michaelalber/alembic-migration-manager
skills/team/alembic-migration-manager/SKILL.md
Manages the full Alembic migration lifecycle with safety checks and rollback planning. Python analog of ef-migration-manager. Use when creating, reviewing, or applying database migrations in Python projects using SQLAlchemy and Alembic. Triggers on phrases like "alembic migration", "create migration", "apply migration python", "database migration python", "sqlalchemy migration", "alembic revision", "alembic upgrade", "alembic downgrade".
development
Updated Jun 4, 2026
$ install --global
skillsauthnpx skillsauth add michaelalber/ai-toolkit alembic-migration-managerInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 4, 2026, 8:43 AM211.3s5 files scanned
SKILL.md
- name:
- alembic-migration-manager
- audience:
- team
- description:
- Manages the full Alembic migration lifecycle with safety checks and rollback planning. Python analog of ef-migration-manager. Use when creating, reviewing, or applying database migrations in Python projects using SQLAlchemy and Alembic. Triggers on phrases like "alembic migration", "create migration", "apply migration python", "database migration python", "sqlalchemy migration", "alembic revision", "alembic upgrade", "alembic downgrade".
Alembic Migration Manager
"Every migration is a one-way door. Make sure you know what's on the other side. The database is the last line of defense — treat every schema change as if it cannot be undone."
Core Philosophy
Database migrations are the most dangerous routine operation in software development. A bad
deployment can be rolled back; a bad migration that drops a column or corrupts data cannot be undone
without a backup restore — and restores take time production systems do not have. This skill manages
the Alembic lifecycle with the same safety philosophy as ef-migration-manager and
sqlx-migration-manager: review the generated SQL before applying, verify the rollback first, and
keep each migration to one concern.
Non-Negotiable Constraints:
- NEVER APPLY WITHOUT SQL REVIEW —
alembic upgrade head --sqlbeforealembic upgrade head. - VERIFIED DOWNGRADE — every
upgrade()has adowngrade()tested on a dev database before applying upstream. - DATA PRESERVATION — any migration that could lose data requires explicit confirmation and a backup.
- ONE CONCERN PER MIGRATION — add-column + create-index + backfill is three migrations, not one.
- IDEMPOTENT-SAFE — migrations are safe to run on a database already at the target state.
Full principle table, KB lookups, command sequences, anti-patterns, discipline rules, and error
recovery live in references/conventions.md.
Workflow
PLAN Identify the model change; assess data-loss risk; identify zero-downtime needs; plan
the downgrade; decide one migration or several (schema vs. data backfill).
Run: alembic current · alembic history · alembic check (must be clean).
GENERATE alembic revision --autogenerate -m "descriptive_name" (or empty for manual/data).
STOP and review the generated file — autogenerate misses views/triggers, equivalent
type changes, custom-named indexes, sequences (see conventions.md).
REVIEW SQL alembic upgrade head --sql AND alembic downgrade -1 --sql. Verify: matches intent,
no unexpected DROP/data loss, acceptable locks. (Lock detail: dangerous-operations.md.)
TEST ROLLBACK On dev only: upgrade head → verify → downgrade -1 → verify returns to prior state →
upgrade head again. (Checklists: migration-safety-checklist.md.)
APPLY alembic upgrade head → alembic current to confirm. Roll back with downgrade -1 if needed.
Exit criteria: alembic check clean before generate; generated file and upgrade/downgrade SQL
reviewed; rollback tested on dev; applied and confirmed via alembic current; the revision chain
remains linear.
State Block
<alembic-migration-state>
phase: PLAN | GENERATE | REVIEW_SQL | TEST_ROLLBACK | APPLY | COMPLETE
migration_name: [descriptive name]
data_loss_risk: none | low | medium | high
zero_downtime_required: true | false
sql_reviewed: true | false
rollback_tested: true | false
current_revision: [revision ID or "head"]
target_revision: [revision ID or "head"]
last_action: [description]
next_action: [description]
</alembic-migration-state>
Output Template
- Migration review checklist, rollback verification —
references/output-templates.md. - Per-operation locking/data-loss detail by database —
references/dangerous-operations.md. - Pre/post-apply checklists, rollback sequence —
references/migration-safety-checklist.md. - Principle table, KB lookups, command sequences, anti-patterns, discipline rules, error recovery —
references/conventions.md.
Integration with Other Skills
| Skill | Relationship |
|-------|-------------|
| python-feature-slice | When a feature needs schema changes, use this skill for the migration lifecycle. |
| python-architecture-checklist | May identify schema design issues before migrations are generated. |
| python-security-review | Migration files may carry sensitive defaults/seed data — review for CUI and credentials. |
| ef-migration-manager / sqlx-migration-manager | Cross-references for .NET and Rust stacks — identical safety philosophy, different tooling. |
Related Skills
michaelalber/security-review-federal
development
VerifiedTrustedCommunity
Federal / government security overlay applied ON TOP OF a base language security review (dotnet/python/php/rust/react). Language-agnostic: adds NIST SP 800-53 control mapping, FIPS 140-2/3 cryptographic compliance (with a per-language crypto table), CUI handling, EO 14028 supply-chain requirements, and DOE Order 205.1B, and emits POA&M-ready findings with FIPS 199 impact levels. Use for federal/DOE/DOD/national-laboratory systems. Triggers on "federal security review", "NIST compliance", "NIST 800-53", "FISMA", "CUI", "FIPS audit", "DOE security", "POA&M", "ATO review". Do NOT use alone — run the matching <lang>-security-review FIRST; this overlay maps and extends it.
SKILL.mdUpdated Jun 4, 2026
michaelalber/react-security-review
tools
VerifiedTrustedCommunity
OWASP-based security review of React / TypeScript front-end applications. Detects the framework (Vite/CRA/Next), entry points, and data flows, scans against the OWASP Top 10 (2025) mapped to React client-side patterns (XSS via raw HTML, URL/protocol injection, secrets in the bundle, insecure token storage, dependency CVEs, missing CSP, open redirects), and produces a manager-friendly executive summary plus a graded technical findings table. Use to audit React code for vulnerabilities. Triggers on "react security review", "frontend security audit", "audit react for vulnerabilities", "owasp react", "react xss", "react security posture", "npm audit review". For federal / gov / DOE / NIST / FIPS / CUI context, run security-review-federal after this base review. Do NOT use to grade architecture/structure — use react-architecture-checklist.
SKILL.mdUpdated Jun 4, 2026
michaelalber/react-modernization-analyzer
tools
VerifiedTrustedCommunity
Analyzes legacy React codebases and produces actionable modernization plans. Primary migration paths include class components to function components + hooks, Create React App to Vite, React 16/17 to 18 to 19, JavaScript to TypeScript, Enzyme to React Testing Library, legacy Redux to Redux Toolkit / Zustand / Context, and deprecated lifecycle/API removal. Does NOT perform the migration — assesses, quantifies risk, and plans. Triggers on phrases like "modernize react", "class to hooks", "upgrade react", "migrate CRA to vite", "react legacy migration", "react 17 to 18", "react js to typescript", "react technical debt", "enzyme to RTL".
SKILL.mdUpdated Jun 4, 2026
michaelalber/react-feature-slice
development
VerifiedTrustedCommunity
Scaffolds feature-based React / TypeScript architecture using feature folders, presentational + container components, custom hooks, a typed data layer, and structural CQRS (query hooks vs mutation hooks). React analog of dotnet-vertical-slice and python-feature-slice — no DI framework; uses props/context for dependency injection and a query cache for server state. Use when creating feature-based React projects, adding React features, organizing components by feature rather than by technical type, or scaffolding a feature's data layer. Triggers on phrases like "scaffold react feature", "create react slice", "react feature folder", "react vertical slice", "add react feature", "react feature architecture", "organize react by feature".
SKILL.mdUpdated Jun 4, 2026