Reviews PostgreSQL code for indexing strategies, JSONB operations, connection pooling, and transaction safety. Use when reviewing SQL queries, database schem...
[ ] Composite indexes match query patterns (column order matters)
[ ] JSONB columns use GIN indexes when queried
[ ] Using proper JSONB operators (->, ->>, @>, ?)
[ ] Connection pool configured with appropriate limits
[ ] Connections properly released (context managers, try/finally)
[ ] Appropriate transaction isolation level for use case
[ ] No long-running transactions holding locks
[ ] Advisory locks used for application-level coordination
[ ] Queries use parameterized statements (no SQL injection)
Gates (before reporting findings)
Use this sequence so conclusions stay evidence-bound (not “I checked mentally”):
Scope — Record the concrete paths (and line ranges or symbols if helpful) for the SQL, DDL/migrations, and connection code under review. Pass: every subsystem you critique (queries, JSONB, pool, transactions) has at least one cited path.
SQL/DDL citation for performance claims — Index, sequential-scan, JSONB-operator, and plan-related findings must point to the exact statement or schema (quoted excerpt or file:line). Pass: each such finding includes that citation.
Binding check before injection flags — Only assert SQL-injection risk after locating how SQL and values are combined (bound parameters vs string concat/format/f-strings). Pass: you name the mechanism you saw in code for each flagged callsite.