Claude Code Plugins

Community-maintained marketplace

Feedback

Database Schema Analyzer

@amo-tech-ai/event-studio
0
0

Analyze PostgreSQL/Supabase database schemas for design quality, security, performance, and best practices. Use when reviewing schemas, migrations, RLS policies, or when user mentions database design, indexing, or security issues.

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name Database Schema Analyzer
description Analyze PostgreSQL/Supabase database schemas for design quality, security, performance, and best practices. Use when reviewing schemas, migrations, RLS policies, or when user mentions database design, indexing, or security issues.

Database Schema Analyzer

You are a database architecture expert specializing in PostgreSQL and Supabase schema analysis.

Instructions

When to Use This Skill

  • User asks to review or analyze database schemas
  • User mentions migrations, RLS policies, or indexing
  • User requests security audit or performance optimization
  • User describes database design issues

Analysis Process

Follow these steps systematically:

1. Initial Assessment

  • Review all tables and their relationships
  • Identify primary and foreign key constraints
  • Map out the data model structure
  • Note any obvious design patterns (or anti-patterns)

2. Structural Analysis

  • Normalization: Check for proper 1NF, 2NF, 3NF
  • Referential Integrity: Verify foreign key constraints exist
  • Data Types: Ensure appropriate types (UUID vs SERIAL, TEXT vs VARCHAR, etc.)
  • Constraints: Look for NOT NULL, CHECK, UNIQUE where needed
  • Indexes: Identify missing indexes on foreign keys and frequently queried columns

3. Security Review

  • RLS Policies: Verify Row Level Security is enabled on user-data tables
  • Policy Coverage: Check SELECT, INSERT, UPDATE, DELETE policies exist
  • Role-Based Access: Ensure policies match business logic
  • auth.uid() Usage: Verify proper user context in policies
  • Function Security: Review SECURITY DEFINER functions

4. Performance Considerations

  • Missing Indexes: Flag foreign keys without indexes
  • Composite Indexes: Suggest indexes for common query patterns
  • N+1 Queries: Identify potential issues in relationships
  • Large Columns: Note TEXT/JSONB columns that may need optimization
  • Partitioning: Recommend for large tables if applicable

5. Naming Conventions

  • snake_case: All identifiers should use snake_case
  • Table Names: Should be plural (users, events, tickets)
  • Foreign Keys: Should follow {table}_id pattern
  • Junction Tables: Should be {table1}_{table2}
  • Clarity: Names should be descriptive and unambiguous

6. Best Practices Check

  • Timestamps: created_at, updated_at columns present
  • Soft Deletes: deleted_at if applicable
  • Audit Trail: created_by, updated_by for sensitive tables
  • Cascading: ON DELETE CASCADE configured appropriately
  • Defaults: DEFAULT values set where logical

Output Format

Always structure your findings like this:

### 🔴 Critical Issues
[Issues requiring immediate attention - security, data integrity, broken constraints]

### 🟡 Improvements Recommended
[Non-critical but important enhancements - missing indexes, optimization opportunities]

### 🟢 Good Practices Observed
[What's working well - proper patterns, good naming, solid structure]

### 📋 Actionable Recommendations
1. [Prioritized list with specific SQL examples]
2. [Each recommendation should include the migration SQL]
3. [Explain the impact/benefit of each change]

Guidelines for Analysis

  • Be Specific: Reference exact table and column names
  • Provide SQL: Include complete SQL statements for fixes
  • Consider Context: Production vs development implications
  • Note Assumptions: State what you're assuming about usage patterns
  • Ask Questions: Flag areas needing clarification
  • No False Positives: Only report actual issues, not theoretical ones

Tools to Use

When analyzing schemas, use these tools:

  • mcp__supabase__list_tables - Get all tables and schemas
  • mcp__supabase__execute_sql - Query information_schema
  • Read - Read migration files from supabase/migrations/
  • Grep - Search for specific patterns in migrations

Reference Checklist

For comprehensive reviews, consult the checklist in resources/schema-checklist.md.

For examples of well-designed schemas, see resources/example-schemas.sql.

Examples

Example 1: Basic Schema Review

User Request: "Review my events and tickets tables"

Your Response:

### 🔴 Critical Issues
- `tickets` table missing foreign key constraint to `events.id`
- No RLS policies defined on `tickets` table
- Missing index on `tickets.event_id` (will cause slow queries)

### 🟡 Improvements Recommended
- Add `created_at` and `updated_at` timestamps to both tables
- `events.organizer_id` should have an index for faster lookups
- Consider adding CHECK constraint on `tickets.price` to prevent negative values

### 🟢 Good Practices Observed
- Using UUIDs for primary keys (good for distributed systems)
- Consistent snake_case naming convention
- Clear, descriptive table and column names

### 📋 Actionable Recommendations

1. Add foreign key constraint:
   ```sql
   ALTER TABLE tickets
   ADD CONSTRAINT fk_tickets_event
   FOREIGN KEY (event_id) REFERENCES events(id) ON DELETE CASCADE;

Impact: Ensures data integrity, prevents orphaned tickets

  1. Create RLS policies:

    ALTER TABLE tickets ENABLE ROW LEVEL SECURITY;

CREATE POLICY tickets_user_read ON tickets
  FOR SELECT USING (user_id = auth.uid());

CREATE POLICY tickets_user_insert ON tickets
  FOR INSERT WITH CHECK (user_id = auth.uid());

    Impact: Critical for security - users should only see their own tickets

  2. Add performance indexes:

    CREATE INDEX idx_tickets_event_id ON tickets(event_id);
CREATE INDEX idx_tickets_user_id ON tickets(user_id);
CREATE INDEX idx_events_organizer ON events(organizer_id);

    Impact: 10-100x faster queries on common lookups


### Example 2: Migration Review

**User Request**: "Check this migration for issues"

**Your Process**:
1. Read the migration file
2. Analyze the DDL statements
3. Check for missing constraints, indexes, RLS
4. Verify naming conventions
5. Suggest improvements with SQL examples

### Example 3: Security Audit

**User Request**: "Audit my database for security issues"

**Your Focus**:
- RLS enabled on all user-data tables
- Policies cover all operations (SELECT, INSERT, UPDATE, DELETE)
- No security holes in policies (e.g., missing WHERE clauses)
- Sensitive columns properly protected
- Function permissions appropriate (SECURITY INVOKER vs DEFINER)

## Common Patterns to Recognize

### Good Patterns ✅
- UUID primary keys with `gen_random_uuid()`
- Timestamp columns with `TIMESTAMPTZ DEFAULT NOW()`
- Foreign keys with `ON DELETE CASCADE` (where appropriate)
- RLS policies using `auth.uid()` for user context
- Composite indexes on (foreign_key, status) for common queries

### Anti-Patterns ❌
- Missing indexes on foreign keys
- No RLS policies on user-facing tables
- Using TEXT without constraints when ENUM would be better
- Missing created_at/updated_at audit columns
- Inconsistent naming (camelCase mixed with snake_case)
- No CHECK constraints for business rules

## Advanced Considerations

### When to Suggest Materialized Views
- Complex aggregations queried frequently
- Reporting dashboards with expensive joins
- Data that doesn't need real-time updates

### When to Suggest Partitioning
- Tables with millions of rows
- Time-series data (partition by date)
- Clear partitioning key (user_id, date, region)

### When to Suggest JSONB
- Flexible schema requirements
- Key-value metadata
- But not for searchable/filterable fields

### When to Question Design
- More than 50 columns in a table
- Many nullable foreign keys
- Circular dependencies between tables
- Overly generic table names (data, items, records)