Migrations & Backward Compatibility rules

Review SQL/database migrations for operations that can lock large tables or cause downtime. Examples: creating indexes without CONCURRENTLY (Postgres), ALTER COLUMN TYPE on big tables, adding NOT NULL without backfill, long-running updates without batching. Require an online migration strategy (CONCURRENTLY, backfill in batches, dual-write/expand-contract) and a rollback plan.

On LGPD deletion, remove or irreversibly anonymize PII and purge dependent caches. Keep minimal audit metadata (timestamp, request ID) not linkable back to the subject.

Enforce referential integrity with add_foreign_key and matching indexes.

Create daily encrypted backups (KMS keys) with retention and geo-redundancy; run quarterly restore tests and record results in the audit log.

Include a 'Rollout Plan' section with phases, feature flags, backout plan, and data migration steps; reference migration scripts and flag names.

PII tables must include an expires_at (or retention_policy) column and a scheduled deletion/archival job aligned to data category. No indefinite retention. (GDPR Art. 5(1)(e))

Prefer reversible change or explicit up/down to support rollbacks.

If a PR adds new PII fields (e.g., email, phone, address, dob, national_id), include links to updated DPIA and RoPA, migration with retention, and masking rules. Add a checklist item confirming lawful_basis. (GDPR Art. 35, Art. 30)

Process large tables with find_in_batches and avoid loading entire datasets.

Keep migrations readable by extracting multi-step data fixes to helper methods within the migration.

Group column/index changes with change_table; use concurrent indexes when needed.