pgfence playground

Paste a migration. See the lock mode, blocked operations, and safe rewrite recipe in your browser. No SQL leaves this page.

migration.sql
Loading analyzer…

Full analyzer, in your terminal

The playground runs a curated subset of pgfence's rule catalogue against your SQL in the browser. For the full analysis, including ORM extractors, schema-aware widening detection, and policy plugins, run the CLI on your migration files.

Install the CLI View source on GitHub

How the in-browser analyzer works

The playground ships the WebAssembly build of libpg-query, the same C library Postgres uses internally, compiled to run in your browser. When you paste a migration, the WASM parser produces a full AST for every statement, then the page runs the exact same rule catalog that ships with the pgfence CLI against that AST. No SQL ever leaves the page. There is no network call, no server-side execution, and no telemetry on the SQL you analyze. Closing the tab disposes of the analysis.

What it catches

The browser build runs a representative subset of the rule catalog focused on the lock-mode footguns that show up most often in real migrations.

  • CREATE INDEX without CONCURRENTLY, which takes a SHARE lock and blocks writes for the duration of the build.
  • ADD COLUMN ... NOT NULL without a DEFAULT, which fails on non-empty tables and forces a rewrite under an ACCESS EXCLUSIVE lock.
  • ALTER COLUMN TYPE cross-family rewrites, which rewrite the whole table while holding ACCESS EXCLUSIVE.
  • REPLICA IDENTITY FULL, which silently degrades logical replication and write performance on wide tables.
  • DROP SCHEMA ... CASCADE, which removes dependent objects without warning and is a CRITICAL footgun in any environment that ships data.
  • CLUSTER, which holds ACCESS EXCLUSIVE for the duration of the rewrite and has no online alternative in core Postgres.
  • ADD FOREIGN KEY without NOT VALID, which takes a SHARE ROW EXCLUSIVE lock on both tables and scans the referencing table under that lock.
  • Missing SET lock_timeout at the start of the migration, which is what turns a routine lock into a lock-queue death spiral.

Limitations versus the CLI

The browser build is intentionally narrower than the local CLI. The playground is a fast preview, not a replacement for running pgfence in your pipeline.

  • No stats file. Size-aware risk escalation needs a pgfence-stats.json snapshot, which the playground does not accept.
  • No multi-file analysis. The CLI walks directories and reports on a whole migration set. The playground analyzes one buffer.
  • No policy plugin loading. Custom organization policies that load JavaScript files at runtime are CLI-only.
  • No LSP behavior. Inline diagnostics, hover cards, and quick-fix code actions are part of the LSP server, not the browser bundle.
  • No ORM extractors. The browser only reads raw SQL. To analyze a TypeORM, Prisma, Knex, Sequelize, or Drizzle migration, point the CLI at the migration directory.

Try this

Paste any of these into the editor above to see the analyzer's output. The expected verdict is included inline so you can compare.

Expected verdict: HIGH risk, ACCESS EXCLUSIVE on users, blocks reads and writes for the full rewrite.

ALTER TABLE users ADD COLUMN email_verified boolean NOT NULL;

Expected verdict: MEDIUM risk, SHARE lock blocks writes while the index builds. Safe rewrite uses CONCURRENTLY.

CREATE INDEX idx_users_email ON users(email);

Expected verdict: HIGH risk, SHARE ROW EXCLUSIVE on both tables, scans the child table under lock. Safe rewrite splits into NOT VALID plus VALIDATE CONSTRAINT.

ALTER TABLE orders ADD CONSTRAINT fk_user
  FOREIGN KEY (user_id) REFERENCES users(id);