DB Read-Only SQL
Use this skill for repository-scoped database lookups.
Rules
- •Use read-only SQL only (
SELECTorWITH ... SELECT). - •Never run mutation or schema-changing SQL.
- •Never run multi-statement SQL from user input.
- •Confirm table and column names from
packages/db/prisma/schema.prismabefore drafting SQL. - •Draft the SQL and exact
psqlcommand first. - •Ask the user to confirm before executing.
Schema Discovery
- •First source of truth:
packages/db/prisma/schema.prisma. - •If table/column names are still uncertain, draft and run an
information_schemalookup query first, then draft the final query.
Disallowed Keywords
Reject SQL containing these case-insensitive keywords:
- •
insert - •
update - •
delete - •
drop - •
alter - •
create - •
truncate - •
grant - •
revoke - •
copy - •
call - •
do - •
vacuum - •
analyze
Also reject semicolon-chained statements.
Default Query Limits
- •If query is not an aggregate-only result and has no
LIMIT, appendLIMIT 50. - •If
LIMITexceeds500, reduce to500.
Required Draft Step
Before any execution, provide:
- •Draft SQL
- •Exact command to run
- •Short expected output note
Then ask: Run this query? (yes/no)
Do not execute until the user confirms.
Execution Command
Preferred command (loads repo .env first, then runs read-only transaction):
bash
set -a; source .env >/dev/null 2>&1; set +a; psql "$DATABASE_URL" -v ON_ERROR_STOP=1 -X -P pager=off -c "BEGIN READ ONLY; <SQL>; ROLLBACK;"
For single-value counts, prefer machine-friendly output:
bash
set -a; source .env >/dev/null 2>&1; set +a; psql "$DATABASE_URL" -v ON_ERROR_STOP=1 -X -At -c "SELECT COUNT(*)::int FROM <table>;"
Environment Checks
Before execution:
- •Confirm
DATABASE_URLis set after loading.env. - •If still missing, check fallback env files:
- •
apps/web/.env - •
apps/chainworker/.env
- •
If connection fails, run a quick host diagnostic:
bash
node -e "const u=new URL(process.env.DATABASE_URL||''); console.log(u.host)"
If DNS/network fails in sandbox, rerun the query outside sandbox (with approval) rather than changing SQL.
Output Style
- •Return a concise summary first.
- •Include key rows/values from the result.
- •Include the SQL that was run in a code block.