrent: Rule;

package/dist/analyzer/rules/createIndexNonConcurrent.js

@@ -0,0 +1,24 @@
+import { astType } from "../astUtils.js";
+export const createIndexNonConcurrent = {
+    id: "create-index-non-concurrent",
+    title: "CREATE INDEX without CONCURRENTLY",
+    severity: "critical",
+    rationale: "A plain CREATE INDEX takes a SHARE lock on the table, blocking ALL writes (INSERT/UPDATE/DELETE) for the entire duration of the build. On a large table that can be minutes of downtime.",
+    remediation: "Build the index with CREATE INDEX CONCURRENTLY, which does not block writes.",
+    docsUrl: "https://www.postgresql.org/docs/current/sql-createindex.html#SQL-CREATEINDEX-CONCURRENTLY",
+    check(stmt) {
+        const isCreateIndex = astType(stmt) === "create index" || /^create\s+(unique\s+)?index\b/i.test(stmt.lower);
+        if (!isCreateIndex)
+            return null;
+        const concurrently = stmt.ast?.concurrently === true || /\bconcurrently\b/i.test(stmt.lower);
+        if (concurrently)
+            return null;
+        const rewrite = stmt.normalized.replace(/^create\s+(unique\s+)?index\b/i, (_m, unique) => `CREATE ${unique ? "UNIQUE " : ""}INDEX CONCURRENTLY`);
+        return {
+            message: "This index build will block all writes to the table until it completes.",
+            lockTaken: "SHARE (blocks writes)",
+            suggestedRewrite: rewrite,
+        };
+    },
+};
+//# sourceMappingURL=createIndexNonConcurrent.js.map

package/dist/analyzer/rules/createIndexNonConcurrent.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"createIndexNonConcurrent.js","sourceRoot":"","sources":["../../../src/analyzer/rules/createIndexNonConcurrent.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAU,MAAM,gBAAgB,CAAC;AAEjD,MAAM,CAAC,MAAM,wBAAwB,GAAS;IAC5C,EAAE,EAAE,6BAA6B;IACjC,KAAK,EAAE,mCAAmC;IAC1C,QAAQ,EAAE,UAAU;IACpB,SAAS,EACP,0LAA0L;IAC5L,WAAW,EAAE,8EAA8E;IAC3F,OAAO,EAAE,2FAA2F;IACpG,KAAK,CAAC,IAAI;QACR,MAAM,aAAa,GACjB,OAAO,CAAC,IAAI,CAAC,KAAK,cAAc,IAAI,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxF,IAAI,CAAC,aAAa;YAAE,OAAO,IAAI,CAAC;QAEhC,MAAM,YAAY,GACf,IAAI,CAAC,GAAc,EAAE,YAAY,KAAK,IAAI,IAAI,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACtF,IAAI,YAAY;YAAE,OAAO,IAAI,CAAC;QAE9B,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CACrC,gCAAgC,EAChC,CAAC,EAAE,EAAE,MAAM,EAAE,EAAE,CAAC,UAAU,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,oBAAoB,CACtE,CAAC;QAEF,OAAO;YACL,OAAO,EAAE,yEAAyE;YAClF,SAAS,EAAE,uBAAuB;YAClC,gBAAgB,EAAE,OAAO;SAC1B,CAAC;IACJ,CAAC;CACF,CAAC"}

package/dist/analyzer/rules/dropColumnOrTable.d.ts

@@ -0,0 +1,2 @@
+import type { Rule } from "../types.js";
+export declare const dropColumnOrTable: Rule;

package/dist/analyzer/rules/dropColumnOrTable.js

@@ -0,0 +1,31 @@
+import { astType, alterChanges, tableName, nameOf } from "../astUtils.js";
+export const dropColumnOrTable = {
+    id: "drop-column-or-table",
+    title: "Destructive DROP (column or table)",
+    severity: "warning",
+    rationale: "Dropping a column or table is irreversible data loss and instantly breaks any deployed application code that still references it. The lock is brief, but a still-running old release will start erroring the moment it lands.",
+    remediation: "Use expand/contract: first ship a release that no longer reads the column/table, confirm nothing references it, then drop it in a later migration.",
+    docsUrl: "https://www.postgresql.org/docs/current/sql-altertable.html",
+    check(stmt) {
+        // DROP TABLE
+        if (astType(stmt) === "drop table" || /^drop\s+table\b/i.test(stmt.lower)) {
+            return {
+                message: "Dropping a table destroys its data and breaks any code still using it.",
+                lockTaken: "ACCESS EXCLUSIVE (brief)",
+            };
+        }
+        // ALTER TABLE ... DROP COLUMN
+        for (const change of alterChanges(stmt.ast)) {
+            if (change?.type !== "drop column")
+                continue;
+            const table = tableName(stmt.ast) ?? "your_table";
+            const col = nameOf(change.column) ?? "col";
+            return {
+                message: `Dropping column "${col}" from ${table} destroys its data and breaks code still reading it.`,
+                lockTaken: "ACCESS EXCLUSIVE (brief)",
+            };
+        }
+        return null;
+    },
+};
+//# sourceMappingURL=dropColumnOrTable.js.map

package/dist/analyzer/rules/dropColumnOrTable.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dropColumnOrTable.js","sourceRoot":"","sources":["../../../src/analyzer/rules/dropColumnOrTable.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAE1E,MAAM,CAAC,MAAM,iBAAiB,GAAS;IACrC,EAAE,EAAE,sBAAsB;IAC1B,KAAK,EAAE,oCAAoC;IAC3C,QAAQ,EAAE,SAAS;IACnB,SAAS,EACP,+NAA+N;IACjO,WAAW,EACT,oJAAoJ;IACtJ,OAAO,EAAE,6DAA6D;IACtE,KAAK,CAAC,IAAI;QACR,aAAa;QACb,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,YAAY,IAAI,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1E,OAAO;gBACL,OAAO,EAAE,wEAAwE;gBACjF,SAAS,EAAE,0BAA0B;aACtC,CAAC;QACJ,CAAC;QACD,8BAA8B;QAC9B,KAAK,MAAM,MAAM,IAAI,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5C,IAAI,MAAM,EAAE,IAAI,KAAK,aAAa;gBAAE,SAAS;YAC7C,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC;YAClD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC;YAC3C,OAAO;gBACL,OAAO,EAAE,oBAAoB,GAAG,UAAU,KAAK,sDAAsD;gBACrG,SAAS,EAAE,0BAA0B;aACtC,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAC"}

package/dist/analyzer/rules/index.d.ts

@@ -0,0 +1,7 @@
+import type { Rule } from "../types.js";
+/**
+ * The rule catalog. Adding a new safety check is a one-file change plus one
+ * line here — rules are pure, independent, and carry their own metadata.
+ */
+export declare const rules: Rule[];
+export declare const rulesById: Map<string, Rule>;

package/dist/analyzer/rules/index.js

@@ -0,0 +1,28 @@
+import { createIndexNonConcurrent } from "./createIndexNonConcurrent.js";
+import { indexConcurrentlyInTransaction } from "./indexConcurrentlyInTransaction.js";
+import { addColumnNotNullNoDefault } from "./addColumnNotNullNoDefault.js";
+import { addColumnVolatileDefault } from "./addColumnVolatileDefault.js";
+import { alterColumnType } from "./alterColumnType.js";
+import { setNotNull } from "./setNotNull.js";
+import { addForeignKeyValidating } from "./addForeignKeyValidating.js";
+import { addCheckConstraintNoNotValid } from "./addCheckConstraintNoNotValid.js";
+import { dropColumnOrTable } from "./dropColumnOrTable.js";
+import { renameColumnOrTable } from "./renameColumnOrTable.js";
+/**
+ * The rule catalog. Adding a new safety check is a one-file change plus one
+ * line here — rules are pure, independent, and carry their own metadata.
+ */
+export const rules = [
+    createIndexNonConcurrent,
+    indexConcurrentlyInTransaction,
+    addColumnNotNullNoDefault,
+    addColumnVolatileDefault,
+    alterColumnType,
+    setNotNull,
+    addForeignKeyValidating,
+    addCheckConstraintNoNotValid,
+    dropColumnOrTable,
+    renameColumnOrTable,
+];
+export const rulesById = new Map(rules.map((r) => [r.id, r]));
+//# sourceMappingURL=index.js.map

package/dist/analyzer/rules/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/analyzer/rules/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AACzE,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AACrF,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AACzE,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AACjF,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAE/D;;;GAGG;AACH,MAAM,CAAC,MAAM,KAAK,GAAW;IAC3B,wBAAwB;IACxB,8BAA8B;IAC9B,yBAAyB;IACzB,wBAAwB;IACxB,eAAe;IACf,UAAU;IACV,uBAAuB;IACvB,4BAA4B;IAC5B,iBAAiB;IACjB,mBAAmB;CACpB,CAAC;AAEF,MAAM,CAAC,MAAM,SAAS,GAAsB,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC"}

package/dist/analyzer/rules/indexConcurrentlyInTransaction.d.ts

@@ -0,0 +1,2 @@
+import type { Rule } from "../types.js";
+export declare const indexConcurrentlyInTransaction: Rule;

package/dist/analyzer/rules/indexConcurrentlyInTransaction.js

@@ -0,0 +1,23 @@
+import { astType } from "../astUtils.js";
+export const indexConcurrentlyInTransaction = {
+    id: "index-concurrently-in-transaction",
+    title: "CREATE INDEX CONCURRENTLY inside a transaction",
+    severity: "critical",
+    rationale: "CREATE INDEX CONCURRENTLY cannot run inside a transaction block — Postgres raises an error. Many migration frameworks wrap every migration in BEGIN/COMMIT by default, so this fails at deploy time.",
+    remediation: "Run the CONCURRENTLY index outside the surrounding transaction (e.g. disable the framework's automatic transaction for this migration).",
+    docsUrl: "https://www.postgresql.org/docs/current/sql-createindex.html#SQL-CREATEINDEX-CONCURRENTLY",
+    check(stmt, ctx) {
+        if (!ctx.inExplicitTransaction)
+            return null;
+        const isCreateIndex = astType(stmt) === "create index" || /^create\s+(unique\s+)?index\b/i.test(stmt.lower);
+        if (!isCreateIndex)
+            return null;
+        const concurrently = stmt.ast?.concurrently === true || /\bconcurrently\b/i.test(stmt.lower);
+        if (!concurrently)
+            return null;
+        return {
+            message: "CONCURRENTLY is used inside an explicit BEGIN/COMMIT block; Postgres will reject this with 'CREATE INDEX CONCURRENTLY cannot run inside a transaction block'.",
+        };
+    },
+};
+//# sourceMappingURL=indexConcurrentlyInTransaction.js.map

package/dist/analyzer/rules/indexConcurrentlyInTransaction.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"indexConcurrentlyInTransaction.js","sourceRoot":"","sources":["../../../src/analyzer/rules/indexConcurrentlyInTransaction.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAU,MAAM,gBAAgB,CAAC;AAEjD,MAAM,CAAC,MAAM,8BAA8B,GAAS;IAClD,EAAE,EAAE,mCAAmC;IACvC,KAAK,EAAE,gDAAgD;IACvD,QAAQ,EAAE,UAAU;IACpB,SAAS,EACP,sMAAsM;IACxM,WAAW,EACT,yIAAyI;IAC3I,OAAO,EAAE,2FAA2F;IACpG,KAAK,CAAC,IAAI,EAAE,GAAG;QACb,IAAI,CAAC,GAAG,CAAC,qBAAqB;YAAE,OAAO,IAAI,CAAC;QAC5C,MAAM,aAAa,GACjB,OAAO,CAAC,IAAI,CAAC,KAAK,cAAc,IAAI,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxF,IAAI,CAAC,aAAa;YAAE,OAAO,IAAI,CAAC;QAChC,MAAM,YAAY,GACf,IAAI,CAAC,GAAc,EAAE,YAAY,KAAK,IAAI,IAAI,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACtF,IAAI,CAAC,YAAY;YAAE,OAAO,IAAI,CAAC;QAE/B,OAAO;YACL,OAAO,EACL,+JAA+J;SAClK,CAAC;IACJ,CAAC;CACF,CAAC"}

package/dist/analyzer/rules/renameColumnOrTable.d.ts

@@ -0,0 +1,2 @@
+import type { Rule } from "../types.js";
+export declare const renameColumnOrTable: Rule;

package/dist/analyzer/rules/renameColumnOrTable.js

@@ -0,0 +1,29 @@
+import { alterChanges, nameOf } from "../astUtils.js";
+const RENAME_TABLE_RE = /^alter\s+table\s+.+\brename\s+to\b/i;
+export const renameColumnOrTable = {
+    id: "rename-column-or-table",
+    title: "RENAME breaks running application code",
+    severity: "warning",
+    rationale: "A rename is metadata-only and fast at the database level, but it is a breaking change: any currently-deployed code referencing the old name starts failing the instant the migration lands, before the new code rolls out.",
+    remediation: "Avoid renames in a single step. Add the new name (column/view) alongside the old, migrate readers/writers, then remove the old name in a later release.",
+    docsUrl: "https://www.postgresql.org/docs/current/sql-altertable.html",
+    check(stmt) {
+        for (const change of alterChanges(stmt.ast)) {
+            if (change?.type === "rename column") {
+                const from = nameOf(change.column) ?? "old";
+                const to = nameOf(change.to) ?? "new";
+                return {
+                    message: `Renaming column "${from}" to "${to}" breaks code that still selects "${from}".`,
+                };
+            }
+            if (change?.type === "rename") {
+                return { message: "Renaming the table breaks code that still references the old name." };
+            }
+        }
+        if (RENAME_TABLE_RE.test(stmt.lower)) {
+            return { message: "Renaming the table breaks code that still references the old name." };
+        }
+        return null;
+    },
+};
+//# sourceMappingURL=renameColumnOrTable.js.map

package/dist/analyzer/rules/renameColumnOrTable.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"renameColumnOrTable.js","sourceRoot":"","sources":["../../../src/analyzer/rules/renameColumnOrTable.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAEtD,MAAM,eAAe,GAAG,qCAAqC,CAAC;AAE9D,MAAM,CAAC,MAAM,mBAAmB,GAAS;IACvC,EAAE,EAAE,wBAAwB;IAC5B,KAAK,EAAE,wCAAwC;IAC/C,QAAQ,EAAE,SAAS;IACnB,SAAS,EACP,4NAA4N;IAC9N,WAAW,EACT,yJAAyJ;IAC3J,OAAO,EAAE,6DAA6D;IACtE,KAAK,CAAC,IAAI;QACR,KAAK,MAAM,MAAM,IAAI,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5C,IAAI,MAAM,EAAE,IAAI,KAAK,eAAe,EAAE,CAAC;gBACrC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC;gBAC5C,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,KAAK,CAAC;gBACtC,OAAO;oBACL,OAAO,EAAE,oBAAoB,IAAI,SAAS,EAAE,qCAAqC,IAAI,IAAI;iBAC1F,CAAC;YACJ,CAAC;YACD,IAAI,MAAM,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC9B,OAAO,EAAE,OAAO,EAAE,oEAAoE,EAAE,CAAC;YAC3F,CAAC;QACH,CAAC;QACD,IAAI,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACrC,OAAO,EAAE,OAAO,EAAE,oEAAoE,EAAE,CAAC;QAC3F,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAC"}

package/dist/analyzer/rules/setNotNull.d.ts

@@ -0,0 +1,2 @@
+import type { Rule } from "../types.js";
+export declare const setNotNull: Rule;

package/dist/analyzer/rules/setNotNull.js

@@ -0,0 +1,30 @@
+import { alterChanges, tableName, nameOf } from "../astUtils.js";
+export const setNotNull = {
+    id: "set-not-null",
+    title: "SET NOT NULL scans the whole table",
+    severity: "warning",
+    rationale: "ALTER COLUMN ... SET NOT NULL must scan every row to verify no NULLs while holding ACCESS EXCLUSIVE, blocking reads and writes for the duration on a large table.",
+    remediation: "Add a CHECK (col IS NOT NULL) NOT VALID, VALIDATE it (a non-blocking scan), then SET NOT NULL — which on PG12+ reuses the validated constraint and is instant.",
+    docsUrl: "https://www.postgresql.org/docs/current/sql-altertable.html",
+    check(stmt) {
+        for (const change of alterChanges(stmt.ast)) {
+            if (change?.type !== "alter column")
+                continue;
+            if (change?.alter?.type !== "set not null")
+                continue;
+            const table = tableName(stmt.ast) ?? "your_table";
+            const col = nameOf(change.column) ?? "col";
+            return {
+                message: `SET NOT NULL on "${col}" scans the whole table under an exclusive lock.`,
+                lockTaken: "ACCESS EXCLUSIVE",
+                suggestedRewrite: [
+                    `ALTER TABLE ${table} ADD CONSTRAINT ${col}_not_null CHECK (${col} IS NOT NULL) NOT VALID;`,
+                    `ALTER TABLE ${table} VALIDATE CONSTRAINT ${col}_not_null; -- non-blocking scan`,
+                    `ALTER TABLE ${table} ALTER COLUMN ${col} SET NOT NULL; -- instant on PG12+`,
+                ].join("\n"),
+            };
+        }
+        return null;
+    },
+};
+//# sourceMappingURL=setNotNull.js.map

package/dist/analyzer/rules/setNotNull.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"setNotNull.js","sourceRoot":"","sources":["../../../src/analyzer/rules/setNotNull.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAEjE,MAAM,CAAC,MAAM,UAAU,GAAS;IAC9B,EAAE,EAAE,cAAc;IAClB,KAAK,EAAE,oCAAoC;IAC3C,QAAQ,EAAE,SAAS;IACnB,SAAS,EACP,mKAAmK;IACrK,WAAW,EACT,gKAAgK;IAClK,OAAO,EAAE,6DAA6D;IACtE,KAAK,CAAC,IAAI;QACR,KAAK,MAAM,MAAM,IAAI,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5C,IAAI,MAAM,EAAE,IAAI,KAAK,cAAc;gBAAE,SAAS;YAC9C,IAAI,MAAM,EAAE,KAAK,EAAE,IAAI,KAAK,cAAc;gBAAE,SAAS;YACrD,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC;YAClD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC;YAC3C,OAAO;gBACL,OAAO,EAAE,oBAAoB,GAAG,kDAAkD;gBAClF,SAAS,EAAE,kBAAkB;gBAC7B,gBAAgB,EAAE;oBAChB,eAAe,KAAK,mBAAmB,GAAG,oBAAoB,GAAG,0BAA0B;oBAC3F,eAAe,KAAK,wBAAwB,GAAG,iCAAiC;oBAChF,eAAe,KAAK,iBAAiB,GAAG,oCAAoC;iBAC7E,CAAC,IAAI,CAAC,IAAI,CAAC;aACb,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAC"}

package/dist/analyzer/suppress.d.ts

@@ -0,0 +1,23 @@
+/**
+ * eslint-style inline suppression. A comment of the form
+ *
+ *   -- locksmith:disable create-index-non-concurrent, set-not-null
+ *   -- locksmith:disable            (no ids => suppress everything)
+ *
+ * suppresses the listed rules (or all rules) for the statement it precedes
+ * (its leading comment lines) or sits on. This keeps the tool honest: a team
+ * can acknowledge a deliberate risk without disabling the rule globally.
+ */
+export interface Directive {
+    line: number;
+    /** Specific rule ids, or "all" when no ids were given. */
+    rules: Set<string> | "all";
+}
+export declare function parseDirectives(sql: string): Directive[];
+/**
+ * Is `ruleId` suppressed for a statement occupying lines
+ * [leadingFrom .. statementEndLine]? A directive applies if it lands anywhere
+ * in that range — i.e. on the statement itself or in the comment block
+ * immediately above it.
+ */
+export declare function isSuppressed(ruleId: string, directives: Directive[], leadingFrom: number, statementEndLine: number): boolean;

package/dist/analyzer/suppress.js

@@ -0,0 +1,36 @@
+const DIRECTIVE_RE = /--\s*locksmith:disable\b(.*)$/i;
+export function parseDirectives(sql) {
+    const out = [];
+    const lines = sql.split("\n");
+    lines.forEach((text, idx) => {
+        const m = DIRECTIVE_RE.exec(text);
+        if (!m)
+            return;
+        const rest = m[1].trim();
+        if (rest.length === 0) {
+            out.push({ line: idx + 1, rules: "all" });
+        }
+        else {
+            const ids = rest
+                .split(/[\s,]+/)
+                .map((s) => s.trim())
+                .filter(Boolean);
+            out.push({ line: idx + 1, rules: new Set(ids) });
+        }
+    });
+    return out;
+}
+/**
+ * Is `ruleId` suppressed for a statement occupying lines
+ * [leadingFrom .. statementEndLine]? A directive applies if it lands anywhere
+ * in that range — i.e. on the statement itself or in the comment block
+ * immediately above it.
+ */
+export function isSuppressed(ruleId, directives, leadingFrom, statementEndLine) {
+    return directives.some((d) => {
+        if (d.line < leadingFrom || d.line > statementEndLine)
+            return false;
+        return d.rules === "all" || d.rules.has(ruleId);
+    });
+}
+//# sourceMappingURL=suppress.js.map

package/dist/analyzer/suppress.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"suppress.js","sourceRoot":"","sources":["../../src/analyzer/suppress.ts"],"names":[],"mappings":"AAgBA,MAAM,YAAY,GAAG,gCAAgC,CAAC;AAEtD,MAAM,UAAU,eAAe,CAAC,GAAW;IACzC,MAAM,GAAG,GAAgB,EAAE,CAAC;IAC5B,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC9B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QAC1B,MAAM,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,CAAC,CAAC;YAAE,OAAO;QACf,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzB,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtB,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,GAAG,IAAI;iBACb,KAAK,CAAC,QAAQ,CAAC;iBACf,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;iBACpB,MAAM,CAAC,OAAO,CAAC,CAAC;YACnB,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE,IAAI,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACnD,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAC1B,MAAc,EACd,UAAuB,EACvB,WAAmB,EACnB,gBAAwB;IAExB,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;QAC3B,IAAI,CAAC,CAAC,IAAI,GAAG,WAAW,IAAI,CAAC,CAAC,IAAI,GAAG,gBAAgB;YAAE,OAAO,KAAK,CAAC;QACpE,OAAO,CAAC,CAAC,KAAK,KAAK,KAAK,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/analyzer/types.d.ts

@@ -0,0 +1,93 @@
+import type { Statement } from "pgsql-ast-parser";
+/** How serious a finding is. Drives the overall verdict. */
+export type Severity = "info" | "warning" | "critical";
+/** Final gate decision derived from the worst finding present. */
+export type Verdict = "PASS" | "REVIEW" | "BLOCK";
+/**
+ * One parsed statement from a migration. Rules get BOTH the AST (when the
+ * parser understood the statement) and normalized text — because some
+ * Postgres clauses the rules care about (NOT VALID, CONCURRENTLY) are either
+ * unmodeled or outright rejected by the parser, so text is the reliable signal.
+ */
+export interface Stmt {
+    /** Original statement text, trailing semicolon removed. */
+    raw: string;
+    /** Comments stripped, whitespace collapsed; original case preserved. */
+    normalized: string;
+    /** `normalized` lowercased — convenient for keyword matching. */
+    lower: string;
+    /** 1-based line where this statement begins in the original input. */
+    startLine: number;
+    /** 1-based line where this statement ends. */
+    endLine: number;
+    /** Parsed AST, or null if the parser rejected this statement. */
+    ast: Statement | null;
+    /** Parser error message, present only when `ast` is null. */
+    parseError?: string;
+}
+/** Shared context a rule may consult while evaluating a statement. */
+export interface RuleContext {
+    /**
+     * When true (the safe default), rules assume the target tables are large /
+     * hot, so a full scan or rewrite is treated as dangerous. Set false to
+     * silence size-dependent rules for known-small tables.
+     */
+    assumeLargeTables: boolean;
+    /** True if this statement runs inside an explicit BEGIN/START TRANSACTION. */
+    inExplicitTransaction: boolean;
+}
+/** What a rule returns when it matches a statement. */
+export interface RuleHit {
+    /** Specific, human-readable description of the problem in this statement. */
+    message: string;
+    /** The Postgres lock this operation acquires, if relevant. */
+    lockTaken?: string;
+    /** A concrete, safer rewrite the author can paste in. */
+    suggestedRewrite?: string;
+}
+/** A safety rule: pure metadata + a pure check function. */
+export interface Rule {
+    /** Stable kebab-case id, used in output and suppression directives. */
+    id: string;
+    title: string;
+    severity: Severity;
+    /** Why this operation is dangerous (general explanation). */
+    rationale: string;
+    /** General remediation guidance. */
+    remediation: string;
+    /** Link to authoritative docs. */
+    docsUrl?: string;
+    /** Returns a hit if the statement violates this rule, else null. */
+    check(stmt: Stmt, ctx: RuleContext): RuleHit | null;
+}
+/** A rule hit promoted to a reportable finding (rule metadata folded in). */
+export interface Finding {
+    ruleId: string;
+    title: string;
+    severity: Severity;
+    line: number;
+    statement: string;
+    lockTaken?: string;
+    message: string;
+    rationale: string;
+    remediation: string;
+    suggestedRewrite?: string;
+    docsUrl?: string;
+}
+export interface AnalysisStats {
+    statements: number;
+    findings: number;
+    critical: number;
+    warning: number;
+    info: number;
+    suppressed: number;
+    /** Statements the parser could not understand (still text-scanned by rules). */
+    unparsed: number;
+}
+/** The complete result of analyzing a migration. */
+export interface AnalysisResult {
+    verdict: Verdict;
+    summary: string;
+    stats: AnalysisStats;
+    findings: Finding[];
+}

package/dist/analyzer/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/analyzer/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/analyzer/types.ts"],"names":[],"mappings":""}

package/dist/analyzer/verdict.d.ts

@@ -0,0 +1,9 @@
+import type { Finding, Verdict } from "./types.js";
+/**
+ * Map the set of findings to a single gate decision:
+ *   - any critical  => BLOCK  (will likely cause an outage; do not ship as-is)
+ *   - any warning   => REVIEW (risky; a human should confirm it's safe here)
+ *   - otherwise     => PASS
+ */
+export declare function computeVerdict(findings: Finding[]): Verdict;
+export declare function summarize(verdict: Verdict, findings: Finding[]): string;

package/dist/analyzer/verdict.js

@@ -0,0 +1,35 @@
+/**
+ * Map the set of findings to a single gate decision:
+ *   - any critical  => BLOCK  (will likely cause an outage; do not ship as-is)
+ *   - any warning   => REVIEW (risky; a human should confirm it's safe here)
+ *   - otherwise     => PASS
+ */
+export function computeVerdict(findings) {
+    if (findings.some((f) => f.severity === "critical"))
+        return "BLOCK";
+    if (findings.some((f) => f.severity === "warning"))
+        return "REVIEW";
+    return "PASS";
+}
+export function summarize(verdict, findings) {
+    if (findings.length === 0) {
+        return "No locking hazards detected. Migration looks safe to apply.";
+    }
+    const crit = findings.filter((f) => f.severity === "critical").length;
+    const warn = findings.filter((f) => f.severity === "warning").length;
+    const parts = [];
+    if (crit)
+        parts.push(`${crit} critical`);
+    if (warn)
+        parts.push(`${warn} warning${warn === 1 ? "" : "s"}`);
+    const counts = parts.join(", ");
+    switch (verdict) {
+        case "BLOCK":
+            return `Blocked: ${counts}. These operations take heavy locks and can cause an outage on a busy table. See suggested rewrites.`;
+        case "REVIEW":
+            return `Needs review: ${counts}. Likely safe on small tables, risky on large/hot ones.`;
+        default:
+            return `${counts} informational note(s).`;
+    }
+}
+//# sourceMappingURL=verdict.js.map

package/dist/analyzer/verdict.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verdict.js","sourceRoot":"","sources":["../../src/analyzer/verdict.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,QAAmB;IAChD,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC;QAAE,OAAO,OAAO,CAAC;IACpE,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC;QAAE,OAAO,QAAQ,CAAC;IACpE,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,OAAgB,EAAE,QAAmB;IAC7D,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,6DAA6D,CAAC;IACvE,CAAC;IACD,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IACtE,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,MAAM,CAAC;IACrE,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,IAAI;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,WAAW,CAAC,CAAC;IACzC,IAAI,IAAI;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,WAAW,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IAChE,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChC,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,OAAO;YACV,OAAO,YAAY,MAAM,sGAAsG,CAAC;QAClI,KAAK,QAAQ;YACX,OAAO,iBAAiB,MAAM,yDAAyD,CAAC;QAC1F;YACE,OAAO,GAAG,MAAM,yBAAyB,CAAC;IAC9C,CAAC;AACH,CAAC"}

package/dist/data/lockMatrix.d.ts

@@ -0,0 +1,17 @@
+/**
+ * PostgreSQL table-level lock modes, what each one blocks, and the common DDL
+ * that acquires it. Exposed as an MCP resource so a model (or a human) can
+ * reason about *why* an operation is dangerous, not just that it is.
+ *
+ * Source: PostgreSQL docs, "Explicit Locking" → Table-level Locks.
+ * https://www.postgresql.org/docs/current/explicit-locking.html
+ */
+export interface LockMode {
+    mode: string;
+    /** Plain-language summary of what this lock prevents concurrently. */
+    blocks: string;
+    /** Representative operations that take this lock. */
+    acquiredBy: string[];
+}
+export declare const LOCK_MODES: LockMode[];
+export declare function renderLockMatrix(): string;