| name | safety-validator |
| description | Validate operations for production safety and detect destructive changes |
| model | claude-sonnet-4-5 |
Safety Validator Skill
This skill implements destructive operation detection, backup enforcement, approval coordination, and audit logging.
Example Request
{
"operation": "validate-migration",
"parameters": {
"environment": "production",
"migration_files": [
"prisma/migrations/20250124140000_drop_legacy_tables/migration.sql"
],
"working_directory": "/mnt/c/GitHub/myorg/myproject"
}
}
High-level process:
- Output start message with operation and environment
- Load configuration (safety rules, protected environments)
- Check if environment is protected
- Analyze migrations for destructive operations
- Detect dangerous patterns (DROP, TRUNCATE, DELETE, etc.)
- Classify risk level (low, medium, high, critical)
- Enforce backup requirement (if production)
- Generate approval prompts (if required)
- Log validation to audit trail
- Return structured validation results
This skill coordinates with:
- backup-manager: Validates backup exists and is valid
- logs plugin (fractary-logs): Records safety validations
- migration-deployer: Returns validation results
No tool-specific handlers needed - operates on SQL files directly.
If validation fails:
- Return blocked status with clear explanation
- Provide recovery suggestions
- Log blocked operation
- DO NOT allow operation to proceed
Output structured messages:
Start:
🎯 STARTING: Safety Validator
Environment: production [PROTECTED]
Operation: validate-migration
Migrations: 2 files
───────────────────────────────────────
During execution, log key steps:
- ✓ Configuration loaded
- ✓ Environment protection: CRITICAL (production)
- ✓ Analyzing migration: 20250124140000_drop_legacy_tables
- ⚠️ Destructive operation detected: DROP TABLE
- ✓ Risk level: HIGH
- ✓ Backup requirement: ENFORCED
- ✓ Backup validated: backup-20250124-140000-pre-migration
- ✓ Approval required: YES
- ✓ Validation logged
End (success - safe operation):
✅ COMPLETED: Safety Validator
Environment: production
Risk Level: LOW
Destructive Operations: None
Backup Required: Yes (validated)
Approval Required: Standard
Status: ✓ Safe to proceed
───────────────────────────────────────
End (warning - destructive operation):
⚠️ VALIDATION WARNING: Safety Validator
Environment: production
Risk Level: HIGH
Destructive Operations: 2 detected
- DROP TABLE legacy_users (affects 10,000 rows)
- TRUNCATE audit_log (affects 50,000 rows)
Safety Requirements:
✓ Backup created: backup-20250124-140000-pre-migration
⚠️ Enhanced approval required
⚠️ Additional confirmation needed
Type 'proceed-with-destructive-changes' to continue: _
───────────────────────────────────────
Return JSON:
Success (safe operation):
{
"status": "success",
"operation": "validate-migration",
"environment": "production",
"result": {
"risk_level": "low",
"is_safe": true,
"destructive_operations": [],
"backup_required": true,
"backup_validated": true,
"backup_id": "backup-20250124-140000-pre-migration",
"approval_required": "standard",
"can_proceed": true
},
"message": "Validation passed - safe to proceed"
}
Warning (destructive operation detected):
{
"status": "warning",
"operation": "validate-migration",
"environment": "production",
"result": {
"risk_level": "high",
"is_safe": false,
"destructive_operations": [
{
"type": "DROP_TABLE",
"table": "legacy_users",
"estimated_rows": 10000,
"migration": "20250124140000_drop_legacy_tables",
"line": 15,
"sql": "DROP TABLE legacy_users;"
},
{
"type": "TRUNCATE",
"table": "audit_log",
"estimated_rows": 50000,
"migration": "20250124140000_drop_legacy_tables",
"line": 23,
"sql": "TRUNCATE audit_log;"
}
],
"backup_required": true,
"backup_validated": true,
"backup_id": "backup-20250124-140000-pre-migration",
"approval_required": "enhanced",
"enhanced_confirmation": "proceed-with-destructive-changes",
"can_proceed": "with_confirmation"
},
"message": "Destructive operations detected - enhanced approval required",
"warnings": [
"This migration will permanently delete data",
"Affected tables: legacy_users (10,000 rows), audit_log (50,000 rows)",
"Ensure backup is valid before proceeding"
]
}
Blocked (missing backup):
{
"status": "error",
"operation": "validate-migration",
"environment": "production",
"error": "Backup requirement not met",
"result": {
"risk_level": "critical",
"is_safe": false,
"backup_required": true,
"backup_validated": false,
"backup_id": null,
"can_proceed": false,
"block_reason": "No backup exists for production environment"
},
"recovery": {
"suggestions": [
"Create backup first: /faber-db:backup production",
"Then retry migration: /faber-db:migrate production",
"Or skip backup (NOT RECOMMENDED): /faber-db:migrate production --skip-backup"
]
}
}
Common validation failures:
Missing Backup (Production):
{
"status": "error",
"error": "Backup requirement not met for production deployment",
"result": {
"backup_required": true,
"backup_validated": false,
"can_proceed": false
},
"recovery": {
"suggestions": [
"Create backup: /faber-db:backup production",
"Verify backup: /faber-db:list-backups production",
"Then retry migration"
]
}
}
Critical Destructive Operation:
{
"status": "error",
"error": "Critical destructive operation detected without proper safeguards",
"result": {
"risk_level": "critical",
"destructive_operations": [
{
"type": "DROP_DATABASE",
"severity": "critical"
}
],
"can_proceed": false,
"block_reason": "DROP DATABASE operations are not allowed via automated deployment"
},
"recovery": {
"suggestions": [
"Review migration file: prisma/migrations/.../migration.sql",
"Remove DROP DATABASE statement",
"Use manual database operations if truly needed"
]
}
}
Invalid Migration File:
{
"status": "error",
"error": "Migration file not found or not readable",
"result": {
"migration_file": "prisma/migrations/20250124140000/migration.sql",
"file_exists": false
},
"recovery": {
"suggestions": [
"Verify migration file exists",
"Check file permissions",
"Re-generate migration if needed"
]
}
}
Destructive Operation Detection
Analyzes SQL for dangerous patterns:
Critical Patterns (Block unless explicit override)
DROP DATABASE- Never allowedDROP SCHEMA- Requires admin overrideTRUNCATEwith large tables (>100k rows) - Enhanced approval
High-Risk Patterns (Enhanced approval)
DROP TABLE- Permanent table deletionDROP COLUMN- Permanent column deletionTRUNCATE TABLE- Deletes all rowsDELETE FROM ... WHERE- Mass deletionALTER TABLE ... DROP CONSTRAINT- Removes data integrity
Medium-Risk Patterns (Standard approval)
ALTER TABLE ... RENAME- Schema changesALTER TABLE ... ALTER COLUMN- Type changesCREATE INDEXon large tables - Performance impactADD COLUMN NOT NULLwithout default - May fail
Low-Risk Patterns (No extra approval)
CREATE TABLE- Safe additive operationCREATE INDEX- Safe performance optimizationADD COLUMNwith default - Safe additive operationINSERT- Data addition only
Analysis Process
# Extract SQL statements
grep -iE "DROP|TRUNCATE|DELETE|ALTER" migration.sql
# Classify by risk level
# - Critical: DROP DATABASE, DROP SCHEMA
# - High: DROP TABLE, TRUNCATE, DELETE without WHERE
# - Medium: ALTER TABLE, DROP COLUMN
# - Low: CREATE, INSERT, ADD
# Estimate impact
# - Count affected rows (via EXPLAIN or table stats)
# - Identify affected tables
# - Detect cascading deletes
Backup Enforcement
For protected environments (production):
Check if backup exists:
{ "skill": "backup-manager", "operation": "list-backups", "parameters": { "environment": "production", "limit": 1 } }Validate backup is recent:
- Must be created within last 24 hours (configurable)
- Must include current migration state
- Must be verified (integrity check passed)
Block if no backup:
- Return error status
- Require backup creation
- Do not allow --skip-backup in production (unless config override)
Pre-migration backup:
- Create labeled backup:
backup-*-pre-migration-TIMESTAMP - Record backup_id for rollback
- Verify backup before proceeding
- Create labeled backup:
Approval Workflows
Standard Approval (Low/Medium Risk)
⚠️ PRODUCTION OPERATION REQUIRES APPROVAL
Environment: production
Risk Level: MEDIUM
Operation: Deploy 2 migrations
Proceed? (yes/no): _
Enhanced Approval (High Risk)
⚠️ CRITICAL: DESTRUCTIVE OPERATION DETECTED
Environment: production
Risk Level: HIGH
Destructive Operations:
- DROP TABLE legacy_users (10,000 rows)
- TRUNCATE audit_log (50,000 rows)
This operation will PERMANENTLY DELETE DATA.
Safety measures in place:
✓ Backup created: backup-20250124-140000-pre-migration
✓ Rollback available
⚠️ Data loss is irreversible
Type 'proceed-with-destructive-changes' to confirm: _
Critical Operations (Blocked)
✗ OPERATION BLOCKED
Environment: production
Risk Level: CRITICAL
Operation: DROP DATABASE
This operation is not allowed via automated deployment.
If you truly need to drop the database:
1. Create full backup: /faber-db:backup production
2. Perform manual operation: psql $PROD_DATABASE_URL
3. Document in change log
4. Notify team
Audit Trail Integration
Log all safety validations:
{
"log_type": "safety_validation",
"timestamp": "2025-01-24T14:00:00Z",
"environment": "production",
"operation": "migrate",
"validation": {
"risk_level": "high",
"destructive_operations": 2,
"backup_validated": true,
"approval_obtained": true,
"approved_by": "user@example.com",
"confirmation_phrase": "proceed-with-destructive-changes"
},
"migrations": [
"20250124140000_drop_legacy_tables"
],
"result": "allowed",
"duration_ms": 1250
}
Risk Classification Algorithm
risk_level = "low" # Default
if contains("DROP DATABASE") or contains("DROP SCHEMA"):
risk_level = "critical"
elif contains("DROP TABLE") or contains("TRUNCATE"):
risk_level = "high"
elif contains("DROP COLUMN") or contains("DELETE"):
risk_level = "high"
elif contains("ALTER TABLE"):
risk_level = "medium"
if risk_level == "critical":
can_proceed = false
block_reason = "Critical operations not allowed"
elif risk_level == "high":
approval_required = "enhanced"
confirmation_phrase = "proceed-with-destructive-changes"
elif risk_level == "medium":
approval_required = "standard"
else:
approval_required = "none" # If not protected environment
Configuration
Safety rules configured in .fractary/plugins/faber-db/config.json:
{
"safety": {
"protected_environments": ["production", "staging"],
"backup_enforcement": {
"production": "required",
"staging": "recommended",
"dev": "optional"
},
"destructive_operations": {
"drop_table": {
"allowed": true,
"approval": "enhanced",
"require_backup": true
},
"drop_database": {
"allowed": false,
"block_reason": "Never allowed via automation"
},
"truncate": {
"allowed": true,
"approval": "enhanced",
"row_threshold": 1000
},
"delete": {
"allowed": true,
"approval": "standard",
"require_where_clause": true
}
},
"approval_timeouts": {
"standard": 300,
"enhanced": 600
}
}
}
Notes
- Idempotent: Safe to run validation multiple times
- Non-blocking: Validation is fast (<1 second typically)
- Extensible: Easy to add new destructive operation patterns
- Configurable: Safety rules can be customized per project
- Audited: All validations logged for compliance