What does postgresql-code-review cover?

A PostgreSQL-specific code-review assistant focusing on best practices, anti-patterns, and quality standards, including JSONB, arrays, custom types, schema design, function optimization, and RLS.

How is JSONB handled in reviews?

It promotes indexable patterns, proper operator usage (e.g., @>), and the use of GIN indexes to ensure performant queries.

Does it address security features like RLS?

Yes, it includes PostgreSQL-exclusive security features like Row Level Security and guidance on implementing secure access controls.

postgresql-code-review

Scanned

npx machina-cli add skill github/awesome-copilot/postgresql-code-review --openclaw

Files (1)

SKILL.md

7.3 KB

PostgreSQL Code Review Assistant

Expert PostgreSQL code review for ${selection} (or entire project if no selection). Focus on PostgreSQL-specific best practices, anti-patterns, and quality standards that are unique to PostgreSQL.

🎯 PostgreSQL-Specific Review Areas

JSONB Best Practices

-- ❌ BAD: Inefficient JSONB usage
SELECT * FROM orders WHERE data->>'status' = 'shipped';  -- No index support

-- ✅ GOOD: Indexable JSONB queries
CREATE INDEX idx_orders_status ON orders USING gin((data->'status'));
SELECT * FROM orders WHERE data @> '{"status": "shipped"}';

-- ❌ BAD: Deep nesting without consideration
UPDATE orders SET data = data || '{"shipping":{"tracking":{"number":"123"}}}';

-- ✅ GOOD: Structured JSONB with validation
ALTER TABLE orders ADD CONSTRAINT valid_status 
CHECK (data->>'status' IN ('pending', 'shipped', 'delivered'));

Array Operations Review

-- ❌ BAD: Inefficient array operations
SELECT * FROM products WHERE 'electronics' = ANY(categories);  -- No index

-- ✅ GOOD: GIN indexed array queries
CREATE INDEX idx_products_categories ON products USING gin(categories);
SELECT * FROM products WHERE categories @> ARRAY['electronics'];

-- ❌ BAD: Array concatenation in loops
-- This would be inefficient in a function/procedure

-- ✅ GOOD: Bulk array operations
UPDATE products SET categories = categories || ARRAY['new_category']
WHERE id IN (SELECT id FROM products WHERE condition);

PostgreSQL Schema Design Review

-- ❌ BAD: Not using PostgreSQL features
CREATE TABLE users (
    id INTEGER,
    email VARCHAR(255),
    created_at TIMESTAMP
);

-- ✅ GOOD: PostgreSQL-optimized schema
CREATE TABLE users (
    id BIGSERIAL PRIMARY KEY,
    email CITEXT UNIQUE NOT NULL,  -- Case-insensitive email
    created_at TIMESTAMPTZ DEFAULT NOW(),
    metadata JSONB DEFAULT '{}',
    CONSTRAINT valid_email CHECK (email ~* '^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$')
);

-- Add JSONB GIN index for metadata queries
CREATE INDEX idx_users_metadata ON users USING gin(metadata);

Custom Types and Domains

-- ❌ BAD: Using generic types for specific data
CREATE TABLE transactions (
    amount DECIMAL(10,2),
    currency VARCHAR(3),
    status VARCHAR(20)
);

-- ✅ GOOD: PostgreSQL custom types
CREATE TYPE currency_code AS ENUM ('USD', 'EUR', 'GBP', 'JPY');
CREATE TYPE transaction_status AS ENUM ('pending', 'completed', 'failed', 'cancelled');
CREATE DOMAIN positive_amount AS DECIMAL(10,2) CHECK (VALUE > 0);

CREATE TABLE transactions (
    amount positive_amount NOT NULL,
    currency currency_code NOT NULL,
    status transaction_status DEFAULT 'pending'
);

🔍 PostgreSQL-Specific Anti-Patterns

Performance Anti-Patterns

Avoiding PostgreSQL-specific indexes: Not using GIN/GiST for appropriate data types
Misusing JSONB: Treating JSONB like a simple string field
Ignoring array operators: Using inefficient array operations
Poor partition key selection: Not leveraging PostgreSQL partitioning effectively

Schema Design Issues

Not using ENUM types: Using VARCHAR for limited value sets
Ignoring constraints: Missing CHECK constraints for data validation
Wrong data types: Using VARCHAR instead of TEXT or CITEXT
Missing JSONB structure: Unstructured JSONB without validation

Function and Trigger Issues

-- ❌ BAD: Inefficient trigger function
CREATE OR REPLACE FUNCTION update_modified_time()
RETURNS TRIGGER AS $$
BEGIN
    NEW.updated_at = NOW();  -- Should use TIMESTAMPTZ
    RETURN NEW;
END;
$$ LANGUAGE plpgsql;

-- ✅ GOOD: Optimized trigger function
CREATE OR REPLACE FUNCTION update_modified_time()
RETURNS TRIGGER AS $$
BEGIN
    NEW.updated_at = CURRENT_TIMESTAMP;
    RETURN NEW;
END;
$$ LANGUAGE plpgsql;

-- Set trigger to fire only when needed
CREATE TRIGGER update_modified_time_trigger
    BEFORE UPDATE ON table_name
    FOR EACH ROW
    WHEN (OLD.* IS DISTINCT FROM NEW.*)
    EXECUTE FUNCTION update_modified_time();

📊 PostgreSQL Extension Usage Review

Extension Best Practices

-- ✅ Check if extension exists before creating
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
CREATE EXTENSION IF NOT EXISTS "pgcrypto";
CREATE EXTENSION IF NOT EXISTS "pg_trgm";

-- ✅ Use extensions appropriately
-- UUID generation
SELECT uuid_generate_v4();

-- Password hashing
SELECT crypt('password', gen_salt('bf'));

-- Fuzzy text matching
SELECT word_similarity('postgres', 'postgre');

🛡️ PostgreSQL Security Review

Row Level Security (RLS)

-- ✅ GOOD: Implementing RLS
ALTER TABLE sensitive_data ENABLE ROW LEVEL SECURITY;

CREATE POLICY user_data_policy ON sensitive_data
    FOR ALL TO application_role
    USING (user_id = current_setting('app.current_user_id')::INTEGER);

Privilege Management

-- ❌ BAD: Overly broad permissions
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO app_user;

-- ✅ GOOD: Granular permissions
GRANT SELECT, INSERT, UPDATE ON specific_table TO app_user;
GRANT USAGE ON SEQUENCE specific_table_id_seq TO app_user;

🎯 PostgreSQL Code Quality Checklist

Schema Design

Using appropriate PostgreSQL data types (CITEXT, JSONB, arrays)
Leveraging ENUM types for constrained values
Implementing proper CHECK constraints
Using TIMESTAMPTZ instead of TIMESTAMP
Defining custom domains for reusable constraints

Performance Considerations

Appropriate index types (GIN for JSONB/arrays, GiST for ranges)
JSONB queries using containment operators (@>, ?)
Array operations using PostgreSQL-specific operators
Proper use of window functions and CTEs
Efficient use of PostgreSQL-specific functions

PostgreSQL Features Utilization

Using extensions where appropriate
Implementing stored procedures in PL/pgSQL when beneficial
Leveraging PostgreSQL's advanced SQL features
Using PostgreSQL-specific optimization techniques
Implementing proper error handling in functions

Security and Compliance

Row Level Security (RLS) implementation where needed
Proper role and privilege management
Using PostgreSQL's built-in encryption functions
Implementing audit trails with PostgreSQL features

📝 PostgreSQL-Specific Review Guidelines

Data Type Optimization: Ensure PostgreSQL-specific types are used appropriately
Index Strategy: Review index types and ensure PostgreSQL-specific indexes are utilized
JSONB Structure: Validate JSONB schema design and query patterns
Function Quality: Review PL/pgSQL functions for efficiency and best practices
Extension Usage: Verify appropriate use of PostgreSQL extensions
Performance Features: Check utilization of PostgreSQL's advanced features
Security Implementation: Review PostgreSQL-specific security features

Focus on PostgreSQL's unique capabilities and ensure the code leverages what makes PostgreSQL special rather than treating it as a generic SQL database.

Source

git clone https://github.com/github/awesome-copilot/blob/main/plugins/database-data-management/skills/postgresql-code-review/SKILL.md

View on GitHub

Overview

Provides expert PostgreSQL code reviews focused on PostgreSQL-specific best practices, anti-patterns, and quality standards. It covers JSONB operations, array handling, custom types and domains, schema design, function optimization, and security features like Row Level Security (RLS).

How This Skill Works

The assistant analyzes code and schemas against PostgreSQL-specific patterns, flags anti-patterns, and suggests concrete improvements. It emphasizes indexable JSONB queries, proper array usage, robust schema design, and safe function/trigger patterns, including RLS considerations.

When to Use It

Review JSONB-heavy queries to ensure indexable patterns with GIN indexes
Evaluate array usage and indexing in catalogs or tagging systems
Validate PostgreSQL schema design with appropriate data types, constraints, and JSONB metadata
Introduce or enforce custom types, domains, and ENUMs to guarantee data validity
Apply security and access controls, including Row Level Security (RLS) policies

Quick Start

Step 1: Run a PostgreSQL review focused on JSONB, arrays, and schema design
Step 2: Flag anti-patterns (unindexed JSONB, VARCHAR over ENUM, missing constraints) and propose fixes
Step 3: Apply changes: add GIN indexes, convert to ENUMs/domains, and define RLS where needed

Best Practices

Use indexable JSONB patterns (e.g., data @> and data->'field') and create GIN indexes
Add JSONB validation via CHECK constraints to avoid unstructured data
Index JSONB metadata with GIN indices and utilize appropriate data types (CITEXT, BIGSERIAL, TIMESTAMPTZ)
Prefer PostgreSQL-specific types (ENUMs, domains) over generic VARCHAR/DECIMAL
Leverage RLS and constrained data models for secure, row-level access

Example Use Cases

Index status on JSONB data with GIN and query with @> to filter orders
Use a GIN index on metadata JSONB for fast user profile searches
Design users table with CITEXT email, BIGSERIAL id, and JSONB metadata
Define custom types currency_code ENUM and transaction_status ENUM and a positive_amount domain
Implement a trigger function optimized for TIMESTAMPTZ usage to update timestamps

Frequently Asked Questions

Add this skill to your agents