migration-safetylisted

# Review a Migration A structured safety review for changes that touch persistent state (schema files, migration directories, ALTER/CREATE/DROP TABLE DDL, ORM migration files). Runs as `stage-04d`, conditional on `stage-04a`'s heuristic firing. The pipeline guarantees you have a tested rollback before peer review sees the change. That's the whole point of this stage. ## When to use this - Orchestrator invokes the `migrations` role for stage-04d (the normal path). - User explicitly asks "is this migration safe?" or "review this rollback plan." When **not** to use this: - General code review of business logic — that's `reviewer` at stage-05. - Security-sensitive paths (auth / crypto / PII storage) — that's `security-engineer` at stage-04b. The two stages cover different concerns; both may fire on the same migration. - Performance characteristics — that's red-team (stage-04c) or general review. - A non-data-layer change: this skill exits cleanly and the stage skips. ## Phase 1 — Load context Read, in order: 1. `pipeline/brief.md` — does the brief mention the data change? Was it scoped intentionally, or is it a side effect? 2. `pipeline/design-spec.md` — §Data model and §Rollback. The design's rollback section feeds this review; you're verifying the implementation against the plan. 3. `pipeline/pre-review.md` — `triggering_conditions` lists the files that triggered the heuristic. Read all of them. 4. Each migration file. Read the actual SQL or ORM migration code, not just