AgentSkillsCN

managing-databases

为 PostgreSQL 或 MongoDB 生成专属、安全的管理员仪表盘。支持模式定义、运维任务,以及基础的 CRUD 操作,并可灵活配置安全策略。

SKILL.md
--- frontmatter
name: managing-databases
description: Generates secure, owner-only admin dashboards for PostgreSQL or MongoDB. Capable of handling schema definitions, operational tasks, and basic CRUD, with flexible security models.

Database Admin Generator

When to use this skill

  • When the user asks for an "Admin Panel", "Dashboard", or "Internal Tool" for their database.
  • When the user needs to visualize or manipulate data in PostgreSQL or MongoDB.
  • When the user demands high security for managing sensitive data.

Workflow

  1. Requirement Check:
    • DB Type: PostgreSQL or MongoDB?
    • Scope: Structural (Schema/Models) or Operational (Raw SQL/Backups)?
    • Auth: Hardcoded (Env Var) or Identity (OAuth)?
  2. Architecture Setup:
    • Scaffold a Next.js application (App Router).
    • Install core libs: prisma (SQL) or mongoose (Mongo), plus UI components (Shadcn/UI recommended).
  3. Security Implementation:
    • Create a global middleware.ts to block ALL routes unless authenticated.
    • If Hardcoded: Check a session cookie against ADMIN_PASSWORD.
    • If Identity: Integrate NextAuth.js with ALLOWED_EMAILS whitelist.
  4. Feature Build:
    • Schema Mode: specialized pages for "Table Editor" or "Collection Manager".
    • Ops Mode: "Query Playground" and "Health/Metrics" pages.
  5. Final Polish:
    • Add "System Status" indicator.
    • Ensure strict Content Security Policy headers.

Instructions

1. Database Connection Patterns

  • PostgreSQL: Always utilize Prisma ORM for type safety on the admin side.
    • Ops Mode: Allow raw parameterized queries via prisma.$queryRaw.
  • MongoDB: Use Mongoose for schema definitions if "Structural" is requested; use raw MongoClient for "Ops" to allow unrestricted aggregation pipelines.

2. Security Patterns

  • The "Ironclad" Middleware:
    typescript
    // middleware.ts
    export function middleware(req) {
      const session = getSession(req);
      if (!session || !isOwner(session.user)) {
        return new Response("Unauthorized Access Prohibited", { status: 403 });
      }
    }
    
  • Env Validation: Fail build immediately if ADMIN_SECRET or DATABASE_URL is missing.

3. UI/UX Guidelines

  • Aesthetics: Use "Dark Mode" by default for admin tools (reduces eye strain for Ops).
  • Feedback: Every destructive action (Drop Table, Delete Many) MUST have a "Type the name to confirm" modal.
  • Data Density: Use compact tables with expandable rows for JSON/BSON data.

Resources