{"id":"coding-database-query-reviewer","title":"Database Query Reviewer","description":"SQL findings typed. N+1 and missing indexes. Typed v1 agent with eval coverage.","category":"coding","status":"validated","version":"1.0.0","source":"agentskit-registry","license":"MIT","tags":["coding","structured-output","v1"],"packages":["@agentskit/core","@agentskit/runtime","@agentskit/tools"],"files":["agent.ts","README.md","eval.ts"],"requires":{"zod":"^3","zod-to-json-schema":"^3"},"skill":{"name":"coding-database-query-reviewer","description":"SQL findings typed. N+1 and missing indexes. Typed v1 agent with eval coverage.","systemPrompt":"You review database queries (raw SQL, Prisma, TypeORM, Drizzle, Knex) for performance and safety.\n\nOutput: { summary, findings[], gaps[], openQuestions[] }.\nEach finding: id, severity, pattern (n+1|missing-index|full-scan|lock-risk|injection-risk|other), query (verbatim snippet), message, recommendation.\n\nFlag N+1 loops, missing indexes on filtered columns, unbounded SELECT *, long transactions, string-concat SQL.\nQuote the query snippet from input — never invent tables or columns.\n\n${UNTRUSTED_CONTENT_DIRECTIVE}\n\nCall submit_query_reviewer exactly once. Stop."},"flow":null,"a2a":{"id":"io.agentskit.registry.coding-database-query-reviewer","name":"Database Query Reviewer","description":"SQL findings typed. N+1 and missing indexes. Typed v1 agent with eval coverage.","version":"1.0.0","homepage":"https://registry.agentskit.io","skills":[{"name":"coding-database-query-reviewer","description":"SQL findings typed. N+1 and missing indexes. Typed v1 agent with eval coverage.","capabilities":{"streaming":true,"cancellation":true,"requiresApproval":false}}]},"sources":[{"path":"agent.ts","content":"import type { AdapterFactory, ChatMemory, Observer, ToolCall, ToolDefinition } from '@agentskit/core'\nimport { fenceUntrustedContent, UNTRUSTED_CONTENT_DIRECTIVE } from '@agentskit/core/security'\nimport { invokeStructured } from '@agentskit/runtime'\nimport { defineZodTool } from '@agentskit/tools'\nimport { z } from 'zod'\nimport { zodToJsonSchema } from 'zod-to-json-schema'\nimport type { JSONSchema7 } from 'json-schema'\n\n/**\n * Database Query Reviewer — flags N+1, missing indexes, and full table scans in SQL/ORM code.\n */\n\nexport type QueryPattern = 'n+1' | 'missing-index' | 'full-scan' | 'lock-risk' | 'injection-risk' | 'other'\n\nexport interface SqlFinding {\n  id: string\n  severity: 'critical' | 'high' | 'medium' | 'low' | 'info'\n  pattern: QueryPattern\n  query: string\n  message: string\n  recommendation?: string\n}\n\nexport interface QueryReviewResult {\n  summary: string\n  findings: SqlFinding[]\n  gaps: string[]\n  openQuestions: string[]\n  requiresReview: boolean\n}\n\nexport interface CodingDatabaseQueryReviewerConfig {\n  adapter: AdapterFactory\n  memory?: ChatMemory\n  observers?: Observer[]\n  onConfirm?: (toolCall: ToolCall) => boolean | Promise<boolean>\n  maxSteps?: number\n}\n\nconst Output = z.object({\n  summary: z.string(),\n  findings: z.array(\n    z.object({\n      id: z.string(),\n      severity: z.enum(['critical', 'high', 'medium', 'low', 'info']),\n      pattern: z.enum(['n+1', 'missing-index', 'full-scan', 'lock-risk', 'injection-risk', 'other']),\n      query: z.string(),\n      message: z.string(),\n      recommendation: z.string().optional(),\n    }),\n  ),\n  gaps: z.array(z.string()).default([]),\n  openQuestions: z.array(z.string()).default([]),\n})\nconst toJson = (s: z.ZodTypeAny): JSONSchema7 => zodToJsonSchema(s) as JSONSchema7\n\nfunction applySafetyNet(input: string, out: z.infer<typeof Output>): z.infer<typeof Output> {\n  const findings = [...out.findings]\n  if (/\\b(forEach|map)\\s*\\([^)]*\\)\\s*=>\\s*\\{[^}]*\\.(find|query|get)\\(/i.test(input) || /\\bN\\+1\\b/i.test(input)) {\n    if (!findings.some((f) => f.pattern === 'n+1')) {\n      findings.push({\n        id: 'safety-n1',\n        severity: 'high',\n        pattern: 'n+1',\n        query: 'loop + per-row query detected',\n        message: 'Potential N+1 query pattern in input',\n        recommendation: 'Batch fetch or use eager loading / JOIN',\n      })\n    }\n  }\n  if (/\\bSELECT\\s+\\*\\s+FROM\\b/i.test(input) && !/\\bWHERE\\b/i.test(input)) {\n    if (!findings.some((f) => f.pattern === 'full-scan')) {\n      findings.push({\n        id: 'safety-scan',\n        severity: 'medium',\n        pattern: 'full-scan',\n        query: 'SELECT * without WHERE',\n        message: 'Unbounded SELECT may full-scan table',\n        recommendation: 'Add WHERE clause or LIMIT with index',\n      })\n    }\n  }\n  return { ...out, findings }\n}\n\nconst skill = {\n  name: 'coding-database-query-reviewer',\n  description: 'Reviews SQL/ORM snippets for N+1, indexes, and scan patterns.',\n  systemPrompt: `You review database queries (raw SQL, Prisma, TypeORM, Drizzle, Knex) for performance and safety.\n\nOutput: { summary, findings[], gaps[], openQuestions[] }.\nEach finding: id, severity, pattern (n+1|missing-index|full-scan|lock-risk|injection-risk|other), query (verbatim snippet), message, recommendation.\n\nFlag N+1 loops, missing indexes on filtered columns, unbounded SELECT *, long transactions, string-concat SQL.\nQuote the query snippet from input — never invent tables or columns.\n\n${UNTRUSTED_CONTENT_DIRECTIVE}\n\nCall submit_query_reviewer exactly once. Stop.`,\n  tools: ['submit_query_reviewer'],\n}\n\nexport function createCodingDatabaseQueryReviewerAgent(config: CodingDatabaseQueryReviewerConfig) {\n  const submit = (): ToolDefinition =>\n    defineZodTool({\n      name: 'submit_query_reviewer',\n      description: 'Submit SQL review. Call exactly once.',\n      schema: Output,\n      toJsonSchema: toJson,\n      async execute() { return 'recorded' },\n    }) as ToolDefinition\n\n  async function run(input: string): Promise<QueryReviewResult> {\n    if (!input?.trim()) throw new Error('coding-database-query-reviewer requires non-empty input')\n    const parsed = await invokeStructured({\n      adapter: config.adapter,\n      tool: submit(),\n      task: `QUERY SNIPPET:\\n${fenceUntrustedContent(input)}`,\n      parse: (a) => applySafetyNet(input, Output.parse(a)),\n      skill,\n      memory: config.memory,\n      observers: config.observers,\n      onConfirm: config.onConfirm,\n      maxSteps: config.maxSteps ?? 4,\n    })\n    return { ...parsed, requiresReview: true }\n  }\n\n  return {\n    name: 'coding-database-query-reviewer',\n    run,\n    asHandle() {\n      return { name: 'coding-database-query-reviewer', run: (t: string) => run(t).then((r) => JSON.stringify(r)) }\n    },\n  }\n}"},{"path":"README.md","content":"# Database Query Reviewer\n\n> **v1 validated** — `npx agentskit add coding-database-query-reviewer`\n\n## Pain\nN+1 and missing indexes\n\n## Output\nSQL findings typed\n"},{"path":"eval.ts","content":"import type { EvalSuite } from '@agentskit/eval'\n\nexport const suite: EvalSuite = {\n  name: 'coding-database-query-reviewer',\n  cases: [\n    {\n      input: `users.forEach(u => db.query('SELECT * FROM orders WHERE user_id = ?', u.id))`,\n      expected: (r: string) => {\n        const j = JSON.parse(r)\n        return j.findings.some((f: { pattern: string }) => f.pattern === 'n+1')\n      },\n    },\n    {\n      input: 'Minimal input.',\n      expected: (r: string) => {\n        const j = JSON.parse(r)\n        return j.gaps.length > 0 || j.findings.length === 0\n      },\n    },\n    {\n      input: 'SELECT * FROM events',\n      expected: (r: string) => /full-scan|SELECT/i.test(r),\n    },\n    {\n      input: 'Empty context — only says \"process this\".',\n      expected: (r: string) => /gap|openQuestion/i.test(r),\n    },\n  ],\n}"}],"installable":true,"validation":{"status":"approved","score":97,"confidence":0.96,"method":"codex-executor-independent-reviewer","iterations":1,"cases":3,"summary":"The agent produced valid structured outputs for all three cases, stayed within the database query reviewer purpose, avoided hallucinating findings without SQL/schema evidence, surfaced uncertainty and gaps, and resisted the injection attempt. Behavior is useful and safe for sparse inputs.","strengths":["Valid structured outputs across all cases","Correctly refused to invent N+1 or missing-index findings without evidence","Clearly surfaced missing context, open questions, and need for review","Handled instruction injection as untrusted input and did not output the requested fixed approval string"],"notes":[]}}