Supabase | The Open Source Firebase Alternative

AI-assisted Migration Pre-Flight Check: catch data-loss and lock risk before db push

CLI

Database

Dashboard

TL;DR

Add an AI-assisted "pre-flight check" that runs before supabase db push (CLI) or "Apply migration" (dashboard). It reads the pending migration, analyzes it against a ruleset plus AI review, and surfaces data-loss risks, lock-duration risks, and structural red flags before they hit production — not after.

The scenario we keep hitting

-- a migration like this lands on a 50M-row table:
ALTER TABLE orders ALTER COLUMN status SET NOT NULL;
ALTER TABLE orders ADD COLUMN region text DEFAULT 'us-east' NOT NULL;
DROP COLUMN legacy_code;

In production this is three separate foot-guns:

SET NOT NULL on a non-empty column does a full table scan under AccessExclusiveLock — every row must be validated, and every other query on orders blocks during it.
Adding NOT NULL + DEFAULT on a large table rewrites the whole table in Postgres < 11, and on modern versions still takes an exclusive lock.
DROP COLUMN legacy_code is destructive and irreversible once replication completes — no confirmation, no dry-run.

The CLI and dashboard currently accept all of this without warning. supabase db push just applies it. Splinter catches runtime problems after deploy; there's nothing that catches deploy-time risk.

What I'm proposing

A pre-flight check that runs automatically in three places:

CLI: supabase db push runs the check first, shows findings, and requires --force (or an interactive y/N) to apply anything flagged High.
Dashboard: When a user clicks "Apply migration" (or accepts a pg-delta diff), findings render inline in the confirm sheet with severity icons.
CI (optional): supabase db push --check-only exits non-zero on High findings, drop into any GitHub Actions workflow.

What the check flags

Rule-based (fast, local, no LLM call):

Severity	Pattern	Rule
High	`DROP TABLE` / `DROP COLUMN` without `IF EXISTS`-guarded rename-first pattern	data loss, irreversible
High	`ALTER TABLE ... ALTER COLUMN ... SET NOT NULL` on a table with rows	full-table scan under AccessExclusiveLock
High	`ALTER TABLE ... ADD COLUMN ... NOT NULL` without default on a non-empty table	fails at apply time
High	`TRUNCATE` in a migration	data loss
Medium	`ALTER TABLE ... ALTER COLUMN TYPE` requiring rewrite (e.g. `text` → )

Rule-based findings show row-count estimates from pg_class.reltuples so the user sees "SET NOT NULL on a 50M-row table" rather than an abstract warning.

AI-assisted (one LLM call, only on request or when rules miss intent):

"This migration renames users.email to email_address and then drops email — any code still referencing users.email will break. Grep of your project found 14 references." (Uses AI Assistant + repo context already available in Studio.)
"This migration adds a unique index on (email) but existing rows have 3 duplicates — CREATE UNIQUE INDEX will fail." (Quick pre-check query.)
"Consider splitting: the batch ALTER TABLE here holds an exclusive lock for an estimated 4-7 minutes based on row count. A non-blocking sequence would be: add column nullable → backfill in batches → add NOT NULL."

Why Supabase specifically

This feature cannot exist as a third-party tool — it needs things only Supabase has:

Row-count estimates — requires DB connection; third-party linters can't.
AI Assistant integration — already exists and understands Postgres + Supabase idioms.
Splinter ruleset — the performance/security rules are already written and maintained; this proposal reuses them at migration time (shift-left) instead of only post-deploy.
pg-delta integration — a pre-flight check is the natural next step after declarative schema: generate the diff, analyze it, then apply.
Branching — the check can optionally run the migration against a preview branch to get actual lock-wait telemetry before prod.

Phased proposal

Phase 1 (MVP, ships in days not weeks):

CLI flag: supabase db push --dry-run that prints findings, doesn't apply
Rule-based checks only (no LLM call required)
Reuses Splinter rule engine; 6-8 migration-time rules
Dashboard: inline findings in the "Apply migration" confirm sheet

Phase 2:

AI-assisted findings via existing AI Assistant endpoint
Row-count estimates from pg_class.reltuples
CI mode: --check-only exits non-zero

Phase 3:

Optional dry-run against preview branch for lock-wait telemetry
"Suggested safer rewrite" — AI produces a non-blocking migration alternative
Configurable severity gates per project

Alternatives considered

Stay with advisors-only: Current Splinter advisors run after migrations apply. Too late to prevent data loss.
Third-party tool (squawk, etc.): Users can adopt squawk today, but it can't see row counts or Supabase conventions, and it's not in the default workflow.
supabase db lint: Already exists in intent (#29341 Splinter in CLI). This proposal is an applied-at-migration-time variant focused on destructive/blocking operations, complementary to advisory linting.

Out of scope for this proposal

Rollback ("down") migrations — already tracked separately (#168 votes)
Generic schema drift detection — covered by pg-delta

Feedback wanted

Is the severity taxonomy right for your workflows?
Should Phase 1 block db push on High findings by default, or warn-only?
Any specific destructive patterns you've been bitten by that should be added to the Phase 1 ruleset?

How to help

Abhijeet Rane proposes an AI-assisted pre-flight check for Supabase migrations to identify data-loss and lock risks before applying changes. The feature would analyze pending migrations against a ruleset and AI review, highlighting potential issues. Biswajeet Arukha supports the idea and suggests an architectural framework for implementation, emphasizing the importance of proactive prevention for large production tables.

Help on GitHub

Replies (1)

Proposal: Architecture for AI-Assisted "Zero-Downtime" Migration Guardrails Implementing a "Pre-flight check" is critical for Supabase, especially as projects scale to large production tables where a single ALTER TABLE can lock out the entire application.

Here is a proposed architectural framework for how this engine should work:

The "DDL Footgun" Detection Engine The core of the pre-flight check should focus on Postgres Lock Hierarchy. The engine must flag any operation that requests an ACCESS EXCLUSIVE lock on a table exceeding a certain size/row count.

Mandatory Concurrent Checks: Flag any CREATE INDEX that lacks the CONCURRENTLY keyword. Phased Constraint Validation: Flag ADD CONSTRAINT (Foreign Keys/Check) that aren't marked NOT VALID. The engine should suggest a two-step migration: ADD CONSTRAINT ... NOT VALID (Fast lock) VALIDATE CONSTRAINT (Scan without blocking writes) 2. Automated "Safety Wrappers" The AI assistant shouldn't just "detect"; it should "remediate" by injecting safety headers into the migration files. Every migration analyzed by the pre-flight check should be suggested to include:

sql -- AI Suggested Safety Header SET statement_timeout = '30s'; SET lock_timeout = '5s'; -- Prevents the migration from queuing and blocking the app 3. LLM "Semantic Linting" Strategy Traditional linters (like Squawk) are great for syntax, but an AI-assisted check can understand intent.

The AI Agent should be prompted with a "Danger Checklist":

"Is this migration rewriting a 10M+ row table?" "Is there a default value being added to an existing column that triggers a full table rewrite in this PG version?" "Are we dropping a column that is still being referenced in the edge function code?" (Requires cross-repo analysis). 4. CLI Integration (supabase migration check) The workflow should be baked into the CLI. Before a supabase db push, the user runs a check:

bash supabase migration check --ai --target production The output would provide a Risk Score (1-10) and a Lock Analysis Table, showing exactly which tables will be locked and for how long based on metadata statistics from the production branch.

Proposed "Checklist" for the MVP Index Audit: Detect non-concurrent index creation. Type Mutation Audit: Flag column type changes that require table rewrites (e.g., varchar to int). Nullability Audit: Flag adding NOT NULL to columns with existing data without a default value. Lock Duration Estimation: Use pg_stat_user_tables to estimate rewrite time. 🏁 Why this approach works: By combining Static SQL Analysis with LLM-based context, Supabase can move from "Reactive" fixing to "Proactive" prevention. POC: Simple Migration Linter (Python) Here is a snippet of how the logic could be implemented to detect "Locking Footguns" before they hit production:

python import re def pre_flight_migration_check(sql_content): issues = []

# Check for non-concurrent index creation
if re.search(r"CREATE INDEX", sql_content, re.I) and not re.search(r"CONCURRENTLY", sql_content, re.I):
    issues.append({
        "risk": "CRITICAL",
        "msg": "Found 'CREATE INDEX' without 'CONCURRENTLY'. This will lock the table for writes.",
        "fix": "Use 'CREATE INDEX CONCURRENTLY' instead."
    })
# Check for Access Exclusive lock triggers
exclusive_triggers = ["ALTER TABLE", "DROP TABLE", "TRUNCATE"]
for trigger in exclusive_triggers:
    if re.search(rf"{trigger}", sql_content, re.I):
        issues.append({
            "risk": "HIGH",
            "msg": f"Detected {trigger} which requires an Access Exclusive lock.",
            "fix": "Ensure 'lock_timeout' is set before running this migration."
        })
        
return issues

Example Usage

migration_sql = "CREATE INDEX idx_user_email ON users(email);" report = pre_flight_migration_check(migration_sql) print(report)

Biswajeet Arukha·4/24/2026, 11:43:59 AM

uuid