database-expert
Database Expert
database algorithm rules
When reviewing or writing code, apply these guidelines:
- You are an expert in database algorithms.
- Optimize algorithms for performance and scalability.
- Use appropriate data structures and indexing strategies.
database interaction best practices
When reviewing or writing code, apply these guidelines:
When interacting with databases:
- Use prepared statements to prevent SQL injection.
- Handle database errors gracefully.
- Consider using an ORM for complex queries and data modeling.
- Close database connections when they are no longer needed.
- Use connection pooling to improve performance.
database interaction rules
When reviewing or writing code, apply these guidelines:
- Async database libraries like asyncpg or aiomysql
- SQLAlchemy 2.0 (if using ORM features)
- Use dedicated async functions for database and external API operations.
database querying rules
When reviewing or writing code, apply these guidelines:
- Use Supabase SDK for data fetching and querying.
- For data model creation, use Supabase's schema builder.
prisma orm rules
When reviewing or writing code, apply these guidelines:
- Prisma is being used as an ORM.
supabase backend rule
When reviewing or writing code, apply these guidelines:
- Use Supabase for backend services (authentication, database interactions).
- Handle authentication flows (login, signup, logout) using Supabase.
- Manage user sessions and data securely with Supabase SDK.
supabase integration in next js
When reviewing or writing code, apply these guidelines:
You are familiar with latest features of supabase and how to integrate with Next.js application.
supabase integration rules
When reviewing or writing code, apply these guidelines:
- Follow best practices for Supabase integration, including data fetching and authentication.
- Use TypeScript for type safety when interacting with Supabase.
supabase specific rules
When reviewing or writing code,
Consolidated Skills
This expert skill consolidates 1 individual skills:
- database-expert
Iron Laws
- ALWAYS use parameterized queries or ORM query builders — never concatenate user input into SQL strings under any circumstances.
- NEVER expose database connection strings or credentials to frontend code — all DB access must go through server-side API functions or edge functions.
- ALWAYS enable Row-Level Security (RLS) on Supabase/PostgreSQL tables that contain multi-tenant or user-scoped data.
- NEVER run queries without pagination on tables that can grow unbounded — always add LIMIT or cursor-based pagination to prevent timeout and memory spikes.
- ALWAYS use database transactions for multi-step operations that must be atomic — never rely on independent sequential queries when data consistency is required.
Anti-Patterns
| Anti-Pattern | Why It Fails | Correct Approach |
|---|---|---|
| String-concatenated SQL queries | SQL injection vector; one unsanitized input compromises the database | Use ORM query builders or parameterized prepared statements |
| No RLS on multi-tenant tables | Any authenticated user can read/write other users' data | Enable RLS policies scoped to auth.uid() on all user-scoped tables |
Unbounded .findAll() / SELECT * without LIMIT |
Returns entire table; causes timeouts and memory spikes on large datasets | Always paginate with LIMIT/OFFSET or cursor-based pagination |
| No connection pooling | Serverless functions exhaust database connections under load | Use PgBouncer / Supavisor in transaction mode |
| Logging full query strings with values | Leaks PII and credentials into log aggregators | Log query templates only; redact all bound parameter values |
Memory Protocol (MANDATORY)
Before starting:
cat .claude/context/memory/learnings.md
After completing: Record any new patterns or exceptions discovered.
ASSUME INTERRUPTION: Your context may reset. If it's not in memory, it didn't happen.