prisma-guard-lite 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Cullen Meyers
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,217 @@
+# Prisma Guard Lite
+
+Prisma Guard Lite is a pre-deploy migration risk checker for Prisma projects.
+
+It scans Prisma migration SQL for destructive and deployment-sensitive
+operations, then produces clear terminal, Markdown, or JSON results for local
+review and CI.
+
+## Why this exists
+
+Prisma migrations can contain operations that deserve deliberate review before
+deployment: dropped columns, dropped tables, unbounded deletes, truncation, and
+column type conversions. These statements can be easy to miss inside generated
+SQL.
+
+Prisma Guard Lite makes those risks visible without connecting to your database.
+It works locally, has no runtime dependencies, and can focus on migrations
+introduced by a pull request or deployment.
+
+## Quick start
+
+Requires Node.js 18 or newer.
+
+Scan the latest migration:
+
+```bash
+npx prisma-guard-lite --latest
+```
+
+Scan migrations changed since the main branch:
+
+```bash
+npx prisma-guard-lite --since main
+```
+
+Check staged migrations and fail when a high-severity risk is found:
+
+```bash
+npx prisma-guard-lite --staged --fail-on high
+```
+
+Pass a project directory to scan somewhere other than the current directory:
+
+```bash
+npx prisma-guard-lite /path/to/project --latest
+```
+
+Unless `--no-write` is provided, the command writes
+`prisma-guard-report.md` in the scanned project root.
+
+## What it checks
+
+High severity:
+
+- `DROP TABLE`
+- `DROP COLUMN`
+- `TRUNCATE`
+- `DELETE FROM` without a `WHERE` clause
+- risky `ALTER TABLE ... ALTER COLUMN ... TYPE` operations
+
+Medium severity:
+
+- `CREATE EXTENSION`
+- `DROP EXTENSION`
+- Prisma `Unsupported(...)`
+- Prisma `dbgenerated(...)`
+- soft deletion combined with `@unique`
+- tenant-like fields without a matching `@@index`
+
+Noisy best-practice checks are disabled by default. `--include-low` enables
+checks for missing timestamp fields and simple tenant-ownership heuristics.
+
+## Scan modes
+
+Only one scan mode may be used at a time.
+
+| Command | Migration files scanned |
+| --- | --- |
+| `npx prisma-guard-lite` | All migrations, labeled as a history scan |
+| `npx prisma-guard-lite --latest` | The newest migration folder |
+| `npx prisma-guard-lite --since main` | Migration files changed since the provided Git ref |
+| `npx prisma-guard-lite --staged` | Staged migration files |
+| `npx prisma-guard-lite --changed` | Changed and untracked migration files |
+
+Git-aware modes require a Git worktree.
+
+## Options
+
+| Flag | Behavior |
+| --- | --- |
+| `--json` | Print structured JSON |
+| `--include-low` | Include noisy low-severity best-practice checks |
+| `--no-write` | Do not write `prisma-guard-report.md` |
+| `--fail-on high` | Exit with code 1 when high findings exist |
+| `--fail-on medium` | Exit with code 1 when high or medium findings exist |
+
+## Example output
+
+```text
+Prisma Guard Lite
+
+Scan mode: latest migration
+Files scanned: 1 migration file
+Summary: 5 high, 6 medium, 0 low
+
+HIGH (5)
+  1. Migration changes a column type
+     prisma/migrations/20260101000000_init/migration.sql:3
+     Changing a column type can rewrite or lock a table and may fail when existing values cannot be converted.
+     Suggested fix: Test the conversion on production-like data and consider a staged add, backfill, and swap migration.
+```
+
+See the complete [high-risk report](examples/reports/example-high-risk-report.md)
+and [clean report](examples/reports/example-clean-report.md).
+
+## JSON output
+
+```bash
+npx prisma-guard-lite --latest --json --no-write
+```
+
+```json
+{
+  "scanMode": "latest migration",
+  "filesScanned": 1,
+  "summary": {
+    "high": 1,
+    "medium": 0,
+    "low": 0
+  },
+  "findings": [
+    {
+      "severity": "high",
+      "file": "prisma/migrations/20260623090000_remove_legacy/migration.sql",
+      "line": 4,
+      "title": "Migration drops a column",
+      "explanation": "Dropping a column permanently removes its stored data and may break older application versions.",
+      "suggestedFix": "Stop reading and writing the column first, deploy that change, then remove the column in a later migration."
+    }
+  ]
+}
+```
+
+## GitHub Actions
+
+This workflow checks migration files changed since `origin/main` and fails the
+job when a high-severity finding exists:
+
+```yaml
+name: Prisma migration guard
+
+on:
+  pull_request:
+
+jobs:
+  prisma-guard:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: npm
+      - run: npm install
+      - run: npx prisma-guard-lite --since origin/main --fail-on high
+```
+
+A copy-ready version is available at
+[examples/github-action.yml](examples/github-action.yml).
+
+## Local development
+
+```bash
+npm install
+npm run build
+node dist/index.js example --latest
+```
+
+During development:
+
+```bash
+npm run dev -- example --latest
+```
+
+## Local verification
+
+Run the release checks:
+
+```bash
+npm run build
+node dist/index.js example --latest
+node dist/index.js example --json
+node dist/index.js example --latest --fail-on high
+```
+
+Expected results for the included example:
+
+- the build exits `0`
+- `--latest` exits `0` and reports 5 high, 6 medium, and 0 low findings
+- `--json` exits `0` and returns `scanMode`, `filesScanned`, `summary`, and
+  `findings`
+- `--latest --fail-on high` prints the report and exits `1`
+
+## Validation
+
+The rules were tested against seven public Prisma projects containing 145
+migrations. The validation led to focused Git-based scan modes and disabling
+noisy schema conventions by default. See [VALIDATION.md](VALIDATION.md).
+
+## Disclaimer
+
+This is a heuristic scanner. It does not guarantee database safety.
+
+Always review migrations, test against production-like data, maintain backups,
+and prepare a rollback or recovery plan before deployment.

package/VALIDATION.md

@@ -0,0 +1,53 @@
+# Validation
+
+Prisma Guard Lite was tested against seven public Prisma projects containing
+145 committed migration files.
+
+## What the first validation found
+
+The original scanner reviewed every migration in repository history. It found
+real destructive operations, but the whole-history approach produced too much
+noise for pull-request and deployment review. Old, already-applied migrations
+appeared beside newly introduced changes and could dominate the report.
+
+## What changed in v2
+
+The checker now supports focused migration scopes:
+
+- `--latest` for the newest migration
+- `--since <git-ref>` for branch and pull-request review
+- `--staged` for pre-commit review
+- `--changed` for local working-tree review
+
+The default remains a clearly labeled history scan for broad audits.
+
+## Most valuable findings
+
+The rules that produced the clearest deployment signals were:
+
+- `DROP COLUMN`
+- `DROP TABLE`
+- `TRUNCATE`
+- `DELETE FROM` without `WHERE`
+- risky `ALTER COLUMN TYPE` operations
+
+The type-change matcher was also tightened after validation exposed false
+positives involving a column literally named `type`.
+
+## Noise reduction
+
+The following best-practice checks are disabled by default:
+
+- missing `createdAt`
+- missing `updatedAt`
+- missing `deletedAt`
+- tenant ownership guessed from model names
+
+They remain available through `--include-low`, but do not dilute the default
+pre-deploy risk report.
+
+## Current verdict
+
+The useful core is a focused Prisma migration risk checker, not a general schema
+style linter. Public validation should now concentrate on whether findings from
+`--since`, `--staged`, and `--changed` are actionable in real pull requests.

package/dist/index.js

@@ -0,0 +1,120 @@
+#!/usr/bin/env node
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const node_fs_1 = require("node:fs");
+const node_path_1 = __importDefault(require("node:path"));
+const report_js_1 = require("./report.js");
+const scanner_js_1 = require("./scanner.js");
+function parseArgs(args) {
+    let projectPath;
+    let json = false;
+    let mode = "history";
+    let sinceRef;
+    let includeLow = false;
+    let writeReport = true;
+    let failOn;
+    let selectedMode;
+    const selectMode = (nextMode, flag) => {
+        if (selectedMode) {
+            throw new Error(`${flag} cannot be combined with ${selectedMode}.`);
+        }
+        mode = nextMode;
+        selectedMode = flag;
+    };
+    for (let index = 0; index < args.length; index += 1) {
+        const arg = args[index];
+        if (arg === "--json") {
+            json = true;
+        }
+        else if (arg === "--latest") {
+            selectMode("latest", arg);
+        }
+        else if (arg === "--staged") {
+            selectMode("staged", arg);
+        }
+        else if (arg === "--changed") {
+            selectMode("changed", arg);
+        }
+        else if (arg === "--since") {
+            selectMode("since", arg);
+            sinceRef = args[index + 1];
+            if (!sinceRef || sinceRef.startsWith("-")) {
+                throw new Error("--since requires a Git ref.");
+            }
+            index += 1;
+        }
+        else if (arg === "--include-low") {
+            includeLow = true;
+        }
+        else if (arg === "--no-write") {
+            writeReport = false;
+        }
+        else if (arg === "--fail-on") {
+            const threshold = args[index + 1];
+            if (threshold !== "high" && threshold !== "medium") {
+                throw new Error("--fail-on must be either high or medium.");
+            }
+            failOn = threshold;
+            index += 1;
+        }
+        else if (arg.startsWith("-")) {
+            throw new Error(`Unknown option: ${arg}`);
+        }
+        else if (projectPath) {
+            throw new Error("Only one project path may be provided.");
+        }
+        else {
+            projectPath = arg;
+        }
+    }
+    return {
+        projectRoot: node_path_1.default.resolve(projectPath ?? process.cwd()),
+        json,
+        mode,
+        sinceRef,
+        includeLow,
+        writeReport,
+        failOn,
+    };
+}
+async function main() {
+    const options = parseArgs(process.argv.slice(2));
+    const stat = await node_fs_1.promises.stat(options.projectRoot).catch(() => null);
+    if (!stat?.isDirectory()) {
+        throw new Error(`Project directory not found: ${options.projectRoot}`);
+    }
+    const result = await (0, scanner_js_1.scanProject)(options.projectRoot, {
+        mode: options.mode,
+        sinceRef: options.sinceRef,
+        includeLow: options.includeLow,
+    });
+    const reportPath = node_path_1.default.join(options.projectRoot, "prisma-guard-report.md");
+    if (options.writeReport) {
+        await node_fs_1.promises.writeFile(reportPath, (0, report_js_1.formatMarkdownReport)(result), "utf8");
+    }
+    if (options.json) {
+        process.stdout.write(`${JSON.stringify(result, null, 2)}\n`);
+    }
+    else {
+        const reportStatus = options.writeReport
+            ? `Markdown report: ${reportPath}`
+            : "Markdown report: not written (--no-write)";
+        process.stdout.write(`${(0, report_js_1.formatTerminalReport)(result)}\n\n${reportStatus}\n`);
+    }
+    const shouldFail = options.failOn === "high"
+        ? result.summary.high > 0
+        : options.failOn === "medium"
+            ? result.summary.high > 0 || result.summary.medium > 0
+            : false;
+    if (shouldFail) {
+        process.exitCode = 1;
+    }
+}
+main().catch((error) => {
+    const message = error instanceof Error ? error.message : String(error);
+    process.stderr.write(`prisma-guard-lite: ${message}\n`);
+    process.exitCode = 1;
+});

package/dist/report.js

@@ -0,0 +1,65 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.formatTerminalReport = formatTerminalReport;
+exports.formatMarkdownReport = formatMarkdownReport;
+const severityLabels = {
+    high: "HIGH",
+    medium: "MEDIUM",
+    low: "LOW",
+};
+const severities = ["high", "medium", "low"];
+function location(finding) {
+    return finding.line === null
+        ? finding.file
+        : `${finding.file}:${finding.line}`;
+}
+function formatTerminalReport(result) {
+    const lines = [
+        "Prisma Guard Lite",
+        "",
+        `Scan mode: ${result.scanMode}`,
+        `Files scanned: ${result.filesScanned} migration ${result.filesScanned === 1 ? "file" : "files"}`,
+        `Summary: ${result.summary.high} high, ${result.summary.medium} medium, ${result.summary.low} low`,
+    ];
+    for (const severity of severities) {
+        const findings = result.findings.filter((finding) => finding.severity === severity);
+        lines.push("", `${severityLabels[severity]} (${findings.length})`);
+        if (findings.length === 0) {
+            lines.push("  No findings.");
+            continue;
+        }
+        findings.forEach((finding, index) => {
+            lines.push(`  ${index + 1}. ${finding.title}`, `     ${location(finding)}`, `     ${finding.explanation}`, `     Suggested fix: ${finding.suggestedFix}`);
+        });
+    }
+    return lines.join("\n");
+}
+function formatMarkdownReport(result) {
+    const lines = [
+        "# Prisma Guard Lite Report",
+        "",
+        "## Summary",
+        "",
+        `- **Scan mode:** ${result.scanMode}`,
+        `- **Files scanned:** ${result.filesScanned} migration ${result.filesScanned === 1 ? "file" : "files"}`,
+        "",
+        "| Severity | Count |",
+        "| --- | ---: |",
+        `| High | ${result.summary.high} |`,
+        `| Medium | ${result.summary.medium} |`,
+        `| Low | ${result.summary.low} |`,
+    ];
+    for (const severity of severities) {
+        const findings = result.findings.filter((finding) => finding.severity === severity);
+        lines.push("", `## ${severityLabels[severity]} Findings`, "");
+        if (findings.length === 0) {
+            lines.push("No findings.");
+            continue;
+        }
+        findings.forEach((finding, index) => {
+            lines.push(`### ${index + 1}. ${finding.title}`, "", `- **Severity:** ${severityLabels[finding.severity]}`, `- **File:** \`${finding.file}\``, `- **Line:** ${finding.line ?? "Not available"}`, `- **Explanation:** ${finding.explanation}`, `- **Suggested fix:** ${finding.suggestedFix}`, "");
+        });
+    }
+    lines.push("## Suggested Next Steps", "", "1. Review all high-severity findings before deployment.", "2. Test risky migrations against a recent production-like backup.", "3. Confirm backups and rollback procedures are ready.", "4. Review medium- and low-severity findings for relevance to your application.", "", "> Prisma Guard Lite is a heuristic pre-deploy scanner, not a guarantee of database safety.", "");
+    return lines.join("\n");
+}

package/dist/scanner.js

@@ -0,0 +1,199 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.scanProject = scanProject;
+const node_fs_1 = require("node:fs");
+const node_path_1 = __importDefault(require("node:path"));
+const node_util_1 = require("node:util");
+const node_child_process_1 = require("node:child_process");
+const schemaParser_js_1 = require("./schemaParser.js");
+const sqlChecks_js_1 = require("./sqlChecks.js");
+const execFileAsync = (0, node_util_1.promisify)(node_child_process_1.execFile);
+const severityOrder = {
+    high: 0,
+    medium: 1,
+    low: 2,
+};
+async function findMigrationFiles(directory) {
+    try {
+        const entries = await node_fs_1.promises.readdir(directory, { withFileTypes: true });
+        const files = await Promise.all(entries.map(async (entry) => {
+            const fullPath = node_path_1.default.join(directory, entry.name);
+            if (entry.isDirectory()) {
+                return findMigrationFiles(fullPath);
+            }
+            return entry.isFile() && entry.name === "migration.sql"
+                ? [fullPath]
+                : [];
+        }));
+        return files.flat();
+    }
+    catch (error) {
+        if (error.code === "ENOENT") {
+            return [];
+        }
+        throw error;
+    }
+}
+async function findLatestMigrationFile(directory) {
+    try {
+        const entries = await node_fs_1.promises.readdir(directory, { withFileTypes: true });
+        const folders = entries
+            .filter((entry) => entry.isDirectory())
+            .map((entry) => entry.name)
+            .sort()
+            .reverse();
+        for (const folder of folders) {
+            const migrationPath = node_path_1.default.join(directory, folder, "migration.sql");
+            const stat = await node_fs_1.promises.stat(migrationPath).catch(() => null);
+            if (stat?.isFile()) {
+                return [migrationPath];
+            }
+        }
+        return [];
+    }
+    catch (error) {
+        if (error.code === "ENOENT") {
+            return [];
+        }
+        throw error;
+    }
+}
+function relativeFile(root, filePath) {
+    return node_path_1.default.relative(root, filePath).split(node_path_1.default.sep).join("/");
+}
+async function gitLines(projectRoot, args) {
+    try {
+        const { stdout } = await execFileAsync("git", ["-C", projectRoot, ...args], {
+            encoding: "utf8",
+        });
+        return stdout
+            .split(/\r?\n/)
+            .map((line) => line.trim())
+            .filter(Boolean);
+    }
+    catch (error) {
+        const stderr = error.stderr?.trim();
+        throw new Error(stderr || "This scan mode requires a Git worktree.");
+    }
+}
+async function existingMigrationPaths(projectRoot, relativePaths) {
+    const uniquePaths = [...new Set(relativePaths)];
+    const results = await Promise.all(uniquePaths.map(async (relativePath) => {
+        const normalized = relativePath.split(node_path_1.default.sep).join("/");
+        if (!/^prisma\/migrations\/.+\/migration\.sql$/.test(normalized)) {
+            return null;
+        }
+        const fullPath = node_path_1.default.join(projectRoot, relativePath);
+        const stat = await node_fs_1.promises.stat(fullPath).catch(() => null);
+        return stat?.isFile() ? fullPath : null;
+    }));
+    return results.filter((filePath) => filePath !== null).sort();
+}
+async function selectMigrationFiles(projectRoot, options) {
+    const migrationRoot = node_path_1.default.join(projectRoot, "prisma", "migrations");
+    if (options.mode === "history") {
+        return (await findMigrationFiles(migrationRoot)).sort();
+    }
+    if (options.mode === "latest") {
+        return findLatestMigrationFile(migrationRoot);
+    }
+    const pathspec = "prisma/migrations/**/migration.sql";
+    if (options.mode === "since") {
+        if (!options.sinceRef) {
+            throw new Error("--since requires a Git ref.");
+        }
+        const files = await gitLines(projectRoot, [
+            "diff",
+            "--relative",
+            "--name-only",
+            "--diff-filter=ACMR",
+            options.sinceRef,
+            "--",
+            pathspec,
+        ]);
+        return existingMigrationPaths(projectRoot, files);
+    }
+    if (options.mode === "staged") {
+        const files = await gitLines(projectRoot, [
+            "diff",
+            "--relative",
+            "--cached",
+            "--name-only",
+            "--diff-filter=ACMR",
+            "--",
+            pathspec,
+        ]);
+        return existingMigrationPaths(projectRoot, files);
+    }
+    const tracked = await gitLines(projectRoot, [
+        "diff",
+        "--relative",
+        "--name-only",
+        "--diff-filter=ACMR",
+        "HEAD",
+        "--",
+        pathspec,
+    ]);
+    const untracked = await gitLines(projectRoot, [
+        "ls-files",
+        "--others",
+        "--exclude-standard",
+        "--",
+        pathspec,
+    ]);
+    return existingMigrationPaths(projectRoot, [...tracked, ...untracked]);
+}
+function scanModeLabel(options) {
+    switch (options.mode) {
+        case "latest":
+            return "latest migration";
+        case "since":
+            return `migrations changed since ${options.sinceRef}`;
+        case "staged":
+            return "staged migrations";
+        case "changed":
+            return "changed migrations";
+        default:
+            return "history scan";
+    }
+}
+async function scanProject(projectRoot, options) {
+    const findings = [];
+    const schemaPath = node_path_1.default.join(projectRoot, "prisma", "schema.prisma");
+    try {
+        const schema = await node_fs_1.promises.readFile(schemaPath, "utf8");
+        findings.push(...(0, schemaParser_js_1.checkSchema)(schema, relativeFile(projectRoot, schemaPath), options.includeLow));
+    }
+    catch (error) {
+        if (error.code !== "ENOENT") {
+            throw error;
+        }
+    }
+    const migrationFiles = await selectMigrationFiles(projectRoot, options);
+    for (const migrationPath of migrationFiles) {
+        const sql = await node_fs_1.promises.readFile(migrationPath, "utf8");
+        findings.push(...(0, sqlChecks_js_1.checkSql)(sql, relativeFile(projectRoot, migrationPath)));
+    }
+    findings.sort((a, b) => {
+        return (severityOrder[a.severity] - severityOrder[b.severity] ||
+            a.file.localeCompare(b.file) ||
+            (a.line ?? Number.MAX_SAFE_INTEGER) - (b.line ?? Number.MAX_SAFE_INTEGER));
+    });
+    const summary = {
+        high: 0,
+        medium: 0,
+        low: 0,
+    };
+    for (const finding of findings) {
+        summary[finding.severity] += 1;
+    }
+    return {
+        scanMode: scanModeLabel(options),
+        filesScanned: migrationFiles.length,
+        summary,
+        findings,
+    };
+}

package/dist/schemaParser.js

@@ -0,0 +1,163 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkSchema = checkSchema;
+const tenantFields = [
+    "tenantId",
+    "orgId",
+    "organizationId",
+    "workspaceId",
+    "teamId",
+];
+const tenantOwnedModelNames = new Set([
+    "project",
+    "task",
+    "customer",
+    "invoice",
+    "order",
+    "subscription",
+    "member",
+    "file",
+    "document",
+    "message",
+    "ticket",
+    "product",
+]);
+function lineNumberAt(text, index) {
+    return text.slice(0, index).split("\n").length;
+}
+function parseModels(schema) {
+    const models = [];
+    const modelPattern = /\bmodel\s+(\w+)\s*\{([\s\S]*?)\}/g;
+    for (const match of schema.matchAll(modelPattern)) {
+        const name = match[1];
+        const body = match[2];
+        const modelStart = match.index ?? 0;
+        const bodyStart = modelStart + match[0].indexOf(body);
+        const fields = [];
+        const indexes = [];
+        body.split("\n").forEach((rawLine, offset) => {
+            const source = rawLine.trim();
+            const line = lineNumberAt(schema, bodyStart) + offset;
+            if (!source || source.startsWith("//")) {
+                return;
+            }
+            if (source.startsWith("@@index")) {
+                indexes.push(source);
+                return;
+            }
+            if (source.startsWith("@@") || source.startsWith("///")) {
+                return;
+            }
+            const fieldMatch = source.match(/^(\w+)\s+\S+/);
+            if (fieldMatch) {
+                fields.push({ name: fieldMatch[1], line, source });
+            }
+        });
+        models.push({
+            name,
+            line: lineNumberAt(schema, modelStart),
+            fields,
+            indexes,
+        });
+    }
+    return models;
+}
+function findSchemaPattern(schema, file, pattern, title, explanation, suggestedFix) {
+    const findings = [];
+    for (const match of schema.matchAll(pattern)) {
+        findings.push({
+            severity: "medium",
+            file,
+            line: lineNumberAt(schema, match.index ?? 0),
+            title,
+            explanation,
+            suggestedFix,
+        });
+    }
+    return findings;
+}
+function checkSchema(schema, file, includeLow) {
+    const findings = [
+        ...findSchemaPattern(schema, file, /\bUnsupported\s*\(/g, "Schema uses Unsupported(...)", "Unsupported field types are not fully represented by Prisma Client and may need manual handling.", "Confirm the field is intentional and document how application code and migrations handle it."),
+        ...findSchemaPattern(schema, file, /\bdbgenerated\s*\(/g, "Schema uses dbgenerated(...)", "Database-generated defaults can behave differently across providers and may hide database-specific behavior.", "Verify the expression in every target database and cover it with migration and application tests."),
+    ];
+    for (const model of parseModels(schema)) {
+        const fieldNames = new Set(model.fields.map((field) => field.name));
+        const deletedAt = model.fields.find((field) => field.name === "deletedAt");
+        const uniqueFields = model.fields.filter((field) => /(?:^|\s)@unique(?:\s|$|\()/i.test(field.source));
+        if (deletedAt && uniqueFields.length > 0) {
+            findings.push({
+                severity: "medium",
+                file,
+                line: uniqueFields[0].line,
+                title: `${model.name} combines soft deletion with unique fields`,
+                explanation: `The model has deletedAt and unique field(s): ${uniqueFields.map((field) => field.name).join(", ")}. Soft-deleted rows can continue to block reuse of those values.`,
+                suggestedFix: "Review whether uniqueness should include deletion state or be enforced with a database-specific partial unique index.",
+            });
+        }
+        for (const tenantField of tenantFields.filter((field) => fieldNames.has(field))) {
+            const indexed = model.indexes.some((index) => {
+                const indexedFields = index.match(/@@index\s*\(\s*\[([^\]]+)\]/)?.[1] ?? "";
+                return indexedFields
+                    .split(",")
+                    .map((field) => field.trim().split(/\s+/)[0])
+                    .includes(tenantField);
+            });
+            if (!indexed) {
+                const field = model.fields.find((candidate) => candidate.name === tenantField);
+                findings.push({
+                    severity: "medium",
+                    file,
+                    line: field?.line ?? model.line,
+                    title: `${model.name}.${tenantField} has no matching index`,
+                    explanation: "Tenant-scoped queries commonly filter by this field and may slow down as the table grows.",
+                    suggestedFix: `Add @@index([${tenantField}]) or a compound index beginning with ${tenantField} that matches common queries.`,
+                });
+            }
+        }
+        if (includeLow && !fieldNames.has("createdAt")) {
+            findings.push({
+                severity: "low",
+                file,
+                line: model.line,
+                title: `${model.name} is missing createdAt`,
+                explanation: "Creation timestamps are useful for auditing, debugging, and ordering records.",
+                suggestedFix: "Consider adding createdAt DateTime @default(now()).",
+            });
+        }
+        if (includeLow && !fieldNames.has("updatedAt")) {
+            findings.push({
+                severity: "low",
+                file,
+                line: model.line,
+                title: `${model.name} is missing updatedAt`,
+                explanation: "Update timestamps are useful for auditing changes and cache synchronization.",
+                suggestedFix: "Consider adding updatedAt DateTime @updatedAt.",
+            });
+        }
+        if (includeLow && !fieldNames.has("deletedAt")) {
+            findings.push({
+                severity: "low",
+                file,
+                line: model.line,
+                title: `${model.name} is missing deletedAt`,
+                explanation: "A soft-delete timestamp can help preserve records that should not be removed immediately.",
+                suggestedFix: "If this model needs soft deletion, consider adding deletedAt DateTime?.",
+            });
+        }
+        const hasTenantField = tenantFields.some((field) => fieldNames.has(field));
+        if (includeLow &&
+            tenantOwnedModelNames.has(model.name.toLowerCase()) &&
+            !hasTenantField) {
+            findings.push({
+                severity: "low",
+                file,
+                line: model.line,
+                title: `${model.name} may be missing tenant ownership`,
+                explanation: "The model name suggests tenant-owned business data, but no common tenant field was found.",
+                suggestedFix: "If this data is tenant-owned, add an appropriate tenant identifier and index it. Otherwise, document that the model is global.",
+            });
+        }
+    }
+    return findings;
+}

package/dist/sqlChecks.js

@@ -0,0 +1,98 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkSql = checkSql;
+const rules = [
+    {
+        severity: "high",
+        pattern: /\bDROP\s+TABLE\b/gi,
+        title: "Migration drops a table",
+        explanation: "Dropping a table permanently removes its data and can break dependent queries.",
+        suggestedFix: "Confirm the table is no longer needed, back up its data, and use a staged removal when possible.",
+    },
+    {
+        severity: "high",
+        pattern: /\bDROP\s+COLUMN\b/gi,
+        title: "Migration drops a column",
+        explanation: "Dropping a column permanently removes its stored data and may break older application versions.",
+        suggestedFix: "Stop reading and writing the column first, deploy that change, then remove the column in a later migration.",
+    },
+    {
+        severity: "high",
+        pattern: /\bTRUNCATE(?:\s+TABLE)?\b/gi,
+        title: "Migration truncates data",
+        explanation: "TRUNCATE removes all rows from a table and is difficult to reverse.",
+        suggestedFix: "Verify that full data deletion is intentional and ensure a tested backup or recovery plan exists.",
+    },
+    {
+        severity: "medium",
+        pattern: /\bCREATE\s+EXTENSION\b/gi,
+        title: "Migration creates a database extension",
+        explanation: "Database extensions may require elevated permissions or may not be available in every environment.",
+        suggestedFix: "Confirm the extension is supported and provisioned in each target database environment.",
+    },
+    {
+        severity: "medium",
+        pattern: /\bDROP\s+EXTENSION\b/gi,
+        title: "Migration drops a database extension",
+        explanation: "Removing an extension can break database objects or application features that depend on it.",
+        suggestedFix: "Identify dependent objects and features before removing the extension.",
+    },
+];
+function lineNumberAt(text, index) {
+    return text.slice(0, index).split("\n").length;
+}
+function findingsForRule(sql, file, rule) {
+    const findings = [];
+    rule.pattern.lastIndex = 0;
+    for (const match of sql.matchAll(rule.pattern)) {
+        findings.push({
+            severity: rule.severity,
+            file,
+            line: lineNumberAt(sql, match.index ?? 0),
+            title: rule.title,
+            explanation: rule.explanation,
+            suggestedFix: rule.suggestedFix,
+        });
+    }
+    return findings;
+}
+function findDeletesWithoutWhere(sql, file) {
+    const findings = [];
+    const statementPattern = /\bDELETE\s+FROM\b[^;]*/gi;
+    for (const match of sql.matchAll(statementPattern)) {
+        const statement = match[0];
+        if (!/\bWHERE\b/i.test(statement)) {
+            findings.push({
+                severity: "high",
+                file,
+                line: lineNumberAt(sql, match.index ?? 0),
+                title: "DELETE FROM has no WHERE clause",
+                explanation: "A DELETE statement without a WHERE clause removes every row from the target table.",
+                suggestedFix: "Add a narrowly scoped WHERE clause, or explicitly verify and document that deleting all rows is intended.",
+            });
+        }
+    }
+    return findings;
+}
+function findColumnTypeChanges(sql, file) {
+    const findings = [];
+    const pattern = /\bALTER\s+TABLE\b[^;]*?\bALTER\s+COLUMN\s+(?:"[^"]+"|`[^`]+`|\[[^\]]+\]|\w+)\s+(?:(?:SET\s+DATA\s+)|(?:SET\s+))?TYPE\b/gi;
+    for (const match of sql.matchAll(pattern)) {
+        findings.push({
+            severity: "high",
+            file,
+            line: lineNumberAt(sql, match.index ?? 0),
+            title: "Migration changes a column type",
+            explanation: "Changing a column type can rewrite or lock a table and may fail when existing values cannot be converted.",
+            suggestedFix: "Test the conversion on production-like data and consider a staged add, backfill, and swap migration.",
+        });
+    }
+    return findings;
+}
+function checkSql(sql, file) {
+    return [
+        ...rules.flatMap((rule) => findingsForRule(sql, file, rule)),
+        ...findColumnTypeChanges(sql, file),
+        ...findDeletesWithoutWhere(sql, file),
+    ];
+}

package/examples/github-action.yml

@@ -0,0 +1,18 @@
+name: Prisma migration guard
+
+on:
+  pull_request:
+
+jobs:
+  prisma-guard:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: npm
+      - run: npm install
+      - run: npx prisma-guard-lite --since origin/main --fail-on high

package/examples/reports/example-clean-report.md

@@ -0,0 +1,32 @@
+# Prisma Guard Lite Report
+
+## Summary
+
+- **Scan mode:** staged migrations
+- **Files scanned:** 1 migration file
+
+| Severity | Count |
+| --- | ---: |
+| High | 0 |
+| Medium | 0 |
+| Low | 0 |
+
+## HIGH Findings
+
+No findings.
+
+## MEDIUM Findings
+
+No findings.
+
+## LOW Findings
+
+No findings.
+
+## Suggested Next Steps
+
+1. Review the migration as part of the normal deployment process.
+2. Test it against production-like data.
+3. Confirm backups and rollback procedures are ready.
+
+> Prisma Guard Lite is a heuristic scanner. It does not guarantee database safety.

package/examples/reports/example-high-risk-report.md

@@ -0,0 +1,52 @@
+# Prisma Guard Lite Report
+
+## Summary
+
+- **Scan mode:** latest migration
+- **Files scanned:** 1 migration file
+
+| Severity | Count |
+| --- | ---: |
+| High | 2 |
+| Medium | 1 |
+| Low | 0 |
+
+## HIGH Findings
+
+### 1. Migration drops a column
+
+- **Severity:** HIGH
+- **File:** `prisma/migrations/20260623090000_remove_legacy/migration.sql`
+- **Line:** 4
+- **Explanation:** Dropping a column permanently removes its stored data and may break older application versions.
+- **Suggested fix:** Stop reading and writing the column first, deploy that change, then remove the column in a later migration.
+
+### 2. DELETE FROM has no WHERE clause
+
+- **Severity:** HIGH
+- **File:** `prisma/migrations/20260623090000_remove_legacy/migration.sql`
+- **Line:** 8
+- **Explanation:** A DELETE statement without a WHERE clause removes every row from the target table.
+- **Suggested fix:** Add a narrowly scoped WHERE clause, or explicitly verify and document that deleting all rows is intended.
+
+## MEDIUM Findings
+
+### 1. Migration creates a database extension
+
+- **Severity:** MEDIUM
+- **File:** `prisma/migrations/20260623090000_remove_legacy/migration.sql`
+- **Line:** 1
+- **Explanation:** Database extensions may require elevated permissions or may not be available in every environment.
+- **Suggested fix:** Confirm the extension is supported and provisioned in each target database environment.
+
+## LOW Findings
+
+No findings.
+
+## Suggested Next Steps
+
+1. Review all high-severity findings before deployment.
+2. Test risky migrations against a recent production-like backup.
+3. Confirm backups and rollback procedures are ready.
+
+> Prisma Guard Lite is a heuristic scanner. It does not guarantee database safety.

package/package.json

@@ -0,0 +1,38 @@
+{
+  "name": "prisma-guard-lite",
+  "version": "0.1.0",
+  "description": "Pre-deploy migration risk checker for Prisma projects",
+  "keywords": [
+    "prisma",
+    "prisma-migrate",
+    "database",
+    "migrations",
+    "migration-checker",
+    "ci",
+    "postgres",
+    "typescript"
+  ],
+  "license": "MIT",
+  "bin": {
+    "prisma-guard-lite": "dist/index.js"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE",
+    "VALIDATION.md",
+    "examples"
+  ],
+  "scripts": {
+    "dev": "tsx src/index.ts",
+    "build": "tsc"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "tsx": "^4.19.0",
+    "typescript": "^5.7.0"
+  },
+  "engines": {
+    "node": ">=18"
+  }
+}