ChameleonDB migrations are tightly integrated with the Schema Vault, providing automatic versioning, integrity verification, and a complete audit trail for every schema change.
Overview Unlike traditional migration tools, ChameleonDB:
Automatically registers schema versions on every migration
Verifies integrity before applying changes
Enforces mode restrictions (readonly blocks migrations)
Maintains an append-only audit trail
Enables migration recovery for failed attempts
Migration Commands Check Migration Status View the current state of your database and schema:
Output: Schema: Current version: v001 Status: β Up to date Vault: Versions: 1 registered Integrity: β OK Mode: π readonly (locked)
Preview Changes Check what changes will be applied without executing them:
This command:
Compares your schema.cham with the current database state
Shows a diff of detected changes
Does NOT apply migrations
Dry Run (View Generated SQL) See the exact SQL that will be executed:
chameleon migrate --dry-run
Output: π Migration Preview: βββββββββββββββββββββββββββββββββββββββββββββββββ ALTER TABLE users ADD COLUMN age INTEGER; CREATE INDEX idx_users_age ON users(age); βββββββββββββββββββββββββββββββββββββββββββββββββ π‘ This is a dry run. Use --apply to execute.
Apply Migration Apply the migration to your database:
chameleon migrate --apply
The first time you run chameleon migrate --apply, it automatically initializes the Schema Vault and registers your schema as v001.
Complete Migration Workflow
Modify Your Schema
Edit your schema.cham file to add, remove, or modify entities and fields: entity User { id : uuid primary , email : string unique , name : string , age : int , // β New field }
Validate Schema Syntax
Ensure your schema is syntactically correct: Output: β
Schema validated successfully Entities: 1 (User) Fields: 4
Preview Migration
Check what changes will be applied: chameleon migrate --dry-run
Review the generated SQL to ensure it matches your intentions.
Ensure Proper Mode
Migrations are blocked in readonly mode. Upgrade if needed: # Check current mode chameleon config get mode # If readonly, upgrade to standard chameleon config set mode=standard π Enter mode password: ****
See Mode Management for details.
Apply Migration
Execute the migration: chameleon migrate --apply
Output: π Verifying schema integrity... β Current: v001 (3f2a8b9c...) β No tampering detected π¦ Registering new schema version... β Registered as v002 (hash: 7d4e1c2a...) β Parent: v001 π Applying migration... β ALTER TABLE users ADD COLUMN age INTEGER β
Migration applied successfully β
Schema v002 locked in vault
Verify Integrity
Confirm the migration was recorded correctly: Output: π Verifying Schema Vault integrity... β v001: hash verified β v002: hash verified β
All versions verified
Schema Vault Integration Every migration creates an immutable version in the vault:
Vault Structure .chameleon/vault/ βββ manifest.json # Current version + history βββ integrity.log # Append-only audit trail βββ versions/ β βββ v001.json # Immutable snapshot β βββ v002.json βββ hashes/ βββ v001.hash # SHA256 verification βββ v002.hash
Version History View all schema versions:
Output: π Schema Version History v002 (current) β ββ Hash: 7d4e1c2a... ββ Date: 2026-02-20 15:45:00 ββ Author: dperalta ββ Changes: Added age field to User ββ Parent: v001 v001 ββ Hash: 3f2a8b9c... ββ Date: 2026-02-20 10:30:00 ββ Author: dperalta ββ Changes: Initial schema ββ Parent: none
Audit Trail View the complete integrity log:
cat .chameleon/vault/integrity.log
Migration Recovery If a migration fails midway, ChameleonDB can retry automatically:
chameleon migrate --apply
Output: β οΈ Incomplete migration detected (v002) π Attempting recovery... β
Migration completed successfully
Environment Variables Set your database connection string:
export DATABASE_URL = "postgresql://user:password@localhost:5432/mydb"
Alternatively, use a .env file:
DATABASE_URL = postgresql://user:password@localhost:5432/mydb
Integrity Verification Automatic Verification Every chameleon migrate command automatically:
Verifies all schema hashes
Detects tampering
Aborts if integrity violation detected
Example (tampered vault): β INTEGRITY VIOLATION DETECTED β’ v001.json: hash mismatch π¨ Schema vault has been modified! β Migration aborted for safety
Manual Verification Verify vault integrity anytime:
Common Issues βreadonly mode: schema modifications blockedβ Solution: Upgrade mode to standard or higher:chameleon config auth set-password # First time only chameleon config set mode=standard
βDATABASE_URL not setβ Solution: Set environment variable:export DATABASE_URL = "postgresql://user:pass@host:5432/db"
βintegrity violation detectedβ Solution: Someone modified vault files. Check audit log:cat .chameleon/vault/integrity.log
If changes were unauthorized, restore from backup.
βvault not initializedβ Solution: Run init first:Best Practices
Preview SQL before applying to catch unexpected changes: chameleon migrate --dry-run
Use readonly mode in production
Lock schema changes in production environments: chameleon config set mode=readonly
Review version history regularly
Audit schema changes periodically:
Backup vault before major changes
Create snapshots before risky operations: cp -r .chameleon/vault .chameleon/vault.backup
Keep connection strings out of version control: # .env (add to .gitignore) DATABASE_URL = postgresql://...
Next Steps
Introspection Generate schema from existing databases
Mode Management Control schema change permissions
Debugging Troubleshoot migrations and queries
Architecture Understand the Schema Vault system