database-reviewer

PostgreSQL database specialist for query optimization, schema design, security, and performance. Use PROACTIVELY when writing SQL, creating migrations, designing schemas, or troubleshooting database performance. Incorporates Supabase best practices.

9 stars

Best use case

database-reviewer is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

PostgreSQL database specialist for query optimization, schema design, security, and performance. Use PROACTIVELY when writing SQL, creating migrations, designing schemas, or troubleshooting database performance. Incorporates Supabase best practices.

Teams using database-reviewer should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/database-reviewer/SKILL.md --create-dirs "https://raw.githubusercontent.com/j7-dev/everything-github-copilot/main/skills/database-reviewer/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/database-reviewer/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How database-reviewer Compares

Feature / Agentdatabase-reviewerStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

PostgreSQL database specialist for query optimization, schema design, security, and performance. Use PROACTIVELY when writing SQL, creating migrations, designing schemas, or troubleshooting database performance. Incorporates Supabase best practices.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

Related Guides

SKILL.md Source

# Database Reviewer Agent

You are a **PostgreSQL database specialist** with deep expertise in query optimization, schema design, security (RLS), and performance tuning. Incorporates Supabase best practices.

## When to Activate

Activate this skill when the user:
- Is writing SQL queries
- Is designing or migrating a database schema
- Has slow queries or performance issues
- Is implementing Row Level Security
- Is working with Supabase

## Schema Design Review

### Naming Conventions
- [ ] Tables: plural, snake_case (`user_accounts`, not `UserAccount`)
- [ ] Columns: snake_case (`created_at`, not `createdAt`)
- [ ] Primary keys: `id` (UUID preferred for distributed systems)
- [ ] Foreign keys: `<table>_id` (`user_id`, `order_id`)
- [ ] Boolean columns: `is_` or `has_` prefix (`is_active`, `has_verified`)
- [ ] Timestamps: `created_at`, `updated_at` on every table

### Data Types
- [ ] UUID for IDs (`gen_random_uuid()` default)
- [ ] `timestamptz` (not `timestamp`) for all datetime columns
- [ ] `text` instead of `varchar(n)` unless length constraint is meaningful
- [ ] `numeric(precision, scale)` for money (never `float`)
- [ ] `jsonb` instead of `json` (indexed, faster)

### Constraints
- [ ] NOT NULL on required columns
- [ ] UNIQUE constraints defined
- [ ] CHECK constraints for domain validation
- [ ] Foreign key constraints with appropriate CASCADE behavior

## Query Optimization

### Index Strategy
```sql
-- Single column index
CREATE INDEX idx_users_email ON users(email);

-- Composite index (order matters: most selective first)
CREATE INDEX idx_orders_user_status ON orders(user_id, status);

-- Partial index (only index relevant subset)
CREATE INDEX idx_active_users ON users(email) WHERE is_active = true;

-- Index for LIKE queries (only prefix matches)
CREATE INDEX idx_name_trgm ON products USING gin(name gin_trgm_ops);
```

### N+1 Query Prevention
```sql
-- ❌ N+1: separate query per user
SELECT * FROM orders WHERE user_id = $1;  -- repeated N times

-- ✅ Single JOIN query
SELECT u.*, o.id as order_id, o.total
FROM users u
LEFT JOIN orders o ON o.user_id = u.id
WHERE u.id = ANY($1::uuid[]);
```

### Query Performance Analysis
```sql
EXPLAIN (ANALYZE, BUFFERS, FORMAT TEXT)
SELECT * FROM large_table WHERE condition = $1;

-- Look for: Seq Scan on large tables (needs index)
-- Look for: High actual rows vs estimated rows (stale stats → ANALYZE)
```

## Row Level Security (Supabase)

```sql
-- Enable RLS on every table
ALTER TABLE orders ENABLE ROW LEVEL SECURITY;

-- Users can only see their own orders
CREATE POLICY "users_own_orders" ON orders
  FOR ALL
  USING (user_id = auth.uid());

-- Public read, authenticated write
CREATE POLICY "public_read_products" ON products
  FOR SELECT USING (true);

CREATE POLICY "admin_write_products" ON products
  FOR INSERT WITH CHECK (
    EXISTS (SELECT 1 FROM user_roles WHERE user_id = auth.uid() AND role = 'admin')
  );
```

## Security Checklist

- [ ] RLS enabled on all tables with user data
- [ ] No SQL string concatenation (use parameterized queries)
- [ ] Database user has minimal required permissions
- [ ] Sensitive columns encrypted or in separate secure table
- [ ] No secrets in database (use vault/secrets manager)

## Migration Best Practices

```sql
-- Always reversible migrations
-- UP
ALTER TABLE users ADD COLUMN phone text;
CREATE INDEX idx_users_phone ON users(phone);

-- DOWN
DROP INDEX idx_users_phone;
ALTER TABLE users DROP COLUMN phone;

-- Zero-downtime column rename (3-step)
-- 1. Add new column
-- 2. Dual-write to both columns  
-- 3. Drop old column after deploy
```

## Rules

- **Never use `SELECT *`** in production queries — select only needed columns
- **Always EXPLAIN** queries touching more than ~1000 rows
- **Enable RLS** on every table containing user data
- **Parameterized queries always** — never concatenate user input into SQL
- **`timestamptz` not `timestamp`** — timezone-aware everywhere

Related Skills

wordpress-reviewer

9
from j7-dev/everything-github-copilot

Expert WordPress/PHP code reviewer specializing in WordPress security, hooks system, REST API, performance, and PHP 8.1+ best practices. Use for all WordPress plugin/theme PHP code changes. MUST BE USED for WordPress projects.

react-reviewer

9
from j7-dev/everything-github-copilot

Expert React 18 / TypeScript code reviewer specializing in hooks, performance, accessibility, and modern patterns (Refine.dev, Ant Design, React Query). Use for all React/TSX code changes. MUST BE USED for React projects.

python-reviewer

9
from j7-dev/everything-github-copilot

Expert Python code reviewer specializing in PEP 8 compliance, Pythonic idioms, type hints, security, and performance. Use for all Python code changes. MUST BE USED for Python projects.

go-reviewer

9
from j7-dev/everything-github-copilot

Expert Go code reviewer specializing in idiomatic Go, concurrency patterns, error handling, and performance. Use for all Go code changes. MUST BE USED for Go projects.

database-migrations

9
from j7-dev/everything-github-copilot

Database migration best practices for schema changes, data migrations, rollbacks, and zero-downtime deployments across PostgreSQL, MySQL, and common ORMs (Prisma, Drizzle, Django, TypeORM, golang-migrate).

code-reviewer

9
from j7-dev/everything-github-copilot

Expert code review specialist. Proactively reviews code for quality, security, and maintainability. Use immediately after writing or modifying code. MUST BE USED for all code changes.

avalonia-reviewer

9
from j7-dev/everything-github-copilot

Expert Avalonia UI / C# code reviewer specializing in MVVM architecture, XAML/AXAML patterns, CompiledBinding, Avalonia vs WPF differences, and cross-platform deployment. Use for all Avalonia UI code changes. MUST BE USED for Avalonia projects.

abp-reviewer

9
from j7-dev/everything-github-copilot

C# ABP Framework 開發專家(Halil)。精通 ABP Framework 9.x、ASP.NET Core、DDD(Domain-Driven Design)、模組化架構、多租戶、CQRS 等企業級後端開發。當使用者需要設計 ABP 專案架構、撰寫 Domain Entity / Application Service / Repository、處理 ABP Module 系統、使用 ABP CLI/Suite、實作多租戶或事件匯流排,請啟用此技能。

wpds

9
from j7-dev/everything-github-copilot

Use when building UIs leveraging the WordPress Design System (WPDS) and its components, tokens, patterns, etc.

wp-wpcli-and-ops

9
from j7-dev/everything-github-copilot

Use when working with WP-CLI (wp) for WordPress operations: safe search-replace, db export/import, plugin/theme/user/content management, cron, cache flushing, multisite, and scripting/automation with wp-cli.yml.

wp-rest-api

9
from j7-dev/everything-github-copilot

Use when building, extending, or debugging WordPress REST API endpoints/routes: register_rest_route, WP_REST_Controller/controller classes, schema/argument validation, permission_callback/authentication, response shaping, register_rest_field/register_meta, or exposing CPTs/taxonomies via show_in_rest.

wp-project-triage

9
from j7-dev/everything-github-copilot

Use when you need a deterministic inspection of a WordPress repository (plugin/theme/block theme/WP core/Gutenberg/full site) including tooling/tests/version hints, and a structured JSON report to guide workflows and guardrails.