v0.25.1 is focused on operational safety. Instead of shipping new query features, this release hardens migration integrity under real deploy pressure.
Teams usually fail during schema change, not simple reads. Lock contention, unsafe rollback paths, and receipt drift are where production incidents happen. v0.25.1 closes those gaps.
What Changed
- Added migrate down --force with explicit non-TTY unsafe guard behavior.
- Added wait-for-lock mode support across migration commands.
- Added JSON output mode for migrate analyze.
- Added optional HMAC signing support for migration receipts.
- Enforced receipt signature verification on apply and rollback paths.
- Moved advisory locking to database-scoped behavior with clearer timeout diagnostics.
Why Database-Scoped Locks Matter
Global lock semantics can create unnecessary contention in multi-database environments. Database-scoped locking narrows blast radius and gives clearer ownership over migration windows.
qail migrate up --wait-for-lock
qail migrate down --force --wait-for-lock
Receipt Integrity
Migration receipts are now treated as integrity artifacts, not passive logs. Optional signing plus verification on apply/rollback helps detect drift, tampering, or stale control paths before state mutation.
The goal is not faster migration output. The goal is making unsafe migration states difficult to execute by accident.
Operator Workflow
- Run analyze in JSON mode inside CI for policy checks and machine-readable gating.
- Use explicit force only with interactive/operator-approved rollback contexts.
- Keep receipt storage immutable and verify signatures before rollback operations.
- Treat lock timeout diagnostics as deployment signals, not transient noise.
qail migrate analyze --json > migrate-report.json
qail migrate status
qail migrate down --force --wait-for-lock
← Back to Blog