Bumper

Opportunity

Database migrations are one of the most common causes of unplanned downtime for teams practising continuous delivery. When engineers deploy schema changes — adding columns, creating indexes, or introducing foreign keys — PostgreSQL acquires locks that can block reads or writes on existing tables. If the engineer doesn't have deep knowledge of PostgreSQL's locking behaviour, a seemingly innocent migration can bring a production service down. This risk is especially acute at OGP, where PostgreSQL is the go-to database across most product teams and there are no regular scheduled maintenance windows. Today, catching these issues relies on individual expertise during code review, which is inconsistent and easy to miss under time pressure. A lightweight, automated check at PR time could surface these risks before they ever reach production.

Velocity

I built Bumper, a GitHub Action that automatically detects PostgreSQL migration files in a pull request and uses an LLM (Claude) to analyse them for potential lock issues. For each migration file, Bumper posts a structured review comment showing which tables are affected, what lock types are acquired, whether reads and writes are blocked, the expected lock duration, and an overall risk rating (CRITICAL / HIGH / MEDIUM / LOW). It handles PRs with multiple migration files, producing a per-file breakdown in a single comment (example: single migration, example: multi-migration). Setup takes minutes — teams only need to add an Anthropic API key and a workflow file. The cost is negligible at roughly $0.003–0.01 per migration file analysed. The tool is working end-to-end today, though more testing against real-world migrations is needed to evaluate accuracy and coverage across different migration patterns and ORMs.

Traction

Bumper has not yet been rolled out beyond my own testing. The immediate next step is to integrate it into ScamShield after getting buy-in from the team — Being a production OGP product with a large and actively evolving PostgreSQL schema — to validate against real migrations. If it proves useful there, I plan to offer it to other OGP product teams and eventually publish it on the GitHub Marketplace as an open-source tool for the broader engineering community.

team makeup: solo project done by Kaiwen