Ratify
Upstream schema changes break pipelines. A backend engineer renames a column, their service still works, and nobody thought to check what else depended on it. By the time the data team finds out, the damage is done and the question of who approved what goes unanswered for hours.
Ratify is a data contract workflow engine. When a producer team wants to change a schema covered by an active contract, they raise a proposal in the tool. Consumer teams get notified; what's changing, which columns are affected, whether the change is breaking or additive - and respond before the change ships. The negotiation is tracked. The audit trail is append-only.
Written in Go. CLI-first, using Cobra for the command interface and sqlc to compile explicit PostgreSQL queries into typed Go. React and TypeScript for the web UI. Ships as a single binary with no runtime dependencies, a Docker image on Docker Hub, and via GitHub Releases.
Proposal workflow
Key decisions
| Decision | Chosen | Why |
|---|---|---|
| Backend language | Compiled Go | Single static binary, zero runtime dependencies, goroutines for concurrent schema introspection |
| Database access | Plain SQL + sqlc | Bypasses ORM abstractions and N+1 overhead — compiles explicit PostgreSQL queries into type-safe Go |
| HTTP router | Chi | Strict compatibility with net/http standard library, lightweight, clean middleware composition |
| Metadata store | PostgreSQL | Raw sequentially numbered migrations via golang-migrate executed natively at startup |
| Task scheduling | Embedded robfig/cron | Eliminates distributed worker dependencies (Temporal, Celery), in-process cron running hourly schema checks |
| Auth | API Keys + JWT | API keys for machine access, short-lived JWTs for web sessions. No OAuth callback complexity. |
| Consumer responses | Token-hashed links | Account-less interaction via cryptographically secure random tokens, consumers respond without creating an account |
| License | MIT | The OSS core needs to be trusted before any monetization can happen |