mcp-migration-advisor 0.2.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Dmytro Lisnichenko
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,158 @@
+[![npm version](https://img.shields.io/npm/v/mcp-migration-advisor)](https://www.npmjs.com/package/mcp-migration-advisor)
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
+
+# MCP Migration Advisor
+
+MCP server for database migration risk analysis. Detects dangerous schema changes before they hit production.
+
+## Why This Tool?
+
+Database migration failures cause outages. This tool analyzes your Flyway and Liquibase migrations **before** they run — detecting destructive operations, lock risks, and data loss patterns.
+
+Unlike MigrationPilot (PG-only, raw SQL analysis), this tool **parses Liquibase XML and YAML changelogs natively** — extracting changeSets, detecting conflicts between changeSet IDs, and validating rollback completeness. It works across database types, not just PostgreSQL.
+
+## Features
+
+- **Lock Risk Analysis**: Detects DDL operations that acquire heavy table locks (ACCESS EXCLUSIVE, SHARE locks)
+- **Data Loss Detection**: Finds column drops, type changes that truncate, TRUNCATE/DELETE without WHERE
+- **Risk Scoring**: Calculates 0-100 risk score based on severity of detected issues
+- **Flyway Support**: Parses V__*.sql and R__*.sql migration filenames
+- **Liquibase Support**: Parses XML and YAML changelogs with changeSet extraction
+- **Conflict Detection**: Identifies duplicate changeSet IDs and ordering issues
+- **Rollback Validation**: Checks rollback completeness for each changeSet
+- **Actionable Recommendations**: Every risk includes a specific safe alternative
+
+## Installation
+
+```bash
+npx mcp-migration-advisor
+```
+
+Or install globally:
+
+```bash
+npm install -g mcp-migration-advisor
+```
+
+## Claude Desktop Configuration
+
+Add to `~/.claude/claude_desktop_config.json`:
+
+```json
+{
+  "mcpServers": {
+    "migration-advisor": {
+      "command": "npx",
+      "args": ["-y", "mcp-migration-advisor"]
+    }
+  }
+}
+```
+
+## Quick Demo
+
+Try these prompts in Claude:
+
+1. **"Analyze this migration for risks: ALTER TABLE users DROP COLUMN email;"** — Returns risk score (0-100), lock risks, data loss warnings, and safe alternatives
+2. **"Generate a rollback for this migration: CREATE TABLE orders (...); CREATE INDEX idx_orders_user ON orders(user_id);"** — Produces reverse DDL in correct order
+3. **"Score this Liquibase changelog: [paste XML]"** — Parses changeSets and calculates overall risk
+
+## Tools
+
+### `analyze_migration`
+
+Full analysis of a SQL migration file. Returns lock risks, data loss analysis, and recommendations.
+
+**Parameters:**
+- `filename` — Migration filename (e.g., `V2__add_user_email.sql`)
+- `sql` — The SQL content
+
+### `analyze_liquibase`
+
+Full analysis of a Liquibase XML changelog. Parses changeSets and applies the same lock risk and data loss analysis.
+
+**Parameters:**
+- `xml` — The Liquibase XML changelog content
+
+### `analyze_liquibase_yaml`
+
+Full analysis of a Liquibase YAML changelog. Parses changeSets from YAML format and applies the same lock risk and data loss analysis. Supports all standard change types: createTable, dropTable, addColumn, dropColumn, modifyDataType, createIndex, renameTable, renameColumn, and more.
+
+**Parameters:**
+- `yaml` — The Liquibase YAML changelog content
+
+### `score_risk`
+
+Quick risk score (0-100) with verdict (LOW/MODERATE/HIGH RISK).
+
+**Parameters:**
+- `filename` — Migration filename
+- `sql` — The SQL content
+
+### `generate_rollback`
+
+Generate reverse DDL to undo a SQL migration. Produces rollback SQL with warnings for irreversible operations.
+
+**Parameters:**
+- `filename` — Migration filename
+- `sql` — The SQL content
+
+**Reverses automatically:**
+- CREATE TABLE → DROP TABLE
+- ADD COLUMN → ALTER TABLE ... DROP COLUMN
+- CREATE INDEX → DROP INDEX (preserves CONCURRENTLY)
+- ADD CONSTRAINT → DROP CONSTRAINT
+- SET NOT NULL → DROP NOT NULL
+- RENAME → reverse RENAME
+
+**Warns on irreversible:**
+- DROP TABLE, DROP COLUMN (data loss)
+- Column type changes (original type unknown)
+- DROP INDEX, DROP CONSTRAINT (original definition unknown)
+
+Includes Flyway `schema_history` cleanup statement.
+
+### `detect_conflicts`
+
+Detect conflicts between two SQL migration files. Identifies same-table modifications, same-column changes, lock contention risks, and drop dependencies that could cause failures if applied concurrently or in the wrong order.
+
+**Parameters:**
+- `filename_a` — First migration filename (e.g., `V3__add_email.sql`)
+- `sql_a` — SQL content of the first migration
+- `filename_b` — Second migration filename (e.g., `V4__modify_users.sql`)
+- `sql_b` — SQL content of the second migration
+
+**Detects:**
+- **Same column conflicts** (CRITICAL) — both migrations modify the same column on the same table
+- **Drop dependencies** (CRITICAL) — one migration drops a table the other modifies, causing order-dependent failures
+- **Lock contention** (WARNING) — both migrations require exclusive locks on the same table, risking lock wait timeouts
+
+Returns a conflict report with severity levels, affected tables/columns, and whether the migrations can safely run concurrently.
+
+## What It Detects
+
+| Pattern | Severity | Why It's Dangerous |
+|---------|----------|--------------------|
+| NOT NULL without DEFAULT | CRITICAL | Full table rewrite with ACCESS EXCLUSIVE lock |
+| Column type change | CRITICAL | Table rewrite, data truncation risk |
+| CREATE INDEX (not CONCURRENTLY) | HIGH | SHARE lock blocks all writes |
+| DROP TABLE CASCADE | CRITICAL | Drops all dependent objects |
+| DROP COLUMN | HIGH | Irreversible data loss |
+| SET NOT NULL | HIGH | Full table scan with lock |
+| FOREIGN KEY constraint | MEDIUM | Locks both tables for validation |
+| TRUNCATE / DELETE without WHERE | CERTAIN data loss | All rows permanently deleted |
+
+## Limitations & Known Issues
+
+- **Static analysis only**: Analyzes SQL text without database connectivity. Cannot check actual table sizes, row counts, or existing schema to calibrate risk.
+- **PostgreSQL-focused**: Lock risk recommendations are primarily for PostgreSQL. MySQL and SQLite lock behaviors differ and may not be fully covered.
+- **Complex DDL**: Stored procedures, triggers, and dynamic SQL within migrations are classified as "OTHER" and receive generic risk assessment.
+- **Liquibase support**: Handles standard XML and YAML changesets. JSON Liquibase format and custom change types are not supported.
+- **Rollback limitations**: Auto-generated rollbacks cannot reverse DROP TABLE, DROP COLUMN, or type changes (data is lost). These produce warnings instead of rollback SQL.
+- **Multi-statement transactions**: The parser splits on semicolons. Statements containing semicolons inside strings or dollar-quoted blocks may be split incorrectly.
+- **No execution**: The advisor analyzes but never executes migrations. All recommendations are advisory.
+- **Database-specific DDL**: Parser targets PostgreSQL/MySQL DDL syntax. Oracle PL/SQL or SQL Server T-SQL may not be fully recognized.
+
+## License
+
+MIT

package/build/analyzers/conflicts.js

@@ -0,0 +1,167 @@
+/**
+ * Migration conflict detector.
+ *
+ * Given two parsed migrations, detects if they modify the same table/column
+ * and could conflict when applied concurrently or in the wrong order.
+ *
+ * Conflict types:
+ * - Same table modification (both ALTER/DROP the same table)
+ * - Same column modification (both modify the same column)
+ * - Dependent order (one adds a column the other references)
+ * - Lock contention (both require exclusive locks on the same table)
+ */
+// Statement types that take exclusive locks
+const EXCLUSIVE_LOCK_TYPES = new Set([
+    "ALTER_TABLE",
+    "DROP_TABLE",
+    "ADD_COLUMN",
+    "DROP_COLUMN",
+    "MODIFY_COLUMN",
+    "ADD_CONSTRAINT",
+    "DROP_CONSTRAINT",
+    "RENAME",
+]);
+// Statement types that modify a column
+const COLUMN_MODIFYING_TYPES = new Set([
+    "ADD_COLUMN",
+    "DROP_COLUMN",
+    "MODIFY_COLUMN",
+]);
+export function detectConflicts(migrationA, migrationB) {
+    const conflicts = [];
+    // Build table→statements map for each migration
+    const tablesA = groupByTable(migrationA.statements);
+    const tablesB = groupByTable(migrationB.statements);
+    // Find overlapping tables
+    for (const [table, stmtsA] of tablesA) {
+        const stmtsB = tablesB.get(table);
+        if (!stmtsB)
+            continue;
+        // Check for column-level conflicts first (more specific)
+        const columnConflicts = detectColumnConflicts(table, stmtsA, stmtsB);
+        conflicts.push(...columnConflicts);
+        // Check for lock contention (both need exclusive locks on same table)
+        const lockA = stmtsA.some((s) => EXCLUSIVE_LOCK_TYPES.has(s.type));
+        const lockB = stmtsB.some((s) => EXCLUSIVE_LOCK_TYPES.has(s.type));
+        if (lockA && lockB && columnConflicts.length === 0) {
+            // Only add table-level conflict if no column-level conflict was found
+            conflicts.push({
+                severity: "WARNING",
+                type: "LOCK_CONTENTION",
+                table,
+                message: `Both migrations require exclusive locks on table "${table}". Running concurrently may cause lock wait timeouts.`,
+                recommendation: `Merge these changes into a single migration or ensure they run sequentially with sufficient lock_timeout.`,
+                statementA: truncate(stmtsA[0].raw),
+                statementB: truncate(stmtsB[0].raw),
+            });
+        }
+        // Check for drop dependency: one drops a table the other modifies
+        const dropsA = stmtsA.filter((s) => s.type === "DROP_TABLE");
+        const modifiesB = stmtsB.filter((s) => s.type !== "DROP_TABLE" && s.type !== "CREATE_TABLE");
+        if (dropsA.length > 0 && modifiesB.length > 0) {
+            conflicts.push({
+                severity: "CRITICAL",
+                type: "DROP_DEPENDENCY",
+                table,
+                message: `Migration "${migrationA.filename}" drops table "${table}" while "${migrationB.filename}" modifies it. Order-dependent failure.`,
+                recommendation: `Ensure the DROP TABLE migration runs AFTER the other, or consolidate both changes.`,
+                statementA: truncate(dropsA[0].raw),
+                statementB: truncate(modifiesB[0].raw),
+            });
+        }
+        const dropsB = stmtsB.filter((s) => s.type === "DROP_TABLE");
+        const modifiesA = stmtsA.filter((s) => s.type !== "DROP_TABLE" && s.type !== "CREATE_TABLE");
+        if (dropsB.length > 0 && modifiesA.length > 0) {
+            conflicts.push({
+                severity: "CRITICAL",
+                type: "DROP_DEPENDENCY",
+                table,
+                message: `Migration "${migrationB.filename}" drops table "${table}" while "${migrationA.filename}" modifies it. Order-dependent failure.`,
+                recommendation: `Ensure the DROP TABLE migration runs AFTER the other, or consolidate both changes.`,
+                statementA: truncate(modifiesA[0].raw),
+                statementB: truncate(dropsB[0].raw),
+            });
+        }
+    }
+    const canRunConcurrently = conflicts.every((c) => c.severity !== "CRITICAL" && c.type !== "LOCK_CONTENTION");
+    return {
+        migrationA: migrationA.filename,
+        migrationB: migrationB.filename,
+        conflicts,
+        canRunConcurrently,
+    };
+}
+function detectColumnConflicts(table, stmtsA, stmtsB) {
+    const conflicts = [];
+    const colStmtsA = stmtsA.filter((s) => COLUMN_MODIFYING_TYPES.has(s.type) && s.columnName);
+    const colStmtsB = stmtsB.filter((s) => COLUMN_MODIFYING_TYPES.has(s.type) && s.columnName);
+    for (const a of colStmtsA) {
+        for (const b of colStmtsB) {
+            if (a.columnName &&
+                b.columnName &&
+                a.columnName.toLowerCase() === b.columnName.toLowerCase()) {
+                conflicts.push({
+                    severity: "CRITICAL",
+                    type: "SAME_COLUMN",
+                    table,
+                    column: a.columnName,
+                    message: `Both migrations modify column "${a.columnName}" on table "${table}". This will cause conflicts regardless of execution order.`,
+                    recommendation: `Merge these column changes into a single migration to avoid conflicts.`,
+                    statementA: truncate(a.raw),
+                    statementB: truncate(b.raw),
+                });
+            }
+        }
+    }
+    return conflicts;
+}
+function groupByTable(statements) {
+    const map = new Map();
+    for (const stmt of statements) {
+        if (!stmt.tableName)
+            continue;
+        const table = stmt.tableName.toLowerCase();
+        const existing = map.get(table) || [];
+        existing.push(stmt);
+        map.set(table, existing);
+    }
+    return map;
+}
+function truncate(s, max = 80) {
+    const clean = s.replace(/\s+/g, " ").trim();
+    return clean.length > max ? clean.slice(0, max - 3) + "..." : clean;
+}
+export function formatConflictReport(report) {
+    const sections = [];
+    sections.push("## Migration Conflict Analysis");
+    sections.push(`\n- **Migration A**: ${report.migrationA}`);
+    sections.push(`- **Migration B**: ${report.migrationB}`);
+    sections.push(`- **Conflicts found**: ${report.conflicts.length}`);
+    sections.push(`- **Can run concurrently**: ${report.canRunConcurrently ? "Yes" : "**No**"}`);
+    if (report.conflicts.length === 0) {
+        sections.push("\n### No conflicts detected\n\nThese migrations can safely be applied in either order.");
+        return sections.join("\n");
+    }
+    const critical = report.conflicts.filter((c) => c.severity === "CRITICAL");
+    const warnings = report.conflicts.filter((c) => c.severity === "WARNING");
+    if (critical.length > 0) {
+        sections.push(`\n### Critical Conflicts (${critical.length})\n`);
+        for (const c of critical) {
+            sections.push(`**[${c.type}]** Table: \`${c.table}\`${c.column ? `, Column: \`${c.column}\`` : ""}`);
+            sections.push(c.message);
+            sections.push(`- A: \`${c.statementA}\``);
+            sections.push(`- B: \`${c.statementB}\``);
+            sections.push(`*Fix*: ${c.recommendation}\n`);
+        }
+    }
+    if (warnings.length > 0) {
+        sections.push(`\n### Warnings (${warnings.length})\n`);
+        for (const c of warnings) {
+            sections.push(`**[${c.type}]** Table: \`${c.table}\``);
+            sections.push(c.message);
+            sections.push(`*Fix*: ${c.recommendation}\n`);
+        }
+    }
+    return sections.join("\n");
+}
+//# sourceMappingURL=conflicts.js.map

package/build/analyzers/data-loss.js

@@ -0,0 +1,131 @@
+/**
+ * Data loss detector.
+ *
+ * Detects migration operations that can cause irreversible data loss:
+ * - Column drops
+ * - Type changes that truncate data
+ * - NOT NULL on existing columns without default
+ * - Table drops
+ * - CASCADE operations
+ */
+// Types that lose precision when converted
+const NARROWING_CONVERSIONS = {
+    "BIGINT": ["INTEGER", "SMALLINT", "TINYINT"],
+    "INTEGER": ["SMALLINT", "TINYINT"],
+    "DOUBLE PRECISION": ["REAL", "FLOAT4", "NUMERIC"],
+    "TEXT": ["VARCHAR", "CHAR"],
+    "VARCHAR": ["CHAR"],
+    "TIMESTAMP": ["DATE", "TIME"],
+    "TIMESTAMPTZ": ["DATE", "TIME", "TIMESTAMP"],
+};
+/**
+ * Analyze a migration for data loss risks.
+ */
+export function analyzeDataLoss(migration) {
+    const issues = [];
+    for (const stmt of migration.statements) {
+        const upper = stmt.raw.toUpperCase();
+        switch (stmt.type) {
+            case "DROP_COLUMN": {
+                issues.push({
+                    risk: "CERTAIN",
+                    statement: truncate(stmt.raw),
+                    tableName: stmt.tableName,
+                    description: `Dropping column '${stmt.columnName}' permanently deletes all data in that column.`,
+                    mitigation: "Back up the column data before dropping. Consider renaming the column first and dropping in a later migration after verifying no rollback is needed.",
+                });
+                break;
+            }
+            case "DROP_TABLE": {
+                const cascade = upper.includes("CASCADE");
+                issues.push({
+                    risk: "CERTAIN",
+                    statement: truncate(stmt.raw),
+                    tableName: stmt.tableName,
+                    description: `Dropping table '${stmt.tableName}' permanently deletes all data.${cascade ? " CASCADE will also drop dependent objects." : ""}`,
+                    mitigation: "Ensure a backup exists. Consider renaming the table first and dropping in a later migration.",
+                });
+                break;
+            }
+            case "MODIFY_COLUMN": {
+                if (stmt.details.typeChange === "true") {
+                    // Try to detect narrowing type changes
+                    const typeChangeMatch = stmt.raw.match(/(?:TYPE|SET DATA TYPE)\s+(\w+(?:\(\d+(?:,\s*\d+)?\))?)/i);
+                    const newType = typeChangeMatch?.[1]?.toUpperCase() || "UNKNOWN";
+                    issues.push({
+                        risk: "LIKELY",
+                        statement: truncate(stmt.raw),
+                        tableName: stmt.tableName,
+                        description: `Changing type of '${stmt.columnName}' to ${newType} may truncate or lose data if existing values don't fit the new type.`,
+                        mitigation: "Run a SELECT to verify all existing values are compatible with the new type before migrating. Use a USING clause for explicit conversion.",
+                    });
+                }
+                if (stmt.details.setNotNull === "true") {
+                    issues.push({
+                        risk: "POSSIBLE",
+                        statement: truncate(stmt.raw),
+                        tableName: stmt.tableName,
+                        description: `SET NOT NULL on '${stmt.columnName}' will fail if any NULL values exist, blocking the migration.`,
+                        mitigation: "Run UPDATE ... SET column = default_value WHERE column IS NULL before adding the NOT NULL constraint.",
+                    });
+                }
+                break;
+            }
+            case "ADD_COLUMN": {
+                if (stmt.details.notNull === "true" && stmt.details.hasDefault !== "true") {
+                    issues.push({
+                        risk: "POSSIBLE",
+                        statement: truncate(stmt.raw),
+                        tableName: stmt.tableName,
+                        description: `Adding NOT NULL column '${stmt.columnName}' without DEFAULT will fail on tables with existing rows.`,
+                        mitigation: "Add a DEFAULT value, or add the column as nullable first, backfill, then set NOT NULL.",
+                    });
+                }
+                break;
+            }
+            case "OTHER": {
+                // Detect TRUNCATE
+                if (upper.includes("TRUNCATE")) {
+                    const tableMatch = stmt.raw.match(/TRUNCATE\s+(?:TABLE\s+)?(?:`|"|)?(\w+)/i);
+                    issues.push({
+                        risk: "CERTAIN",
+                        statement: truncate(stmt.raw),
+                        tableName: tableMatch?.[1] || null,
+                        description: "TRUNCATE permanently deletes all rows from the table.",
+                        mitigation: "Ensure this is intentional. Back up the table data first.",
+                    });
+                }
+                // Detect DELETE without WHERE
+                if (upper.match(/DELETE\s+FROM/) && !upper.includes("WHERE")) {
+                    const tableMatch = stmt.raw.match(/DELETE\s+FROM\s+(?:`|"|)?(\w+)/i);
+                    issues.push({
+                        risk: "CERTAIN",
+                        statement: truncate(stmt.raw),
+                        tableName: tableMatch?.[1] || null,
+                        description: "DELETE without WHERE clause deletes all rows from the table.",
+                        mitigation: "Add a WHERE clause to limit the delete, or use TRUNCATE if intentional.",
+                    });
+                }
+                // Detect UPDATE without WHERE
+                if (upper.match(/^UPDATE\b/) && !upper.includes("WHERE")) {
+                    const tableMatch = stmt.raw.match(/UPDATE\s+(?:`|"|)?(\w+)/i);
+                    issues.push({
+                        risk: "LIKELY",
+                        statement: truncate(stmt.raw),
+                        tableName: tableMatch?.[1] || null,
+                        description: "UPDATE without WHERE clause modifies all rows. Previous values are lost.",
+                        mitigation: "Add a WHERE clause to limit the update scope. Consider adding a backup column or logging old values.",
+                    });
+                }
+                break;
+            }
+            default:
+                break;
+        }
+    }
+    return issues;
+}
+function truncate(s, max = 120) {
+    return s.length > max ? s.substring(0, max) + "..." : s;
+}
+//# sourceMappingURL=data-loss.js.map

package/build/analyzers/lock-risk.js

@@ -0,0 +1,174 @@
+/**
+ * Lock risk analyzer.
+ *
+ * Detects DDL operations that acquire heavy table locks in PostgreSQL and MySQL.
+ * Each risky pattern has a severity and recommended safe alternative.
+ */
+/**
+ * Analyze a migration for lock-related risks.
+ */
+export function analyzeLockRisks(migration) {
+    const risks = [];
+    for (const stmt of migration.statements) {
+        const stmtRisks = analyzeStatement(stmt);
+        risks.push(...stmtRisks);
+    }
+    return risks;
+}
+function analyzeStatement(stmt) {
+    const risks = [];
+    const upper = stmt.raw.toUpperCase();
+    switch (stmt.type) {
+        case "ADD_COLUMN": {
+            // NOT NULL without DEFAULT requires full table rewrite (PG <11, all MySQL)
+            if (stmt.details.notNull === "true" && stmt.details.hasDefault !== "true") {
+                risks.push({
+                    severity: "CRITICAL",
+                    statement: truncate(stmt.raw),
+                    tableName: stmt.tableName,
+                    risk: `Adding NOT NULL column '${stmt.columnName}' without DEFAULT requires a full table rewrite. This acquires an ACCESS EXCLUSIVE lock for the duration of the rewrite.`,
+                    recommendation: "Add the column with a DEFAULT value first, then backfill, then set NOT NULL. Or use ALTER TABLE ... ADD COLUMN ... DEFAULT ... NOT NULL (PG 11+ is fast for this).",
+                });
+            }
+            break;
+        }
+        case "DROP_COLUMN": {
+            risks.push({
+                severity: "HIGH",
+                statement: truncate(stmt.raw),
+                tableName: stmt.tableName,
+                risk: `Dropping column '${stmt.columnName}' acquires ACCESS EXCLUSIVE lock. In PostgreSQL this is fast (metadata only), but in MySQL it rewrites the table.`,
+                recommendation: "For PostgreSQL: generally safe but verify no views/functions depend on this column. For MySQL: use pt-online-schema-change or gh-ost for large tables.",
+            });
+            break;
+        }
+        case "MODIFY_COLUMN": {
+            if (stmt.details.typeChange === "true") {
+                risks.push({
+                    severity: "CRITICAL",
+                    statement: truncate(stmt.raw),
+                    tableName: stmt.tableName,
+                    risk: `Changing column type for '${stmt.columnName}' may require a full table rewrite with ACCESS EXCLUSIVE lock. Duration depends on table size.`,
+                    recommendation: "Use expand-contract pattern: add new column, backfill with trigger, switch reads, drop old column. Avoids long lock.",
+                });
+            }
+            if (stmt.details.setNotNull === "true") {
+                risks.push({
+                    severity: "HIGH",
+                    statement: truncate(stmt.raw),
+                    tableName: stmt.tableName,
+                    risk: `SET NOT NULL on '${stmt.columnName}' requires a full table scan to verify no nulls exist. Acquires ACCESS EXCLUSIVE lock during scan (PG <12).`,
+                    recommendation: "In PG 12+, add a CHECK constraint first (NOT VALID), then validate separately. In older PG/MySQL, test on a replica first.",
+                });
+            }
+            break;
+        }
+        case "CREATE_INDEX": {
+            if (stmt.details.concurrently !== "true") {
+                risks.push({
+                    severity: "HIGH",
+                    statement: truncate(stmt.raw),
+                    tableName: stmt.tableName,
+                    risk: "CREATE INDEX without CONCURRENTLY acquires a SHARE lock on the table, blocking all writes for the duration of index creation.",
+                    recommendation: "Use CREATE INDEX CONCURRENTLY to allow concurrent writes. Note: CONCURRENTLY cannot run inside a transaction block.",
+                });
+            }
+            else {
+                risks.push({
+                    severity: "INFO",
+                    statement: truncate(stmt.raw),
+                    tableName: stmt.tableName,
+                    risk: "CREATE INDEX CONCURRENTLY is used — good practice. Note: it takes longer and cannot run in a transaction.",
+                    recommendation: "Ensure the migration tool runs this outside a transaction (Flyway: use non-transactional migration).",
+                });
+            }
+            break;
+        }
+        case "DROP_TABLE": {
+            risks.push({
+                severity: "HIGH",
+                statement: truncate(stmt.raw),
+                tableName: stmt.tableName,
+                risk: `DROP TABLE '${stmt.tableName}' is irreversible and acquires ACCESS EXCLUSIVE lock.`,
+                recommendation: "Ensure no foreign keys reference this table. Consider renaming first (expand-contract) to allow rollback.",
+            });
+            if (stmt.details.cascade === "true") {
+                risks.push({
+                    severity: "CRITICAL",
+                    statement: truncate(stmt.raw),
+                    tableName: stmt.tableName,
+                    risk: "CASCADE will drop all dependent objects (views, foreign keys, functions). This can have unexpected blast radius.",
+                    recommendation: "List all dependencies first with pg_depend/information_schema. Drop them explicitly instead of using CASCADE.",
+                });
+            }
+            break;
+        }
+        case "ADD_CONSTRAINT": {
+            if (stmt.details.constraintType === "FOREIGN_KEY") {
+                risks.push({
+                    severity: "MEDIUM",
+                    statement: truncate(stmt.raw),
+                    tableName: stmt.tableName,
+                    risk: "Adding a FOREIGN KEY constraint acquires SHARE ROW EXCLUSIVE lock on both tables and validates all existing rows.",
+                    recommendation: "In PostgreSQL, add the constraint as NOT VALID first, then VALIDATE separately. This splits the lock into two shorter windows.",
+                });
+            }
+            if (upper.includes("NOT VALID")) {
+                risks.push({
+                    severity: "INFO",
+                    statement: truncate(stmt.raw),
+                    tableName: stmt.tableName,
+                    risk: "NOT VALID constraint added — good practice. Constraint is not validated against existing rows.",
+                    recommendation: "Remember to run ALTER TABLE ... VALIDATE CONSTRAINT in a follow-up migration.",
+                });
+            }
+            break;
+        }
+        case "RENAME": {
+            risks.push({
+                severity: "MEDIUM",
+                statement: truncate(stmt.raw),
+                tableName: stmt.tableName,
+                risk: "RENAME acquires ACCESS EXCLUSIVE lock (brief). Application code referencing the old name will break immediately.",
+                recommendation: "Coordinate with application deployment. Consider using views as aliases during transition.",
+            });
+            break;
+        }
+        default:
+            break;
+    }
+    // Generic checks across all statements
+    if (upper.includes("LOCK TABLE") || upper.includes("LOCK TABLES")) {
+        risks.push({
+            severity: "CRITICAL",
+            statement: truncate(stmt.raw),
+            tableName: stmt.tableName,
+            risk: "Explicit table lock detected. This blocks all concurrent access.",
+            recommendation: "Avoid explicit locks in migrations. Use row-level locking or redesign the migration.",
+        });
+    }
+    return risks;
+}
+function truncate(s, max = 120) {
+    return s.length > max ? s.substring(0, max) + "..." : s;
+}
+/**
+ * Calculate overall risk score (0-100) for a migration.
+ */
+export function calculateRiskScore(risks) {
+    if (risks.length === 0)
+        return 0;
+    const weights = {
+        CRITICAL: 30,
+        HIGH: 20,
+        MEDIUM: 10,
+        LOW: 5,
+        INFO: 0,
+    };
+    let score = 0;
+    for (const risk of risks) {
+        score += weights[risk.severity];
+    }
+    return Math.min(100, score);
+}
+//# sourceMappingURL=lock-risk.js.map