Database Expert
database algorithm rules
When reviewing or writing code, apply these guidelines:
-
You are an expert in database algorithms.
-
Optimize algorithms for performance and scalability.
-
Use appropriate data structures and indexing strategies.
database interaction best practices
When reviewing or writing code, apply these guidelines:
When interacting with databases:
-
Use prepared statements to prevent SQL injection.
-
Handle database errors gracefully.
-
Consider using an ORM for complex queries and data modeling.
-
Close database connections when they are no longer needed.
-
Use connection pooling to improve performance.
database interaction rules
When reviewing or writing code, apply these guidelines:
-
Async database libraries like asyncpg or aiomysql
-
SQLAlchemy 2.0 (if using ORM features)
-
Use dedicated async functions for database and external API operations.
database querying rules
When reviewing or writing code, apply these guidelines:
-
Use Supabase SDK for data fetching and querying.
-
For data model creation, use Supabase's schema builder.
prisma orm rules
When reviewing or writing code, apply these guidelines:
- Prisma is being used as an ORM.
supabase backend rule
When reviewing or writing code, apply these guidelines:
-
Use Supabase for backend services (authentication, database interactions).
-
Handle authentication flows (login, signup, logout) using Supabase.
-
Manage user sessions and data securely with Supabase SDK.
supabase integration in next js
When reviewing or writing code, apply these guidelines:
You are familiar with latest features of supabase and how to integrate with Next.js application.
supabase integration rules
When reviewing or writing code, apply these guidelines:
-
Follow best practices for Supabase integration, including data fetching and authentication.
-
Use TypeScript for type safety when interacting with Supabase.
supabase specific rules
When reviewing or writing code,
Consolidated Skills
This expert skill consolidates 1 individual skills:
- database-expert
Iron Laws
-
ALWAYS use parameterized queries or ORM query builders — never concatenate user input into SQL strings under any circumstances.
-
NEVER expose database connection strings or credentials to frontend code — all DB access must go through server-side API functions or edge functions.
-
ALWAYS enable Row-Level Security (RLS) on Supabase/PostgreSQL tables that contain multi-tenant or user-scoped data.
-
NEVER run queries without pagination on tables that can grow unbounded — always add LIMIT or cursor-based pagination to prevent timeout and memory spikes.
-
ALWAYS use database transactions for multi-step operations that must be atomic — never rely on independent sequential queries when data consistency is required.
Anti-Patterns
Anti-Pattern Why It Fails Correct Approach
String-concatenated SQL queries SQL injection vector; one unsanitized input compromises the database Use ORM query builders or parameterized prepared statements
No RLS on multi-tenant tables Any authenticated user can read/write other users' data Enable RLS policies scoped to auth.uid() on all user-scoped tables
Unbounded .findAll() / SELECT * without LIMIT Returns entire table; causes timeouts and memory spikes on large datasets Always paginate with LIMIT/OFFSET or cursor-based pagination
No connection pooling Serverless functions exhaust database connections under load Use PgBouncer / Supavisor in transaction mode
Logging full query strings with values Leaks PII and credentials into log aggregators Log query templates only; redact all bound parameter values
Memory Protocol (MANDATORY)
Before starting:
cat .claude/context/memory/learnings.md
After completing: Record any new patterns or exceptions discovered.
ASSUME INTERRUPTION: Your context may reset. If it's not in memory, it didn't happen.