feat: Schema Migration Service

[NFUChen]

Add schema migration support powered by pgschema. Users can compare their live database schema against a git-hosted SQL file and apply DDL changes directly from the pgconsole UI.

What it does

1. Compare — Clones/pulls a schema source repo, runs pgschema plan to diff the live database against the desired schema, and shows the DDL changes grouped by operation (create/alter/drop).
2. Apply — Executes the planned DDL via pgschema apply --auto-approve with streaming progress and error reporting.
3. Status — Checks whether a connection has schema_source configured.

Configuration

Add schema_source to any connection in pgconsole.toml:

[connections.schema_source]
repo = "https://github.com/org/repo.git"
branch = "main"
path = "schema.sql"
schema = "public"

Architecture

Backend

File	Purpose
proto/migration.proto	MigrationService with 3 RPCs: PlanMigration, ApplyMigration (server streaming), GetSchemaSourceStatus
server/services/migration-service.ts	RPC handlers with auth/permission checks
server/lib/git.ts	Shallow clone + fetch/reset for schema repos
server/lib/pgschema.ts	CLI wrapper for pgschema plan and pgschema apply, with JSON output parser
server/lib/plan-store.ts	In-memory plan storage with 30-minute TTL and expiry eviction
server/lib/config.ts	SchemaSourceConfig type and TOML parsing
server/connect.ts	Logging interceptor for all RPC services (logs errors server-side before ConnectRPC strips Code.Internal details)

Frontend

File	Purpose
src/components/sql-editor/schema/MigrationPanel.tsx	Migration UI with discriminated-union state machine (derivePanelState) driving all renders via switch/case
src/components/sql-editor/RightPanel.tsx	Added "Migration" as a permanent third tab alongside Context and Chat
src/hooks/useMigration.ts	React Query hooks for the 3 migration RPCs; useApplyMigration checks streaming results for status: 'failed' and throws

Docker

Change	Why
git added to runtime Alpine image	pgschema clones schema repos at runtime
pgschema binary bundled from bin/	CLI tool that diffs and applies schemas
Non-root pgconsole user	pgschema embeds PostgreSQL for planning; initdb refuses to run as root
TARGETARCH build arg	Multi-arch support for pgschema binary selection

Key design decisions

• State machine over boolean flags — MigrationPanel derives a single PanelState discriminated union from two independent mutations, then renders via exhaustive switch. Eliminates the class of bugs where render priority order silently breaks on refactor.
• Streaming apply with client-side failure detection — Server yields status: 'failed' on pgschema errors (ConnectRPC streaming doesn't throw on application-level failures). The client hook checks the final result and throws so useMutation surfaces errors correctly.
• Plan stored server-side — Plans are stored in-memory with a 30-minute TTL. The client only holds the planId, avoiding stale plan data and large payloads in React state.

Frontend UI:


After Migration:

[vercel]

@William-W-Chen is attempting to deploy a commit to the bytebase Team on Vercel.

A member of the Team first needs to authorize it.

[greptile-apps]

Greptile Summary

This PR adds schema migration support through pgschema and a git-backed schema source. The main changes are:

• New MigrationService RPCs for planning, applying, and checking schema-source status.
• Git checkout caching and pgschema CLI wrappers on the backend.
• In-memory migration plan storage with expiry.
• A new Migration tab and React Query hooks in the SQL editor UI.
• Docker runtime changes to include git, pgschema, and a non-root user.

Confidence Score: 1/5

This should be fixed before merging.

• Real schema diffs can be parsed as empty, which breaks the main compare workflow.
• The new tests have signature mismatches and can fail before exercising the feature.
• Migration RPCs expose schema information to callers without read access.
• Git cache reuse and concurrent sync can plan against the wrong checkout or fail intermittently.
• The pgschema wrapper misses connection settings and exposes the database password in process arguments.

server/lib/pgschema.ts, server/services/migration-service.ts, server/lib/git.ts, Dockerfile, and the new migration tests.

Security Review

• Authorization bypass in server/services/migration-service.ts: planning and schema-source status accept any connection permission instead of requiring read access.
• Path traversal/source escape in server/services/migration-service.ts: schema_source.path can point outside the cloned repo.
• Credential exposure in server/lib/pgschema.ts: database passwords are passed through process argv.

Important Files Changed

Filename	Overview
server/lib/pgschema.ts	Adds pgschema parsing and CLI execution; parser contract, connection options, and password handling need fixes.
server/services/migration-service.ts	Adds migration RPC handlers; auth checks, path handling, and apply progress behavior need attention.
server/lib/git.ts	Adds git cache sync; cache validation and concurrent sync behavior need protection.
src/components/sql-editor/schema/MigrationPanel.tsx	Adds the migration UI; schema-source status is not used to gate the workflow.
Dockerfile	Adds pgschema and git to the image; build arch handling can fail without a target arch.

_{Reviews (1): Last reviewed commit: "chore: remove outdated schema migration ..." | Re-trigger Greptile}