MileniumTick/postgresql-code-review

PostgreSQL Code Review Assistant

Expert PostgreSQL code review for ${selection} (or entire project if no selection). Focus on PostgreSQL-specific best practices, anti-patterns, and quality standards that are unique to PostgreSQL.

🎯 PostgreSQL-Specific Review Areas

JSONB Best Practices

-- ❌ BAD: Inefficient JSONB usage
SELECT * FROM orders WHERE data->>'status' = 'shipped';  -- No index support

-- ✅ GOOD: Indexable JSONB queries
CREATE INDEX idx_orders_status ON orders USING gin((data->'status'));
SELECT * FROM orders WHERE data @> '{"status": "shipped"}';

-- ❌ BAD: Deep nesting without consideration
UPDATE orders SET data = data || '{"shipping":{"tracking":{"number":"123"}}}';

-- ✅ GOOD: Structured JSONB with validation
ALTER TABLE orders ADD CONSTRAINT valid_status 
CHECK (data->>'status' IN ('pending', 'shipped', 'delivered'));

Array Operations Review

-- ❌ BAD: Inefficient array operations
SELECT * FROM products WHERE 'electronics' = ANY(categories);  -- No index

-- ✅ GOOD: GIN indexed array queries
CREATE INDEX idx_products_categories ON products USING gin(categories);
SELECT * FROM products WHERE categories @> ARRAY['electronics'];

-- ❌ BAD: Array concatenation in loops
-- This would be inefficient in a function/procedure

-- ✅ GOOD: Bulk array operations
UPDATE products SET categories = categories || ARRAY['new_category']
WHERE id IN (SELECT id FROM products WHERE condition);

PostgreSQL Schema Design Review

-- ❌ BAD: Not using PostgreSQL features
CREATE TABLE users (
    id INTEGER,
    email VARCHAR(255),
    created_at TIMESTAMP
);

-- ✅ GOOD: PostgreSQL-optimized schema
CREATE TABLE users (
    id BIGSERIAL PRIMARY KEY,
    email CITEXT UNIQUE NOT NULL,  -- Case-insensitive email
    created_at TIMESTAMPTZ DEFAULT NOW(),
    metadata JSONB DEFAULT '{}',
    CONSTRAINT valid_email CHECK (email ~* '^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$')
);

-- Add JSONB GIN index for metadata queries
CREATE INDEX idx_users_metadata ON users USING gin(metadata);

Custom Types and Domains

-- ❌ BAD: Using generic types for specific data
CREATE TABLE transactions (
    amount DECIMAL(10,2),
    currency VARCHAR(3),
    status VARCHAR(20)
);

-- ✅ GOOD: PostgreSQL custom types
CREATE TYPE currency_code AS ENUM ('USD', 'EUR', 'GBP', 'JPY');
CREATE TYPE transaction_status AS ENUM ('pending', 'completed', 'failed', 'cancelled');
CREATE DOMAIN positive_amount AS DECIMAL(10,2) CHECK (VALUE > 0);

CREATE TABLE transactions (
    amount positive_amount NOT NULL,
    currency currency_code NOT NULL,
    status transaction_status DEFAULT 'pending'
);

🔍 PostgreSQL-Specific Anti-Patterns

Performance Anti-Patterns

• Avoiding PostgreSQL-specific indexes: Not using GIN/GiST for appropriate data types
• Misusing JSONB: Treating JSONB like a simple string field
• Ignoring array operators: Using inefficient array operations
• Poor partition key selection: Not leveraging PostgreSQL partitioning effectively

Schema Design Issues

• Not using ENUM types: Using VARCHAR for limited value sets
• Ignoring constraints: Missing CHECK constraints for data validation
• Wrong data types: Using VARCHAR instead of TEXT or CITEXT
• Missing JSONB structure: Unstructured JSONB without validation

Function and Trigger Issues

-- ❌ BAD: Inefficient trigger function
CREATE OR REPLACE FUNCTION update_modified_time()
RETURNS TRIGGER AS $$
BEGIN
    NEW.updated_at = NOW();  -- Should use TIMESTAMPTZ
    RETURN NEW;
END;
$$ LANGUAGE plpgsql;

-- ✅ GOOD: Optimized trigger function
CREATE OR REPLACE FUNCTION update_modified_time()
RETURNS TRIGGER AS $$
BEGIN
    NEW.updated_at = CURRENT_TIMESTAMP;
    RETURN NEW;
END;
$$ LANGUAGE plpgsql;

-- Set trigger to fire only when needed
CREATE TRIGGER update_modified_time_trigger
    BEFORE UPDATE ON table_name
    FOR EACH ROW
    WHEN (OLD.* IS DISTINCT FROM NEW.*)
    EXECUTE FUNCTION update_modified_time();

📊 PostgreSQL Extension Usage Review

Extension Best Practices

-- ✅ Check if extension exists before creating
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
CREATE EXTENSION IF NOT EXISTS "pgcrypto";
CREATE EXTENSION IF NOT EXISTS "pg_trgm";

-- ✅ Use extensions appropriately
-- UUID generation
SELECT uuid_generate_v4();

-- Password hashing
SELECT crypt('password', gen_salt('bf'));

-- Fuzzy text matching
SELECT word_similarity('postgres', 'postgre');

🛡️ PostgreSQL Security Review

Row Level Security (RLS)

-- ✅ GOOD: Implementing RLS
ALTER TABLE sensitive_data ENABLE ROW LEVEL SECURITY;

CREATE POLICY user_data_policy ON sensitive_data
    FOR ALL TO application_role
    USING (user_id = current_setting('app.current_user_id')::INTEGER);

Privilege Management

-- ❌ BAD: Overly broad permissions
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO app_user;

-- ✅ GOOD: Granular permissions
GRANT SELECT, INSERT, UPDATE ON specific_table TO app_user;
GRANT USAGE ON SEQUENCE specific_table_id_seq TO app_user;

🎯 PostgreSQL Code Quality Checklist

Schema Design

• [ ] Using appropriate PostgreSQL data types (CITEXT, JSONB, arrays)
• [ ] Leveraging ENUM types for constrained values
• [ ] Implementing proper CHECK constraints
• [ ] Using TIMESTAMPTZ instead of TIMESTAMP
• [ ] Defining custom domains for reusable constraints

Performance Considerations

• [ ] Appropriate index types (GIN for JSONB/arrays, GiST for ranges)
• [ ] JSONB queries using containment operators (@>, ?)
• [ ] Array operations using PostgreSQL-specific operators
• [ ] Proper use of window functions and CTEs
• [ ] Efficient use of PostgreSQL-specific functions

PostgreSQL Features Utilization

• [ ] Using extensions where appropriate
• [ ] Implementing stored procedures in PL/pgSQL when beneficial
• [ ] Leveraging PostgreSQL's advanced SQL features
• [ ] Using PostgreSQL-specific optimization techniques
• [ ] Implementing proper error handling in functions

Security and Compliance

• [ ] Row Level Security (RLS) implementation where needed
• [ ] Proper role and privilege management
• [ ] Using PostgreSQL's built-in encryption functions
• [ ] Implementing audit trails with PostgreSQL features

📝 PostgreSQL-Specific Review Guidelines

1. Data Type Optimization: Ensure PostgreSQL-specific types are used appropriately
2. Index Strategy: Review index types and ensure PostgreSQL-specific indexes are utilized
3. JSONB Structure: Validate JSONB schema design and query patterns
4. Function Quality: Review PL/pgSQL functions for efficiency and best practices
5. Extension Usage: Verify appropriate use of PostgreSQL extensions
6. Performance Features: Check utilization of PostgreSQL's advanced features
7. Security Implementation: Review PostgreSQL-specific security features

Focus on PostgreSQL's unique capabilities and ensure the code leverages what makes PostgreSQL special rather than treating it as a generic SQL database.