Use Case

Plan, Execute, and Remediate Migrations with an Agent Harness

Adaptive lets the agent connect to the datasource, draft a migration plan grounded in the live schema, execute it under scoped credentials, and remediate automatically when a step fails. You write the prompts and workflows; Adaptive provides the harness, tools, MCP registry, networking, and guardrails.

harness·h-3819

Adaptive

$adaptive harness h-3819

↳ session opened

harness $migrate --target=schema-v19

✓ dry-run on shadow-db

✓ guard: row-count delta < 0.1%

→ applying 4 statements

✓ users.add column preferences_v2

rollback: armed · ttl 4h

harness $

shadow: verified

guard: on

rollback: armed

The problem

Migrations are the riskiest commits in a codebase. An ALTER that passed review can lock rows for minutes on a hot table; a backfill clean on 10k rows can saturate the primary on 500M. Teams end up hand-holding each migration — reading the schema, guessing at lock behaviour, babysitting the run, and scrambling to unwind when a step fails halfway through. Agents can do this work, but only if they can reach the datasource safely and recover from their own mistakes without paging a human.

34%

of major database incidents in 2025 traced to migration operations — not application code — going wrong in production

2.4hrs

median recovery time from a bad schema migration on a high-traffic production table

68%

of engineering teams still use shared, long-lived DBA credentials for migrations — the same account for every deploy

A migration is not a single SQL statement — it's a plan: inspect the schema, size the change, sequence the steps, watch for errors, and back out cleanly if something breaks. An agent harness can run that loop end-to-end, but only if it has a safe on-ramp to the datasource, a dry-run surface it can trust, and a credential that dies the moment the job ends.

The solution

An agent harness that owns the migration loop, end to end

Adaptive provides the harness, tools, MCP registry, networking, and guardrails — a one-shot, schema-scoped credential to your datasource, a masked replica for dry-runs, and a policy envelope for blast radius. You provide the prompts and workflows. The agent inspects the live schema, drafts a plan, executes it step by step, and self-remediates on failure — all inside Exo policy envelope, never outside it.

Benefits

How Adaptive helps

Harness Securely Allows Connection to the Datasources

The agent pulls a short-lived credential from Exo and introspects the target database — schema, indexes, row counts, and current load — before writing a single line of SQL. Every connection is bound to one migration, one schema, and one time window.

Point the harness at your database via Exo. It gets a scoped connection that expires on completion, with no shared DBA account to leak or rotate.

Agent Drafts a Migration Plan from Live State

Define your own prompts to shape how the agent plans. Grounded in the real schema and table sizes, the harness follows your prompt to produce a step-by-step plan: ordering of DDL, online vs. offline strategy, batch sizes for backfills, and expected lock time. The plan is attached to the PR for review before execution.

Let the agent propose the plan instead of hand-writing it. Reviewers approve the plan once; Adaptive enforces that execution cannot deviate from it.

Dry-Run on a Masked Replica

Before touching production, the harness runs the full plan against a production-shaped replica with PII masked. It measures lock duration, rows affected, and disk impact, then folds the results back into the plan for the reviewer.

Wire your replica provisioning into Exo. Every migration PR gets a dry-run report attached automatically — no manual staging setup per change.

Scoped Execution with Blast-Radius Policies

The harness executes the approved plan under policy limits on rows touched, lock duration, and DDL class. If a step would exceed the envelope, execution pauses and requires multi-party approval before continuing.

Set per-environment policies — strict in production, looser in staging. The agent inherits the limits without having to be told; it simply cannot run a step that breaches them.

Automatic Remediation on Error

When a step fails — lock timeout, constraint violation, saturated primary — the harness captures the error, consults the plan's rollback path, and executes the compensating action. If remediation itself can't complete inside policy, it escalates with the full failure trace, not just a stack dump.

Stop hand-unwinding half-applied migrations. The agent retries, rolls back, or escalates under the same credential and policy envelope it started with.

Rollback-Ready Audit Trail

Every step — plan, dry-run result, execution, error, remediation — is logged with commit, PR, approver, and effect counts. If a full rollback is needed later, the exact before-state and change set are one query away.

Stream migration audit trails into your observability and ticketing tools. Post-incident review starts with a complete record, not a forensic reconstruction.