{
  "id": "review-ai-generated-prisma-migrations",
  "type": "checklists",
  "category": "checklists",
  "locale": "de",
  "url": "/de/checklists/review-ai-generated-prisma-migrations",
  "title": "Checklist für die Überprüfung von KI-generierten Prisma-Migrationen",
  "description": "Eine Checkliste zur menschlichen Überprüfung von Prisma-Schemaänderungen und Migrationen, die von KI-Codierungsagenten geschrieben wurden – Datenverlust, Sperren und irreversible Operationen.",
  "tools": [
    "Cursor",
    "Claude Code",
    "Codex",
    "Windsurf"
  ],
  "stack": [
    "PostgreSQL",
    "TypeScript"
  ],
  "tags": [
    "postgres",
    "review",
    "security",
    "typescript",
    "migrate"
  ],
  "difficulty": null,
  "updated": "2026-06-08",
  "markdown": "Prisma-Migrationen werden automatisch beim Deployment ausgeführt und können Spalten löschen, große Tabellen umschreiben oder exklusive Sperren einnehmen. KI generiert Migrations-SQL, das korrekt aussieht, aber Ausfallzeiten oder stillen Datenverlust verursachen kann.\n\n## Korrektheit\n\n```txt\n[ ] Migration SQL in prisma/migrations/ matches the schema.prisma diff exactly\n[ ] No manually edited migration files — Prisma tracks checksums and will reject them\n[ ] New required fields have a @default value or the migration includes a backfill step\n[ ] Renamed fields generate two migrations: add new, migrate data, drop old — not a direct rename\n[ ] Enums added to PostgreSQL are append-only — removing a value requires a separate process\n[ ] Relation fields have the correct onDelete behavior (Cascade, Restrict, SetNull) defined\n[ ] @unique constraints are intentional — they create indexes and reject duplicates\n[ ] @@index and @@unique on composite fields have columns in the right order for query patterns\n[ ] prisma migrate diff output is reviewed before applying in production\n[ ] Shadow database connection string is configured for CI environments\n[ ] Prisma Client is regenerated after every schema change before running tests\n[ ] Model names are PascalCase; field names are camelCase — Prisma maps to snake_case in SQL\n```\n\n## Datensicherheit\n\n```txt\n[ ] No DROP COLUMN on a column that still has application code reading it (blue-green safe)\n[ ] No DROP TABLE without confirming all application references are removed\n[ ] Backfills for new non-nullable columns run before the NOT NULL constraint is added\n[ ] Large backfills are batched — not a single UPDATE on millions of rows\n[ ] Cascade deletes are intentional and tested — not the default chosen to silence a Prisma error\n[ ] Migration does not truncate a table that should retain historical data\n[ ] @default(now()) on a field that was previously nullable sets correct values on existing rows\n[ ] Schema change is backward compatible with the previous deployed application version\n```\n\n## Leistung\n\n```txt\n[ ] Adding an index on a large table uses CONCURRENTLY — Prisma does not do this by default\n[ ] Adding NOT NULL to an existing column without a default causes a full table rewrite in older Postgres\n[ ] New foreign key constraints use DEFERRABLE INITIALLY DEFERRED if adding to populated tables\n[ ] Migration run time is estimated — tables over 1M rows need a maintenance window or zero-downtime strategy\n[ ] No multiple expensive migrations chained in a single deploy\n[ ] @db.Text on columns that should be VARCHAR — unbounded text disables some index strategies\n[ ] @@index is added for every foreign key that will be used in a JOIN or WHERE filter\n```\n\n## Deployment\n\n```txt\n[ ] prisma migrate deploy (not dev) is used in the production deploy script\n[ ] DATABASE_URL in production points to the primary/writer replica, not a read replica\n[ ] Migration is tested against a staging database with production-scale data before production deploy\n[ ] Rollback plan exists — document which migrations are reversible and how\n[ ] prisma db push is not used in production — it bypasses the migration history\n[ ] CI runs prisma migrate diff to detect schema drift before merging\n[ ] Database user running migrations has ALTER TABLE privileges but application user does not\n```\n\n## KI-spezifische Risiken\n\n```txt\n[ ] AI has not used prisma.$queryRaw without the Prisma.sql tagged template (SQL injection risk)\n[ ] AI has not fabricated Prisma schema attributes — verify each @attribute exists in the Prisma docs\n[ ] AI has not added @@map or @map incorrectly — this changes the actual table or column name\n[ ] AI-generated schema uses the correct provider (postgresql, mysql, sqlite) — not a mix\n[ ] AI has not assumed that prisma migrate dev auto-applies in CI — it requires --skip-generate in some setups\n[ ] AI has not used deprecated Prisma v2 syntax in a v5+ project\n[ ] AI has not generated a migration that includes the full table recreate when only an index was requested\n```\n\n## Fehlerbehebung – Prompt\n\n```txt title=\"Fix Prompt\"\nReview this Prisma schema change and the generated migration SQL against the\nchecklist above. Identify any data loss risks, missing defaults, blocking\nindex additions, or fabricated schema attributes. Produce a corrected schema\nand a safe zero-downtime migration strategy, including any intermediate steps\nneeded to add NOT NULL constraints or backfill data.\n```"
}