Prisma Migrate Reset --force is used to reset the database and migration history if drift is detected. Only run this command on a development database - never on production databases! If in doubt, ask the user to confirm. The migrate reset command performs these steps: 1. Drops the database/schem...
AI agents call migrate-reset to permanently remove resources in Prisma MCP Server — typically in cleanup and lifecycle workflows. It does its job in a single call, and there is no undo.
This tool irreversibly drops the entire database/schema and wipes migration history. Even though it recreates the database and re-applies migrations, all existing data is permanently destroyed. The description itself warns never to use it on production, confirming the catastrophic blast radius if misused by an AI agent.
From the tool's definition 'Drops the database/schema', 'reset the database and migration history', '--force', 'never on production databases'
Documented attack patterns abuse exactly the kind of access migrate-reset gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and Prisma MCP Server, and nothing reaches the server without passing your rules. This is the rule we recommend for migrate-reset:
{
"version": "1",
"default": "deny",
"hide": [
"migrate-reset"
]
}migrate-reset disappears from the agent's tool list entirely, and any attempt to call it is denied. The rest of the server keeps working.
Free to start. No card required.
Prisma Migrate Reset --force is used to reset the database and migration history if drift is detected. Only run this command on a development database - never on production databases! If in doubt, ask the user to confirm. The migrate reset command performs these steps: 1. Drops the database/schema if possible, or performs a soft reset if the environment does not allow deleting databases/schemas 2. Creates a new database/schema with the same name if the database/schema was dropped 3. Applies all migrations 4. Runs seed scripts. It is categorised as a Destructive tool in the Prisma MCP Server MCP Server, which means it can permanently delete or destroy data. Block by default and require explicit approval.
Register the Prisma MCP Server MCP server in PolicyLayer and add a rule for migrate-reset: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Prisma MCP Server. Nothing to install.
migrate-reset is a Destructive tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the migrate-reset rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for migrate-reset. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
migrate-reset is provided by the Prisma MCP Server MCP server (prisma/prisma). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 4 Prisma MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
4 Prisma MCP Server tools catalogued and risk-classified — across an index of 42,500+ MCP servers.