Exploring pgfence Cloud

The open-source CLI stays free. Cloud is exploratory: a private design partner program with production Postgres teams that need approvals, audit history, and shared policy around risky migrations.

Want the program overview? Visit /cloud. The OSS analyzer is documented in the rest of these docs.

What pgfence Cloud is exploring

pgfence Cloud is a hosted control plane that sits on top of the same analysis engine the OSS CLI uses. The free analyzer keeps running in your CI; Cloud is where shared policy, sign-off, and audit would live.

Concretely, the loop we are shaping with design partners looks like:

  1. Your CI runs pgfence analyze in GitHub Actions on every PR with a migration diff.
  2. The analysis result uploads to Cloud over HTTPS with a content-hash and idempotency key. No database credentials, no source code uploaded; only the analysis JSON the OSS CLI already produces.
  3. Cloud evaluates the org's shared policy against the analysis, posts an updated check on the PR, and routes HIGH or CRITICAL migrations to the configured reviewers.
  4. Approvals, exemptions, and merges land in an append-only, hash-chained audit history bound to the migration content (not just the commit SHA, so a force-push re-triggers review).

Nothing in this loop is required for the OSS CLI to work; it is purely additive.

What design partners shape

  • Approval workflows: sign-off paths for HIGH and CRITICAL migrations before merge.
  • Exemptions with justification and expiry: recorded bypasses with ownership and expiration.
  • Shared policies: org-wide rules for thresholds and required migration guardrails.
  • Audit history: a review trail for analyses, approvals, and exemptions.
  • Operational reporting: rollout and review visibility for migration-heavy teams.

No Database Credentials

The public analyzer already supports DB-size-aware scoring through a stats snapshot: your CI runs the snapshot step against your read replica, writes JSON, and pgfence consumes it locally. That trust boundary carries over to the governance work as well, so pgfence does not need direct production database credentials.

What exists today

The public product you can use today is the free analyzer: CLI, LSP, docs, trace mode, and reporting outputs. The Cloud page describes the design partner program and product direction around that analyzer, not a generally available self-serve workspace.

Free CLI unchanged

All cloud work is additive. The open-source CLI works exactly the same without any account, login, or API key.

If you are evaluating

The fastest path is: try the quick start, run the analyzer on one of your migrations, and tell us about your migration review process if the output makes you want a governance layer.