Checkliste

Checkliste zur Überprüfung von KI-generierten SQL-Abfragen

Eine menschliche Überprüfungsliste für SQL, das von KI-Codierungsagenten geschrieben wurde – Korrektheit, Injection, Leistung und Migrationen.

CursorClaude CodeCodex PostgreSQLTypeScript

.md .json Aktualisiert 8. Juni 2026

KI schreibt SQL schnell, aber nicht immer sicher. Überprüfen Sie jede KI-generierte Abfrage vor dem Mergen mit dieser Checkliste.

Korrektheit

[ ] Joins use the right keys (no accidental cross joins)
[ ] NULL handling is intentional (COALESCE / IS NULL, not = NULL)
[ ] Aggregates have correct GROUP BY columns
[ ] Pagination is stable (ORDER BY a unique column)

Sicherheit

[ ] No string-concatenated SQL — parameterised queries only
[ ] User input never reaches identifiers (table/column names)
[ ] Row-level access is enforced (tenant_id / user_id filter present)

Leistung

[ ] Queries hit an index (check EXPLAIN for Seq Scan on large tables)
[ ] No SELECT * in hot paths
[ ] N+1 patterns batched or joined

Migrationen

[ ] Migration is reversible (or explicitly one-way and documented)
[ ] No blocking locks on large tables during deploy
[ ] Defaults/backfills won't rewrite the whole table synchronously

Korrektur-Prompt

Review this SQL against the checklist above. Parameterise any concatenated
input, add the missing tenant filter, and confirm the query uses an index
with EXPLAIN. Return the corrected query only.

Tags: SQL Review Security PostgreSQL

Verwandt

/failures/ai-invents-fake-npm-packages