Database Conventions

Engine-specific routing

• PostgreSQL - supabase-postgres-best-practices for query patterns, indexing, partitioning. Ignore its RLS / Supabase-tenancy rules unless the project actually uses DB-enforced tenancy.
• SQL Server / T-SQL - query-optimization (rewrites, SARGability, plan reading), index-strategies (clustered / nonclustered / filtered / columnstore), tsql-functions (function catalog).
• SQLite - no dedicated skill; treat as Postgres-lite: WAL mode by default, single-writer per file, pragmas at connection open, INTEGER PRIMARY KEY for autoincrement, no concurrent writers across processes.
• MongoDB / document stores - no dedicated skill; apply document-modeling care: embed vs reference per access pattern, index every queried field path, bound array growth, no unbounded $lookup.

Query safety

• Never write raw SQL strings in application code. Use parameterized queries or ORM. Concatenation is forbidden even for "safe" inputs.
• Never log query text containing parameter values that may carry PII / secrets.
• Default reads to read-only intent (transaction isolation READ COMMITTED minimum; SNAPSHOT / REPEATABLE READ only when needed and justified).
• Bound every result set: LIMIT / TOP on any query that could grow unboundedly. No SELECT *.

N+1 prevention