April 30, 2026 · Flavius Munteanu

pgfence stays free and open source

Quick positioning update: pgfence is, and stays, a free open-source Postgres migration safety tool. The CLI, GitHub Action, LSP, ORM extractors, lock-mode rules, and safe rewrite recipes are all free forever.

By Flavius Munteanu,

Quick positioning update.

pgfence is, and stays, a free open-source Postgres migration safety tool. The CLI, GitHub Action, LSP and VS Code extension, ORM extractors for TypeORM / Prisma / Knex / Drizzle / Sequelize, SARIF and GitLab reporters, lock-mode rules, and safe rewrite recipes are all free forever.

For a while the website framed governance as a packaged product with a public price. We have removed that framing. pgfence Cloud is now an exploratory conversation with a small group of design partners with painful migration review, not a SKU with a roadmap. There is no self-serve signup, no waitlist UI, no fixed annual price.

The reason is simple. The OSS analyzer is the product right now. The job we are focused on is making pgfence the default safety check that teams add to CI before merging Postgres migrations. Hosted governance might come later if real teams ask for it; until then we are not building billing, dashboards, auth, org management, or hosted approval flows.

What stays free, forever

  • pgfence analyze and pgfence trace CLI commands
  • GitHub Action with PR comment markdown, SARIF, and GitLab reporters
  • VS Code extension and the underlying LSP server
  • Postgres lock-mode rules (the table in the README)
  • Safe rewrite recipes for ADD COLUMN, FK, UNIQUE, CREATE INDEX, and more
  • ORM extractors for TypeORM, Prisma, Knex, Drizzle, Sequelize
  • Coverage / fail-closed UNKNOWN handling so dynamic SQL is never silently passed
  • Docs, blog, trace mode, schema-snapshot support

No paid analyzer tier. No premium-rule paywall. No usage cap.

What we want from you

Try pgfence on real migrations. Run it on the migration history of a project you actually ship to production, not just a sample file. If the analyzer:

  • missed something dangerous, or
  • flagged something that is actually safe in your environment, or
  • could not extract a migration written through your ORM,

open an issue with the SQL. The repo has structured templates for false negatives, false positives, and unsupported ORM patterns so triage does not need a back-and-forth.

Every dangerous-migration pattern in the rules table started as someone’s incident. We want yours.

What about Cloud

The door stays open. If your team has painful migration review, audit, or compliance needs and wants to help shape what hosted governance could look like, contact@pgfence.com. We will scope one workflow, agree what success looks like, and onboard manually. No public price, no fake signup flow.

If that is not you, you do not need anything beyond the OSS. Install with npm install -g @flvmnt/pgfence, point it at your migrations, and you have the same analyzer the design partners use.

TL;DR

pgfence stays free and open source. Cloud is a door, not a roadmap. The fastest way to help right now is to try it on a real migration and tell us what it missed.

← All posts