verify when a disposable PostgreSQL server is available and you want the strongest pre-merge proof.
verify applies the before-state and migration twice in one temporary database, applies the target model in another, and compares the resulting fingerprints.
Use this when
- Static checks passed but you want runtime proof.
- A migration touches policies, grants, functions, or dependency-heavy objects.
- CI can run a PostgreSQL service container.
- A failed verify should leave databases behind for inspection.
Run it
Flags
Before-state source. Defaults to
config.sources.from.Target source. Defaults to
config.sources.to, then the first configured
schema path.Migration SQL to apply twice. Defaults to the newest
.sql file in the
migrations directory.Directory used to resolve the default migration file.
PostgreSQL admin URL. Also resolves from
SUPASCHEMA_DATABASE_URL or Supabase
local discovery.Create missing
NOLOGIN roles referenced by grants or policies.Stub common Supabase-managed surfaces such as
auth.uid() and cron tables.Disable the Supabase environment stub when another command enabled it.
Keep temporary databases after failure and print their names.
Environment variables
| Variable | Use |
|---|---|
SUPASCHEMA_DATABASE_URL | Default database URL |
SUPASCHEMA_VERIFY_ALLOW_REMOTE | Set to 1 only for intentionally disposable remote infrastructure |
Exit codes
| Code | Meaning |
|---|---|
0 | Migration is idempotent and converges |
1 | Runtime failure or missing database URL |
2 | Verification diagnostics failed |
Related
Check
Run static safety checks first.
CI recipe
Add a disposable PostgreSQL service.
Supabase integration
Use environment and role stubs for Supabase trees.
Fingerprint
Understand the catalog equality hash.