About

About pgfence

pgfence is a Postgres migration safety CLI built and maintained by Flavius Munteanu. It maps every DDL statement in your migrations to the exact lock mode it takes, the operations that lock blocks, the risk level for production, and the safe expand and contract rewrite recipe when the pattern is dangerous.

Who builds it

I have been writing applications against Postgres for roughly a decade, mostly Node.js and TypeScript stacks against production databases that did not stop for migrations. Every team I worked with had at least one incident where a routine migration locked a hot table during business hours and turned a one-line change into a postmortem. The fix is always the same, expand then contract, but the knowledge sits in scattered blog posts, internal runbooks, and senior engineers' heads. pgfence exists to encode that knowledge in a tool that runs before merge.

Why pgfence exists

When I went looking for a tool that could analyze a TypeORM or Prisma migration and tell me what locks it would take, I could not find one written for the Node ecosystem. The existing options were strong in their own niches but did not cover the same ground:

  • strong_migrations is a Ruby gem, tightly coupled to Rails ActiveRecord migrations.
  • Squawk is a Rust linter that reads raw SQL files. It does not extract from ORM migration formats.
  • Eugene is a Rust DDL linter and trace tool, also raw-SQL focused.
  • pgrubic is a Python linter with a large rule set, again raw SQL only.

If you wrote your migrations as queryRunner.query() calls inside a TypeORM file, a knex.raw() chain, a Prisma migration.sql, a Sequelize queryInterface script, or a Drizzle snapshot, none of these tools could read your migration. That gap is the reason pgfence exists. It is the first TypeScript-native tool in this category, and it ships extractors for the five major Node ORMs plus raw .sql files.

Independent validation

  • The pgfence lock-mode catalog was adopted upstream by supabase-community/postgres-language-server (5,100+ stars on GitHub), via PR #707 merged on 2026-05-18. The catalog is now the reference for that project's migration safety surface.
  • An integration guide for using pgfence alongside Prisma Migrate was merged into the official Prisma documentation on 2026-04-07.
  • pgfence is referenced in the awesome-postgres list and in pgroll's References section.

License and the paid surface

The CLI, the LSP server, the GitHub Action, the ORM extractors, the rule catalog, and every report format are MIT licensed and stay free forever. The analyzer is the work, and the work belongs to the ecosystem.

The paid surface is a separate layer on top: the pgfence Cloud control plane. That layer is about organizational governance, central policy, approval workflows, an immutable audit log of migration decisions, and exemption tracking. It is the workflow that a team of fifty engineers needs around the analyzer, not the analyzer itself. Cloud is in a private design-partner phase today and only available through direct conversation. The CLI's behavior does not change based on Cloud, and there is no version of pgfence where a rule is held back to push a paid tier.

Contact

The fastest way to reach me is through the channels below.