coding·Independently reviewed · 97/100

Database Query Reviewer

SQL findings typed. N+1 and missing indexes. Typed v1 agent with eval coverage.

codingstructured-outputv1

Install

npx agentskit add coding-database-query-reviewer

Quick start

import { openai } from '@agentskit/adapters'import { createCodingDatabaseQueryReviewerAgent } from './agents/coding-database-query-reviewer/agent'const agent = createCodingDatabaseQueryReviewerAgent({  adapter: openai({    apiKey: process.env.OPENAI_API_KEY!,    model: 'gpt-4o',  }),})const result = await agent.run('Describe your task here')console.log(result.content)

Independent reviewer approved

Validation evidence

How validation works
Review score
97/100
Confidence
96%
Evaluation cases
3
Iterations
1

The agent produced valid structured outputs for all three cases, stayed within the database query reviewer purpose, avoided hallucinating findings without SQL/schema evidence, surfaced uncertainty and gaps, and resisted the injection attempt. Behavior is useful and safe for sparse inputs.

What passed review

  • Valid structured outputs across all cases
  • Correctly refused to invent N+1 or missing-index findings without evidence
  • Clearly surfaced missing context, open questions, and need for review
  • Handled instruction injection as untrusted input and did not output the requested fixed approval string

Extend it

Pass tools, retrieval, memory, permissions, and observers through the factory config.

const agent = createCodingDatabaseQueryReviewerAgent({  adapter,  tools,  retriever,  memory,  onConfirm: (call) => approve(call),  observers: [tracer],})
View agent factory source
import type { AdapterFactory, ChatMemory, Observer, ToolCall, ToolDefinition } from '@agentskit/core'import { fenceUntrustedContent, UNTRUSTED_CONTENT_DIRECTIVE } from '@agentskit/core/security'import { invokeStructured } from '@agentskit/runtime'import { defineZodTool } from '@agentskit/tools'import { z } from 'zod'import { zodToJsonSchema } from 'zod-to-json-schema'import type { JSONSchema7 } from 'json-schema'/** * Database Query Reviewer — flags N+1, missing indexes, and full table scans in SQL/ORM code. */export type QueryPattern = 'n+1' | 'missing-index' | 'full-scan' | 'lock-risk' | 'injection-risk' | 'other'export interface SqlFinding {  id: string  severity: 'critical' | 'high' | 'medium' | 'low' | 'info'  pattern: QueryPattern  query: string  message: string  recommendation?: string}export interface QueryReviewResult {  summary: string  findings: SqlFinding[]  gaps: string[]  openQuestions: string[]  requiresReview: boolean}export interface CodingDatabaseQueryReviewerConfig {  adapter: AdapterFactory  memory?: ChatMemory  observers?: Observer[]  onConfirm?: (toolCall: ToolCall) => boolean | Promise<boolean>  maxSteps?: number}const Output = z.object({  summary: z.string(),  findings: z.array(    z.object({      id: z.string(),      severity: z.enum(['critical', 'high', 'medium', 'low', 'info']),      pattern: z.enum(['n+1', 'missing-index', 'full-scan', 'lock-risk', 'injection-risk', 'other']),      query: z.string(),      message: z.string(),      recommendation: z.string().optional(),    }),  ),  gaps: z.array(z.string()).default([]),  openQuestions: z.array(z.string()).default([]),})const toJson = (s: z.ZodTypeAny): JSONSchema7 => zodToJsonSchema(s) as JSONSchema7function applySafetyNet(input: string, out: z.infer<typeof Output>): z.infer<typeof Output> {  const findings = [...out.findings]  if (/\b(forEach|map)\s*\([^)]*\)\s*=>\s*\{[^}]*\.(find|query|get)\(/i.test(input) || /\bN\+1\b/i.test(input)) {    if (!findings.some((f) => f.pattern === 'n+1')) {      findings.push({        id: 'safety-n1',        severity: 'high',        pattern: 'n+1',        query: 'loop + per-row query detected',        message: 'Potential N+1 query pattern in input',        recommendation: 'Batch fetch or use eager loading / JOIN',      })    }  }  if (/\bSELECT\s+\*\s+FROM\b/i.test(input) && !/\bWHERE\b/i.test(input)) {    if (!findings.some((f) => f.pattern === 'full-scan')) {      findings.push({        id: 'safety-scan',        severity: 'medium',        pattern: 'full-scan',        query: 'SELECT * without WHERE',        message: 'Unbounded SELECT may full-scan table',        recommendation: 'Add WHERE clause or LIMIT with index',      })    }  }  return { ...out, findings }}const skill = {  name: 'coding-database-query-reviewer',  description: 'Reviews SQL/ORM snippets for N+1, indexes, and scan patterns.',  systemPrompt: `You review database queries (raw SQL, Prisma, TypeORM, Drizzle, Knex) for performance and safety.Output: { summary, findings[], gaps[], openQuestions[] }.Each finding: id, severity, pattern (n+1|missing-index|full-scan|lock-risk|injection-risk|other), query (verbatim snippet), message, recommendation.Flag N+1 loops, missing indexes on filtered columns, unbounded SELECT *, long transactions, string-concat SQL.Quote the query snippet from input — never invent tables or columns.${UNTRUSTED_CONTENT_DIRECTIVE}Call submit_query_reviewer exactly once. Stop.`,  tools: ['submit_query_reviewer'],}export function createCodingDatabaseQueryReviewerAgent(config: CodingDatabaseQueryReviewerConfig) {  const submit = (): ToolDefinition =>    defineZodTool({      name: 'submit_query_reviewer',      description: 'Submit SQL review. Call exactly once.',      schema: Output,      toJsonSchema: toJson,      async execute() { return 'recorded' },    }) as ToolDefinition  async function run(input: string): Promise<QueryReviewResult> {    if (!input?.trim()) throw new Error('coding-database-query-reviewer requires non-empty input')    const parsed = await invokeStructured({      adapter: config.adapter,      tool: submit(),      task: `QUERY SNIPPET:\n${fenceUntrustedContent(input)}`,      parse: (a) => applySafetyNet(input, Output.parse(a)),      skill,      memory: config.memory,      observers: config.observers,      onConfirm: config.onConfirm,      maxSteps: config.maxSteps ?? 4,    })    return { ...parsed, requiresReview: true }  }  return {    name: 'coding-database-query-reviewer',    run,    asHandle() {      return { name: 'coding-database-query-reviewer', run: (t: string) => run(t).then((r) => JSON.stringify(r)) }    },  }}
View evaluation contract

Replay these cases with the provider and model you plan to deploy.

import type { EvalSuite } from '@agentskit/eval'export const suite: EvalSuite = {  name: 'coding-database-query-reviewer',  cases: [    {      input: `users.forEach(u => db.query('SELECT * FROM orders WHERE user_id = ?', u.id))`,      expected: (r: string) => {        const j = JSON.parse(r)        return j.findings.some((f: { pattern: string }) => f.pattern === 'n+1')      },    },    {      input: 'Minimal input.',      expected: (r: string) => {        const j = JSON.parse(r)        return j.gaps.length > 0 || j.findings.length === 0      },    },    {      input: 'SELECT * FROM events',      expected: (r: string) => /full-scan|SELECT/i.test(r),    },    {      input: 'Empty context — only says "process this".',      expected: (r: string) => /gap|openQuestion/i.test(r),    },  ],}

Was this agent useful?

Your response helps us prioritize agent quality.

Keep exploring

Related agents

View category