Expand description
pgsafe is a static safety linter for PostgreSQL DDL migrations.
It parses SQL using the real PostgreSQL parser and checks every statement
against a set of rules that flag lock-taking or destructive operations,
producing a Finding for each match together with safe-rewrite guidance.
The main entry point is lint_sql. A command-line interface wrapping
the same rules is provided by the pgsafe binary.
Modules§
- cli
- Command-line surface (only built with the
clifeature). A superset binary can#[command(flatten)]CommonArgsand callresolveto reuse the whole front-end — config discovery,--config/--git-diff/--sinceinput selection, and per-file options — then run its own lint/render loop over the returnedResolvedRun.
Structs§
- File
Report - Lint results for a single named input.
- Finding
- A safety finding reported for a specific SQL statement.
- Fix
- A machine-applicable remediation for a
Finding: a short title plus the edits that make the statement safe. Present only for findings whose fix is an unambiguous mechanical change. - FixEdit
- A single text edit within the linted SQL: replace bytes
[start, end)withreplacement.start == endis a pure insertion. - Lint
Options - Options that adjust linting beyond the default static analysis.
- Location
- Source position of a finding’s statement: byte offset plus 1-based line and (character) column of the statement’s first non-whitespace token.
- Styling
- How the human renderers wrap each span of output.
plain()emits neither ANSI escapes nor glyphs (byte-identical to unstyled output);ansi()colors spans and prefixes a per-finding severity glyph. TTY/env detection is the caller’s job — the library only consumes a ready-madeStyling. - Suppression
- Why a
Findingwas suppressed by an inline-- pgsafe:ignoredirective.
Enums§
- Color
When - When to colorize human output (the CLI
--colorflag). - FailOn
- Minimum finding severity that fails the run (maps to exit code 1).
- Format
- Output format for the CLI.
- Lint
Error - Error returned when
pgsafecannot process the provided SQL. - Name
Kind - The kind of identifier a naming-convention pattern applies to.
- Severity
- Severity level of a
Finding, ordered by increasing severity (Warning<Error).
Constants§
- SCHEMA_
VERSION - The version of the JSON output envelope (
schema_version). - VERSION
- The version of the
pgsafecrate (itsCargo.tomlversion).
Functions§
- gate
- Whether
findingsshould fail the run underfail_on. - lint_
input - Lint one named input into a
FileReportunderoptions, turning a parse failure into the report’serrorfield instead of returning an error. - lint_
sql - Lint
sqlunderoptions, returning findings in source order. - list_
rule_ ids - Every lint-rule id this build can emit — the registered AST rules plus the
engine-synthesized/policy rules — in stable order. The public rule catalog,
e.g. for
pgsafe --list-rulesand external tooling. - render_
errors - Render the stderr block: one
"{name}: {error}"line for each report that failed to parse. - render_
finding_ body - Render one finding’s nested body for the grouped output (plain styling).
- render_
finding_ human - Render one finding as the human block (1–4 newline-terminated lines):
the headline, the message, a
fix:line (unless suppressed), and the snippet (when present). - render_
github - Render findings as GitHub Actions workflow annotation commands (
--format github): one::error/::warning file=…,line=…,col=…,title=pgsafe(rule)::messageper finding (suppressed findings skipped), plus::error file=…::{error}for any file that failed to parse. GitHub turns these into inline annotations on the diff; the process exit code (the gate) still drives the check. - render_
human - Render every finding across
reportsto the plain human block, grouped by statement. - render_
human_ styled - Render every finding across
reportsto the human block, grouped by statement, wrapping each span according tost. Findings arrive sorted by statement index, so a group is the run of consecutive findings sharing one index. Parse errors are not included — seerender_errors. - render_
json - Render
reportsas the versioned JSON envelope (schema_version2). - render_
sarif - Render
reportsas a SARIF 2.1.0 log. Findings (including suppressed ones) becomeresults; a file that failed to parse becomes a tool-execution notification and flipsexecutionSuccessfulto false. - render_
statement_ header - Render the grouped-output header for a statement (plain styling).
- render_
summary - One-line run summary, or
Nonewhen there are no findings at all (a clean run stays silent). Printed in both plain and color modes;stonly colors the counts. Clauses with a zero count are omitted; suppressed findings appear in a trailing(N suppressed)parenthetical (or stand alone when they are the only findings).