SQL Migration Risk Card

Flag destructive changes and build a rollback-review checklist, all in your browser

Review runs entirely in your browser. The SQL is not uploaded, logged, or stored. This flags statements worth a closer look before a migration merges or deploys; it is a review aid, not a guarantee that an un-flagged statement is safe.

Paste your migration above and select Review migration to see destructive changes, lock risks, and a rollback-review checklist.

About the SQL migration risk card

The SQL migration risk card turns a pasted schema migration into a short list of statements worth a second look before it merges or deploys. It splits the migration into statements and flags the ones that destroy data, hold a lock, rewrite a table, or change a contract the application depends on. For each one it gives a plain-language reason and a rollback-review prompt, so a reviewer can see the risky parts of a migration at a glance instead of reading every line.

Paste your migration, select Review migration, and the tool lists each flagged statement with its number, line, type, a severity, why it was flagged, and a rollback prompt. Severity is a heuristic: High marks likely data loss, Review marks a lock, rewrite, or contract change to plan for, and Low marks an additive change that still needs a rollback path. Everything runs in your browser. The SQL you paste, the table names, and the column names are never uploaded or stored.

How to use

  1. Paste your SQL migration into the input box. A sample migration with a few risky statements is loaded so you can see how it works.
  2. Select Review migration to split the migration into statements and flag the risky ones.
  3. Review the findings table: each flagged statement shows its number, line, type, severity, reason, and a rollback prompt.
  4. Select Download findings CSV to keep a record, or Copy review card to paste a markdown summary into a pull request or runbook.
  5. Work through the rollback prompts before you merge or deploy the migration.

Worked examples

ALTER TABLE orders DROP COLUMN legacy_status flagged High

Dropping a column permanently deletes its data, and re-adding the column later cannot restore the old values, so it is flagged high risk.

ALTER TABLE orders ADD COLUMN total_cents integer NOT NULL flagged Review

A NOT NULL column with no default fails or forces a full rewrite on a non-empty table and breaks inserts from older app versions, so it is flagged for review.

CREATE INDEX idx_orders_customer ON orders (customer_id) flagged Review

Creating an index without CONCURRENTLY locks out writes while it builds, so it is flagged with a prompt to build it concurrently on busy tables.

Frequently asked questions

What does the SQL migration risk card check for?
It splits a pasted migration into statements and flags three kinds of risk: destructive changes that lose data (DROP TABLE, TRUNCATE, DROP COLUMN, and DELETE or UPDATE with no WHERE clause), lock or rewrite changes that can block traffic (adding a NOT NULL column with no default, changing a column type, adding NOT NULL, non-concurrent index builds, and new constraints), and contract changes such as renames that break running app versions. Each flag comes with a reason and a rollback prompt.
How does it decide a statement is high severity versus review?
High severity is reserved for likely irreversible data loss, such as dropping a table or column or running an unfiltered DELETE or UPDATE. Review covers changes that are reversible but need planning, such as a lock during an index build, a table rewrite from a type change, or a rename that needs a coordinated rollout. Low covers additive changes such as creating a table or adding a nullable column that are usually safe but still need a clear rollback path.
Does it understand my exact SQL dialect?
First ship uses deterministic keyword and shape detection rather than a full grammar, so it works across PostgreSQL, MySQL, and similar dialects but does not parse every vendor extension. It is a review aid that surfaces the statements most worth a closer look; it is not a guarantee that an un-flagged statement is safe. Always pair it with a human review of the migration.
Is my SQL uploaded anywhere?
No. The splitting, classification, and export all run in your browser. The SQL you paste, the table names, and the column names are never sent to a server or saved. Download the findings CSV or copy the review card before you close the tab.
Can I keep a record of the review?
Yes. Download findings CSV gives you a spreadsheet-ready file with one row per flagged statement, and the findings export is itself safe to open because any cell that could be read as a spreadsheet formula is escaped. Copy review card gives you a markdown summary you can paste into a pull request, a runbook, or a deploy checklist.

Use this again tomorrow

Save this page so it's one tap away when you need a quick result.

Bookmark this tool

Ready for a quick Daily Challenge?

Play Daily Challenge on sts.games

Related tools

Try another quick utility while you are here.

CSV Formula Injection Guard

Flag risky CSV cells and download a sanitized copy.

Terraform Plan Blast Radius Card

Risk-rank a terraform plan before you apply it.

Kubernetes RBAC Verb Matrix

Spot risky verbs in Role and ClusterRole YAML.