GORM
The most popular ORM for Go. Provides chainable query building, model associations (has one, has many, belongs to, many-to-many), auto-migrations, hooks (before/after create/save/delete), soft deletes, transactions, and connection pooling. Works with PostgreSQL, MySQL, SQLite, and SQL Server. The de-facto standard ORM for Go database applications.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
MIT licensed. Parameterized queries prevent SQL injection by default. Use db.Raw() with ? placeholders for raw SQL. Avoid fmt.Sprintf() in queries — SQL injection risk.
⚡ Reliability
Best When
You're building a Go application with relational data and want ActiveRecord-style ORM conventions — associations, hooks, soft deletes, and auto-migration.
Avoid When
You need maximum performance, complex SQL queries, or prefer SQL-first development — use sqlc (generate type-safe Go from SQL) or pgx for lower-level control.
Use Cases
- • Define Go agent data models as structs with GORM tags for automatic database schema management
- • Query agent data with chainable API: db.Where('status = ?', 'active').Find(&agents)
- • Implement agent domain model relationships (User has many Sessions) with automatic JOIN queries
- • Use GORM transactions for atomic agent operations: db.Transaction(func(tx *gorm.DB) error { ... })
- • Auto-migrate agent database schemas in development: db.AutoMigrate(&Agent{}, &Session{}, &Task{})
Not For
- • Complex SQL queries requiring full control — GORM's raw SQL support exists but complex CTEs/window functions are cleaner with sqlx or database/sql directly
- • Performance-critical high-throughput queries — GORM's reflection-based approach has overhead vs pgx or sqlc
- • Non-relational databases — GORM is SQL-only
Interface
Authentication
Local library — no authentication required. MIT licensed. Database authentication configured via DSN.
Pricing
MIT licensed. Zero cost.
Agent Metadata
Known Gotchas
- ⚠ Always check result.Error after queries — GORM doesn't panic on errors: result := db.Find(&records); if result.Error != nil { return result.Error }
- ⚠ ErrRecordNotFound is NOT an error for Find() — only for First(), Last(), Take(); Find() with no results returns empty slice, not error
- ⚠ AutoMigrate is for DEVELOPMENT only — it adds columns but never removes them or changes column types; use proper migrations (goose, migrate) for production
- ⚠ Associations: preloading with db.Preload('Sessions').Find(&users) vs automatic join — Preload makes separate queries; use db.Joins('Sessions') for SQL JOIN
- ⚠ Soft delete: embedding gorm.Model adds DeletedAt field — deleted records are NOT removed from DB but filtered from queries; use db.Unscoped() to include soft-deleted
- ⚠ Transaction isolation: db.Transaction() auto-commits or rolls back; manual tx requires db.Begin(), tx.Commit()/Rollback() with proper defer for cleanup
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for GORM.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-07.