akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity
Files
539dd1bff4d3735cce52a9becb8a0174380d1dd2
Charon/.claude/commands/sql-code-review.md
T
GitHub Actions 698ad86d17 chore: structured autonomy commands for planning, generating, and implementing features 
- Create sa-generate.md for generating implementation documentation from plans
- Create sa-implement.md for executing implementation plans step-by-step
- Create sa-plan.md for collaborating with users to design development plans
- Add security scan commands for CodeQL, Docker images, Go vulnerabilities, and GORM
- Implement SQL code review and optimization commands
- Add supply chain vulnerability remediation process
- Introduce backend and frontend test commands with coverage checks
- Update settings.json for command permissions
- Document governance, project overview, code quality rules, and critical architecture rules in CLAUDE.md
- Establish root cause analysis protocol and definition of done for development
2026-03-08 05:45:21 +00:00

2.5 KiB
Raw Blame History

SQL Code Review

Perform a thorough SQL code review of the provided SQL/GORM code focusing on security, performance, maintainability, and database best practices.

Code to review: $ARGUMENTS (or selected code / current file if not specified)

Security Analysis

SQL Injection Prevention

  • All user inputs must use parameterized queries — never string concatenation
  • Verify GORM's raw query calls use ? placeholders or named args, not fmt.Sprintf
  • Review access controls and principle of least privilege
  • Check for sensitive data exposure (avoid SELECT * on tables with sensitive columns)

Access Control & Data Protection

  • Role-based access: use database roles instead of direct user permissions
  • Sensitive operations are audit-logged
  • Encrypted storage for sensitive data (passwords, tokens)

Performance Optimization

Query Structure

  • Avoid SELECT * — use explicit column lists
  • Use appropriate JOIN types (INNER vs LEFT vs EXISTS)
  • Avoid functions in WHERE clauses that prevent index usage (e.g., YEAR(date_col))
  • Use range conditions instead: date_col >= '2024-01-01' AND date_col < '2025-01-01'

Index Strategy

  • Identify columns needing indexes (frequently queried in WHERE, JOIN, ORDER BY)
  • Composite indexes: correct column order matters
  • Avoid over-indexing (impacts INSERT/UPDATE performance)

Common Anti-Patterns to Flag

-- N+1 query problem: loop + individual queries → fix with JOIN
-- Correlated subqueries → replace with window functions or JOIN
-- DISTINCT masking join issues → fix the JOIN instead
-- OFFSET pagination on large tables → use cursor-based pagination
-- OR conditions preventing index use → consider UNION ALL

Code Quality

  • Consistent naming conventions (snake_case for columns/tables)
  • No reserved words as identifiers
  • Appropriate data types (don't use TEXT for fixed-length values)
  • Constraints enforce data integrity (NOT NULL, FK, CHECK, DEFAULT)

Output Format

For each issue found:

## [PRIORITY] [CATEGORY]: [Brief Description]

**Location**: [Table/line/function]
**Issue**: [Detailed explanation]
**Security Risk**: [If applicable]
**Performance Impact**: [If applicable]
**Recommendation**: [Specific fix with code example]

Before:
[problematic SQL]

After:
[improved SQL]

Summary Assessment

  • Security Score: [1-10]
  • Performance Score: [1-10]
  • Maintainability Score: [1-10]

Top 3 Priority Actions

  1. [Critical fix]
  2. [Performance improvement]
  3. [Code quality improvement]
Reference in New Issue View Git Blame Copy Permalink