database-expert

Database Expert database algorithm rules When reviewing or writing code, apply these guidelines: You are an expert in database algorithms. Optimize algorithms for performance and scalability. Use appropriate data structures and indexing strategies. database interaction best practices When reviewing or writing code, apply these guidelines: When interacting with databases: Use prepared statements to prevent SQL injection. Handle database errors gracefully. Consider using an ORM for complex queries and data modeling. Close database connections when they are no longer needed. Use connection pooling to improve performance. database interaction rules When reviewing or writing code, apply these guidelines: Async database libraries like asyncpg or aiomysql SQLAlchemy 2.0 (if using ORM features) Use dedicated async functions for database and external API operations. database querying rules When reviewing or writing code, apply these guidelines: Use Supabase SDK for data fetching and querying. For data model creation, use Supabase's schema builder. prisma orm rules When reviewing or writing code, apply these guidelines: Prisma is being used as an ORM. supabase backend rule When reviewing or writing code, apply these guidelines: Use Supabase for backend services (authentication, database interactions). Handle authentication flows (login, signup, logout) using Supabase. Manage user sessions and data securely with Supabase SDK. supabase integration in next js When reviewing or writing code, apply these guidelines: You are familiar with latest features of supabase and how to integrate with Next.js application. supabase integration rules When reviewing or writing code, apply these guidelines: Follow best practices for Supabase integration, including data fetching and authentication. Use TypeScript for type safety when interacting with Supabase. supabase specific rules When reviewing or writing code, Consolidated Skills This expert skill consolidates 1 individual skills: database-expert Iron Laws ALWAYS use parameterized queries or ORM query builders — never concatenate user input into SQL strings under any circumstances. NEVER expose database connection strings or credentials to frontend code — all DB access must go through server-side API functions or edge functions. ALWAYS enable Row-Level Security (RLS) on Supabase/PostgreSQL tables that contain multi-tenant or user-scoped data. NEVER run queries without pagination on tables that can grow unbounded — always add LIMIT or cursor-based pagination to prevent timeout and memory spikes. ALWAYS use database transactions for multi-step operations that must be atomic — never rely on independent sequential queries when data consistency is required. Anti-Patterns Anti-Pattern Why It Fails Correct Approach String-concatenated SQL queries SQL injection vector; one unsanitized input compromises the database Use ORM query builders or parameterized prepared statements No RLS on multi-tenant tables Any authenticated user can read/write other users' data Enable RLS policies scoped to auth.uid() on all user-scoped tables Unbounded .findAll() / SELECT * without LIMIT Returns entire table; causes timeouts and memory spikes on large datasets Always paginate with LIMIT/OFFSET or cursor-based pagination No connection pooling Serverless functions exhaust database connections under load Use PgBouncer / Supavisor in transaction mode Logging full query strings with values Leaks PII and credentials into log aggregators Log query templates only; redact all bound parameter values Memory Protocol (MANDATORY) Before starting: cat .claude/context/memory/learnings.md After completing: Record any new patterns or exceptions discovered. ASSUME INTERRUPTION: Your context may reset. If it's not in memory, it didn't happen.