Worklog Migration Policy and wl doctor upgrade
This document explains how to inspect and apply database schema migrations for Worklog using
the wl doctor upgrade command and the repository migration runner. Migrations are centralized
in src/migrations and must be applied explicitly to avoid silent schema changes on production
databases.
- Before applying migrations the runner creates a timestamped backup of the database in
<dbdir>/backups/. - The runner prunes backups to keep the most recent 5 backups to limit disk usage.
Examples:
-
Preview pending migrations (dry-run):
wl doctor upgrade --dry-runThis lists pending migrations without applying them.
-
Apply pending migrations interactively:
wl doctor upgradeThe command lists safe migrations and prompts for confirmation before applying.
-
Apply pending migrations non-interactively:
wl doctor upgrade --confirmUse
--confirmto skip the interactive prompt. Note: the command still enforces the backup creation behavior and will fail on errors.
--dry-run— list pending migrations without applying them.--confirm— apply migrations non-interactively (no prompt).
If a flag described here is not implemented in your local wl version, the command will
document the planned behaviour and fall back to the safe (dry-run) behaviour by default.
- Backups are mandatory. The migration runner will not apply migrations without creating a backup first.
- The runner prunes backups to keep only the last 5.
- By default CI should not auto-apply migrations to persistent production databases. Use a
dedicated migration step that runs
wl doctor upgrade --dry-runand fails the build if pending migrations are found. - To allow non-interactive application (risky), set an explicit environment variable such as
WL_AUTO_MIGRATE=trueand runwl doctor upgrade --confirmin a controlled environment. This repository recommends making the migration step explicit and auditable in CI.
- Add SQL migration files and a migration descriptor to
src/migrationsfollowing the repository migration conventions. Ensuresafeis set appropriately for the migration. - Update tests and docs describing the behavioural change.
- If
wl doctor upgradereports pending migrations but you cannot apply them, inspect the migration descriptor and review the SQL for potential destructive operations. Run a dry-run first and verify backups. - To inspect the workitems schema directly use sqlite3:
sqlite3 path/to/worklog.db "PRAGMA table_info('workitems')"
- Migrations runner:
src/migrations/index.ts - Migration descriptors:
src/migrations/* - Migration application:
runMigrationscreates backups and prunes to the last 5 backups.
- Migration
20260315-add-auditis now a no-op. Theauditcolumn has been replaced by theaudit_resultstable. - Migration
20260604-add-audit-resultscreates theaudit_resultstable with columns:work_item_id TEXT PRIMARY KEY,ready_to_close INTEGER NOT NULL DEFAULT 0,audited_at TEXT NOT NULL,summary TEXT,raw_output TEXT,author TEXT, and a foreign key onwork_item_idreferencingworkitems(id)withON DELETE CASCADE. - Migration
20260604-backfill-audit-resultsreads existingworkitems.auditJSON data and inserts corresponding rows intoaudit_results. This migration is idempotent (tracked viaaudit_backfill_completemetadata key). - Migration
20260604-drop-audit-columndrops the legacyaudit TEXTcolumn fromworkitems. - Structured audit data is now stored in the
audit_resultstable (latest-only per work item). - Use
wl audit-show <id>to view audit results andwl audit-set <id> --ready-to-close --summary <text>to set them. - Use
wl update --audit-text <text>to set audit via the existing CLI interface (writes toaudit_resultstable). - Redaction/safety rules for audit text are tracked separately in
Redaction and Safety Rules for Audit Text (WL-0MMNCOIYS15A1YSI). - See
docs/AUDIT_STATUS.mdfor full documentation on audit status semantics.