migraguard 0.9.1 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/cli-contract.yaml +221 -205
  2. package/dist/cli.js +87 -23
  3. package/dist/cli.js.map +1 -1
  4. package/dist/index.d.ts +4 -0
  5. package/dist/index.js +38 -0
  6. package/dist/index.js.map +1 -1
  7. package/docs/cli-reference.md +453 -25
  8. package/package.json +4 -4
package/cli-contract.yaml CHANGED
@@ -3,7 +3,7 @@ cliContracts: 0.1.0
3
3
 
4
4
  info:
5
5
  title: migraguard CLI
6
- version: 0.8.4
6
+ version: 0.10.0
7
7
  description: >-
8
8
  PostgreSQL-first schema-aware deployment control — idempotent SQL migrations
9
9
  with CI-enforced integrity checks, expand/contract migration orchestration,
@@ -77,9 +77,16 @@ commandSets:
77
77
  type: boolean
78
78
  default: false
79
79
 
80
+ - name: dry-run
81
+ aliases: [n]
82
+ description: Show what would be created without writing files.
83
+ schema:
84
+ type: boolean
85
+ default: false
86
+
80
87
  exits:
81
88
  '0':
82
- description: Migration file (or group directory) created successfully.
89
+ description: Migration file (or group directory) created successfully (or dry-run preview completed).
83
90
  stdout:
84
91
  format: text
85
92
  files:
@@ -105,6 +112,10 @@ commandSets:
105
112
  idempotent: false
106
113
  sideEffects:
107
114
  - file_write
115
+ sideEffectNote: Creates migration SQL file(s) in the configured migrations directory.
116
+ safeDryRunOption: dry-run
117
+ expectedDurationMs: 1000
118
+ retryableExitCodes: []
108
119
 
109
120
  # ── apply ────────────────────────────────────────
110
121
  apply:
@@ -168,7 +179,12 @@ commandSets:
168
179
  requires writing a compensating migration or restoring from backup.
169
180
  sideEffects:
170
181
  - database_write
182
+ sideEffectNote: >-
183
+ Executes SQL via native CLI and records results in schema_migrations.
184
+ Uses advisory lock to prevent concurrent execution.
171
185
  safeDryRunOption: dry-run
186
+ expectedDurationMs: 60000
187
+ retryableExitCodes: []
172
188
  recommendedBeforeUse:
173
189
  - Run migraguard check to verify metadata integrity.
174
190
  - Run migraguard lint to check for unsafe DDL patterns.
@@ -192,6 +208,11 @@ commandSets:
192
208
  format: text
193
209
 
194
210
  '1':
211
+ description: Unexpected error (file read failure, parse error).
212
+ stderr:
213
+ format: text
214
+
215
+ '10':
195
216
  description: Integrity check failed (tampered, missing, or extra files).
196
217
  stderr:
197
218
  format: text
@@ -201,6 +222,9 @@ commandSets:
201
222
  requiresConfirmation: false
202
223
  idempotent: true
203
224
  sideEffects: []
225
+ sideEffectNote: Read-only. Compares metadata.json against files on disk.
226
+ expectedDurationMs: 2000
227
+ retryableExitCodes: []
204
228
 
205
229
  # ── squash ───────────────────────────────────────
206
230
  squash:
@@ -211,6 +235,15 @@ commandSets:
211
235
  recovery and hotfix workflows. Original migration files are deleted.
212
236
  usage:
213
237
  - migraguard squash
238
+ - migraguard squash --dry-run
239
+
240
+ options:
241
+ - name: dry-run
242
+ aliases: [n]
243
+ description: Show what would be squashed without writing files.
244
+ schema:
245
+ type: boolean
246
+ default: false
214
247
 
215
248
  exits:
216
249
  '0':
@@ -240,6 +273,12 @@ commandSets:
240
273
  sideEffects:
241
274
  - file_write
242
275
  - file_delete
276
+ sideEffectNote: >-
277
+ Merges migration files into one and deletes originals.
278
+ Updates metadata.json.
279
+ safeDryRunOption: dry-run
280
+ expectedDurationMs: 3000
281
+ retryableExitCodes: []
243
282
  recommendedBeforeUse:
244
283
  - Ensure all pending files are ready for release.
245
284
  - Confirm no uncommitted changes to migration files.
@@ -290,6 +329,9 @@ commandSets:
290
329
  requiresConfirmation: false
291
330
  idempotent: true
292
331
  sideEffects: []
332
+ sideEffectNote: Read-only. Scans migration files against safety rules.
333
+ expectedDurationMs: 3000
334
+ retryableExitCodes: []
293
335
 
294
336
  # ── dump ─────────────────────────────────────────
295
337
  dump:
@@ -300,6 +342,15 @@ commandSets:
300
342
  output and saves it to schema.sql.
301
343
  usage:
302
344
  - migraguard dump
345
+ - migraguard dump --dry-run
346
+
347
+ options:
348
+ - name: dry-run
349
+ aliases: [n]
350
+ description: Output normalized schema to stdout without writing schema.sql.
351
+ schema:
352
+ type: boolean
353
+ default: false
303
354
 
304
355
  exits:
305
356
  '0':
@@ -325,6 +376,12 @@ commandSets:
325
376
  sideEffects:
326
377
  - database_read
327
378
  - file_write
379
+ sideEffectNote: >-
380
+ Reads DB schema via pg_dump/mysqldump and writes normalized
381
+ output to schema.sql.
382
+ safeDryRunOption: dry-run
383
+ expectedDurationMs: 10000
384
+ retryableExitCodes: [1]
328
385
 
329
386
  # ── diff ─────────────────────────────────────────
330
387
  diff:
@@ -369,6 +426,11 @@ commandSets:
369
426
  idempotent: true
370
427
  sideEffects:
371
428
  - database_read
429
+ sideEffectNote: >-
430
+ Reads DB schema via pg_dump/mysqldump and compares with
431
+ saved schema.sql. No writes.
432
+ expectedDurationMs: 10000
433
+ retryableExitCodes: [1]
372
434
 
373
435
  # ── status ───────────────────────────────────────
374
436
  status:
@@ -406,6 +468,9 @@ commandSets:
406
468
  idempotent: true
407
469
  sideEffects:
408
470
  - database_read
471
+ sideEffectNote: Reads schema_migrations table and compares with local files.
472
+ expectedDurationMs: 5000
473
+ retryableExitCodes: [1]
409
474
 
410
475
  # ── resolve ──────────────────────────────────────
411
476
  resolve:
@@ -417,6 +482,7 @@ commandSets:
417
482
  addressed by other means.
418
483
  usage:
419
484
  - migraguard resolve 20260301_120000__create_users_table.sql
485
+ - migraguard resolve --dry-run 20260301_120000__create_users_table.sql
420
486
 
421
487
  arguments:
422
488
  - name: file
@@ -426,6 +492,14 @@ commandSets:
426
492
  schema:
427
493
  type: string
428
494
 
495
+ options:
496
+ - name: dry-run
497
+ aliases: [n]
498
+ description: Show what would be resolved without writing to DB.
499
+ schema:
500
+ type: boolean
501
+ default: false
502
+
429
503
  exits:
430
504
  '0':
431
505
  description: Migration marked as skipped.
@@ -447,6 +521,10 @@ commandSets:
447
521
  Re-apply the migration manually if needed.
448
522
  sideEffects:
449
523
  - database_write
524
+ sideEffectNote: Inserts a 'skipped' record into schema_migrations for the given file.
525
+ safeDryRunOption: dry-run
526
+ expectedDurationMs: 3000
527
+ retryableExitCodes: [1]
450
528
  recommendedBeforeUse:
451
529
  - Verify that the failure has been addressed by a subsequent migration or manual fix.
452
530
  - Run migraguard status to confirm the file is in failed state.
@@ -476,6 +554,9 @@ commandSets:
476
554
  requiresConfirmation: false
477
555
  idempotent: true
478
556
  sideEffects: []
557
+ sideEffectNote: Read-only. Lists leaf/latest migration files from metadata.
558
+ expectedDurationMs: 1000
559
+ retryableExitCodes: []
479
560
 
480
561
  # ── verify ───────────────────────────────────────
481
562
  verify:
@@ -512,7 +593,14 @@ commandSets:
512
593
  format: '{options.format}'
513
594
 
514
595
  '1':
596
+ description: Unexpected error (connection error, file parse failure).
597
+ stderr:
598
+ format: text
599
+
600
+ '10':
515
601
  description: One or more migrations failed idempotency verification.
602
+ stdout:
603
+ format: '{options.format}'
516
604
  stderr:
517
605
  format: text
518
606
 
@@ -523,6 +611,11 @@ commandSets:
523
611
  sideEffects:
524
612
  - database_read
525
613
  - database_write
614
+ sideEffectNote: >-
615
+ Creates and destroys a temporary shadow database to verify
616
+ idempotency. Does not modify the primary database.
617
+ expectedDurationMs: 60000
618
+ retryableExitCodes: [1]
526
619
  recommendedBeforeUse:
527
620
  - Ensure the database server is running and accessible.
528
621
 
@@ -562,6 +655,9 @@ commandSets:
562
655
  requiresConfirmation: false
563
656
  idempotent: true
564
657
  sideEffects: []
658
+ sideEffectNote: Read-only. Derives group state from schema_migrations records.
659
+ expectedDurationMs: 3000
660
+ retryableExitCodes: [1]
565
661
 
566
662
  # ── baseline ─────────────────────────────────────
567
663
  baseline:
@@ -573,6 +669,7 @@ commandSets:
573
669
  usage:
574
670
  - migraguard baseline
575
671
  - migraguard baseline --keep-since 20260301_120000__create_users_table.sql
672
+ - migraguard baseline --dry-run
576
673
 
577
674
  options:
578
675
  - name: keep-since
@@ -582,9 +679,16 @@ commandSets:
582
679
  schema:
583
680
  type: string
584
681
 
682
+ - name: dry-run
683
+ aliases: [n]
684
+ description: Show what would be baselined without writing files.
685
+ schema:
686
+ type: boolean
687
+ default: false
688
+
585
689
  exits:
586
690
  '0':
587
- description: Baseline created successfully.
691
+ description: Baseline created successfully (or dry-run preview completed).
588
692
  stdout:
589
693
  format: text
590
694
 
@@ -604,6 +708,12 @@ commandSets:
604
708
  sideEffects:
605
709
  - file_write
606
710
  - file_delete
711
+ sideEffectNote: >-
712
+ Dumps current DB schema to schema.sql, deletes squashed migration
713
+ files, updates metadata.json, and rewrites depends-on references.
714
+ safeDryRunOption: dry-run
715
+ expectedDurationMs: 30000
716
+ retryableExitCodes: []
607
717
  recommendedBeforeUse:
608
718
  - Ensure all migrations have been applied to all environments.
609
719
  - Back up migration files before running.
@@ -650,9 +760,16 @@ commandSets:
650
760
  schema:
651
761
  type: string
652
762
 
763
+ - name: dry-run
764
+ aliases: [n]
765
+ description: Show what would be recorded without writing to DB.
766
+ schema:
767
+ type: boolean
768
+ default: false
769
+
653
770
  exits:
654
771
  '0':
655
- description: Phase state transition recorded.
772
+ description: Phase state transition recorded (or dry-run preview completed).
656
773
  stdout:
657
774
  format: text
658
775
 
@@ -673,6 +790,10 @@ commandSets:
673
790
  status value to manually correct, or reset group state in the database.
674
791
  sideEffects:
675
792
  - database_write
793
+ sideEffectNote: Inserts a phase state transition record into schema_migrations.
794
+ safeDryRunOption: dry-run
795
+ expectedDurationMs: 5000
796
+ retryableExitCodes: [1]
676
797
  recommendedBeforeUse:
677
798
  - Run migraguard group-status <group> to verify current phase state before advancing.
678
799
 
@@ -710,9 +831,16 @@ commandSets:
710
831
  schema:
711
832
  type: string
712
833
 
834
+ - name: dry-run
835
+ aliases: [n]
836
+ description: Show what would be applied without executing SQL.
837
+ schema:
838
+ type: boolean
839
+ default: false
840
+
713
841
  exits:
714
842
  '0':
715
- description: Phase applied successfully.
843
+ description: Phase applied successfully (or dry-run preview completed).
716
844
  stdout:
717
845
  format: text
718
846
 
@@ -733,6 +861,12 @@ commandSets:
733
861
  migration or restore from backup if rollback is needed.
734
862
  sideEffects:
735
863
  - database_write
864
+ sideEffectNote: >-
865
+ Executes a phase SQL file via native CLI and records the
866
+ result in schema_migrations. Uses advisory lock.
867
+ safeDryRunOption: dry-run
868
+ expectedDurationMs: 30000
869
+ retryableExitCodes: []
736
870
  recommendedBeforeUse:
737
871
  - Run migraguard group-status to verify current phase state.
738
872
 
@@ -790,6 +924,11 @@ commandSets:
790
924
  format: text
791
925
 
792
926
  '1':
927
+ description: Unexpected error (connection error, invalid condition syntax).
928
+ stderr:
929
+ format: text
930
+
931
+ '10':
793
932
  description: One or more gate conditions not satisfied.
794
933
  stderr:
795
934
  format: text
@@ -799,6 +938,9 @@ commandSets:
799
938
  requiresConfirmation: false
800
939
  idempotent: true
801
940
  sideEffects: []
941
+ sideEffectNote: Read-only. Evaluates gate conditions against schema_migrations state.
942
+ expectedDurationMs: 5000
943
+ retryableExitCodes: [1]
802
944
 
803
945
  # ── deps ─────────────────────────────────────────
804
946
  deps:
@@ -845,6 +987,11 @@ commandSets:
845
987
  idempotent: true
846
988
  sideEffects:
847
989
  - file_write
990
+ sideEffectNote: >-
991
+ Reads migration files and outputs dependency graph.
992
+ Writes HTML file only when --html is specified.
993
+ expectedDurationMs: 3000
994
+ retryableExitCodes: []
848
995
 
849
996
  # ── audit ─────────────────────────────────────────
850
997
  audit:
@@ -917,7 +1064,7 @@ commandSets:
917
1064
  schema:
918
1065
  type: string
919
1066
  enum: [json, text, yaml]
920
- default: text
1067
+ default: json
921
1068
 
922
1069
  exits:
923
1070
  '0':
@@ -964,7 +1111,7 @@ commandSets:
964
1111
  Filesystem write only when --output is specified.
965
1112
  safeDryRunOption: dry-run
966
1113
  expectedDurationMs: 120000
967
- retryableExitCodes: [1, 12]
1114
+ retryableExitCodes: [12]
968
1115
 
969
1116
  # ── propose-expand-contract ───────────────────────
970
1117
  propose-expand-contract:
@@ -1092,7 +1239,7 @@ commandSets:
1092
1239
  Filesystem write when --output or --output-dir is specified.
1093
1240
  safeDryRunOption: dry-run
1094
1241
  expectedDurationMs: 120000
1095
- retryableExitCodes: [1, 12]
1242
+ retryableExitCodes: [12]
1096
1243
 
1097
1244
  # ── explain ───────────────────────────────────────
1098
1245
  explain:
@@ -1208,227 +1355,96 @@ commandSets:
1208
1355
  Filesystem write only when --output is specified.
1209
1356
  safeDryRunOption: dry-run
1210
1357
  expectedDurationMs: 120000
1211
- retryableExitCodes: [1, 12]
1358
+ retryableExitCodes: [12]
1212
1359
 
1213
1360
  components:
1214
1361
  schemas:
1215
- # ── AI Agent Interoperability Schemas (SSoT) ─────────
1216
-
1362
+ # ── AI Agent Interoperability Schemas ──────────────────
1363
+ # Canonical definitions copied from agent-contracts dsl_base/components.yaml.
1364
+ # Keep components.yaml in sync when upgrading agent-contracts.
1217
1365
  AgentEvidence:
1218
- type: object
1219
- description: Evidence supporting an agent finding.
1220
- required: [kind]
1221
- properties:
1222
- kind:
1223
- type: string
1224
- enum: [file, command, schema, diff, stdout, stderr, text]
1225
- target:
1226
- type: string
1227
- description: Target identifier (file path, command ID, schema name).
1228
- location:
1229
- type: string
1230
- description: Location within the target (line number, JSON pointer).
1231
- excerpt:
1232
- type: string
1233
- description: Relevant excerpt from the target.
1234
-
1366
+ $ref: 'components.yaml#/schemas/agent-evidence'
1235
1367
  AgentFinding:
1236
- type: object
1237
- description: A single finding from a migration audit.
1238
- required: [severity, category, message]
1239
- properties:
1240
- id:
1241
- type: string
1242
- description: Unique finding identifier.
1243
- severity:
1244
- type: string
1245
- enum: [info, warning, error, critical]
1246
- category:
1247
- type: string
1248
- description: >-
1249
- Finding category. Migration-specific categories:
1250
- lock_risk, idempotency, expand_contract, backfill_safety,
1251
- rollback_risk, deploy_order, allow_directive.
1252
- target:
1253
- type: string
1254
- description: Target of the finding (file path, SQL statement).
1255
- location:
1256
- type: string
1257
- description: Location within the target.
1258
- message:
1259
- type: string
1260
- recommendation:
1261
- type: string
1262
- confidence:
1263
- type: number
1264
- minimum: 0
1265
- maximum: 1
1266
- description: Confidence score (0-1) for LLM-generated findings.
1267
- evidence:
1268
- type: array
1269
- items:
1270
- $ref: '#/components/schemas/AgentEvidence'
1271
- details:
1272
- type: object
1273
- additionalProperties: true
1274
-
1368
+ $ref: 'components.yaml#/schemas/agent-finding'
1275
1369
  AgentRecommendedAction:
1276
- type: object
1277
- description: A recommended action from a migration audit.
1278
- required: [kind, title]
1279
- properties:
1280
- kind:
1281
- type: string
1282
- enum: [run_command, edit_file, review, confirm, block, ignore]
1283
- title:
1284
- type: string
1285
- command:
1286
- type: string
1287
- description: CLI command to run (for run_command kind).
1288
- target:
1289
- type: string
1290
- description: Target file or resource.
1291
- rationale:
1292
- type: string
1293
-
1370
+ $ref: 'components.yaml#/schemas/agent-recommended-action'
1294
1371
  MigrationAuditResult:
1295
- type: object
1296
- description: >-
1297
- Top-level result from a migration safety audit.
1298
- Conforms to cli-contracts AgentAuditResult reference schema.
1299
- required: [summary, riskLevel, findings]
1300
- properties:
1301
- summary:
1302
- type: string
1303
- riskLevel:
1304
- type: string
1305
- enum: [low, medium, high, critical]
1306
- findings:
1307
- type: array
1308
- items:
1309
- $ref: '#/components/schemas/AgentFinding'
1310
- recommendedActions:
1311
- type: array
1312
- items:
1313
- $ref: '#/components/schemas/AgentRecommendedAction'
1314
- metadata:
1315
- type: object
1316
- properties:
1317
- tool:
1318
- type: string
1319
- command:
1320
- type: string
1321
- version:
1322
- type: string
1323
- generatedAt:
1324
- type: string
1325
- adapter:
1326
- type: string
1327
- model:
1328
- type: string
1372
+ $ref: 'components.yaml#/schemas/agent-audit-result'
1329
1373
 
1330
1374
  ExpandContractProposal:
1331
1375
  type: object
1332
1376
  description: >-
1333
1377
  Result from propose-expand-contract command. Contains the proposed
1334
1378
  phased migration group with SQL for each phase.
1335
- required: [summary, riskLevel, findings, phases]
1336
- properties:
1337
- summary:
1338
- type: string
1339
- description: Overview of the proposed decomposition.
1340
- riskLevel:
1341
- type: string
1342
- enum: [low, medium, high, critical]
1343
- description: Risk level of the original unsafe DDL.
1344
- findings:
1345
- type: array
1346
- items:
1347
- $ref: '#/components/schemas/AgentFinding'
1348
- description: Issues found in the original migration.
1349
- phases:
1350
- type: array
1351
- items:
1352
- type: object
1353
- required: [name, sql, description]
1354
- properties:
1355
- name:
1356
- type: string
1357
- enum: [expand, backfill, switch, contract]
1358
- sql:
1359
- type: string
1360
- description: SQL content for this phase.
1361
- description:
1362
- type: string
1363
- description: Human-readable description of what this phase does.
1364
- deploymentGate:
1365
- type: string
1366
- description: Gate condition to verify before proceeding to next phase.
1367
- description: Ordered list of migration phases.
1368
- recommendedActions:
1369
- type: array
1370
- items:
1371
- $ref: '#/components/schemas/AgentRecommendedAction'
1372
- metadata:
1373
- type: object
1379
+ allOf:
1380
+ - $ref: 'components.yaml#/schemas/agent-audit-result'
1381
+ - type: object
1382
+ required: [phases]
1374
1383
  properties:
1375
- tool:
1376
- type: string
1377
- command:
1378
- type: string
1379
- version:
1380
- type: string
1381
- generatedAt:
1382
- type: string
1383
- adapter:
1384
+ summary:
1384
1385
  type: string
1385
- model:
1386
+ description: Overview of the proposed decomposition.
1387
+ riskLevel:
1386
1388
  type: string
1389
+ enum: [low, medium, high, critical]
1390
+ description: Risk level of the original unsafe DDL.
1391
+ findings:
1392
+ type: array
1393
+ items:
1394
+ $ref: '#/components/schemas/AgentFinding'
1395
+ description: Issues found in the original migration.
1396
+ phases:
1397
+ type: array
1398
+ items:
1399
+ type: object
1400
+ required: [name, sql, description]
1401
+ properties:
1402
+ name:
1403
+ type: string
1404
+ enum: [expand, backfill, switch, contract]
1405
+ sql:
1406
+ type: string
1407
+ description: SQL content for this phase.
1408
+ description:
1409
+ type: string
1410
+ description: Human-readable description of what this phase does.
1411
+ deploymentGate:
1412
+ type: string
1413
+ description: Gate condition to verify before proceeding to next phase.
1414
+ description: Ordered list of migration phases.
1387
1415
 
1388
1416
  ExplainResult:
1389
1417
  type: object
1390
1418
  description: >-
1391
1419
  Result from explain command. Contains a human-readable explanation
1392
1420
  of another command's output, suitable for PR comments or release decisions.
1393
- required: [summary, riskLevel, explanation]
1394
- properties:
1395
- summary:
1396
- type: string
1397
- description: One-line summary for quick scanning.
1398
- riskLevel:
1399
- type: string
1400
- enum: [low, medium, high, critical]
1401
- description: Assessed urgency of the underlying issue.
1402
- explanation:
1403
- type: string
1404
- description: >-
1405
- Multi-paragraph human-readable explanation in Markdown format.
1406
- Written for non-DBA audiences.
1407
- findings:
1408
- type: array
1409
- items:
1410
- $ref: '#/components/schemas/AgentFinding'
1411
- description: Key points extracted from the command output.
1412
- recommendedActions:
1413
- type: array
1414
- items:
1415
- $ref: '#/components/schemas/AgentRecommendedAction'
1416
- description: Concrete next steps for the reader.
1417
- sourceCommand:
1418
- type: string
1419
- description: The command that produced the input (e.g. "migraguard lint").
1420
- metadata:
1421
- type: object
1421
+ allOf:
1422
+ - $ref: 'components.yaml#/schemas/agent-audit-result'
1423
+ - type: object
1424
+ required: [explanation]
1422
1425
  properties:
1423
- tool:
1424
- type: string
1425
- command:
1426
- type: string
1427
- version:
1426
+ summary:
1428
1427
  type: string
1429
- generatedAt:
1428
+ description: One-line summary for quick scanning.
1429
+ riskLevel:
1430
1430
  type: string
1431
- adapter:
1431
+ enum: [low, medium, high, critical]
1432
+ description: Assessed urgency of the underlying issue.
1433
+ explanation:
1432
1434
  type: string
1433
- model:
1435
+ description: >-
1436
+ Multi-paragraph human-readable explanation in Markdown format.
1437
+ Written for non-DBA audiences.
1438
+ findings:
1439
+ type: array
1440
+ items:
1441
+ $ref: '#/components/schemas/AgentFinding'
1442
+ description: Key points extracted from the command output.
1443
+ recommendedActions:
1444
+ type: array
1445
+ items:
1446
+ $ref: '#/components/schemas/AgentRecommendedAction'
1447
+ description: Concrete next steps for the reader.
1448
+ sourceCommand:
1434
1449
  type: string
1450
+ description: The command that produced the input (e.g. "migraguard lint").