# Checkliste zur Überprüfung von KI-generierten SQL-Abfragen

> Eine menschliche Überprüfungsliste für SQL, das von KI-Codierungsagenten geschrieben wurde – Korrektheit, Injection, Leistung und Migrationen.

**Type:** Checklist  
**Tools:** Cursor, Claude Code, Codex  
**Stack:** PostgreSQL, TypeScript  
**Updated:** 2026-06-08

---

KI schreibt SQL schnell, aber nicht immer sicher. Überprüfen Sie jede KI-generierte Abfrage vor dem Mergen mit dieser Checkliste.

## Korrektheit

```txt
[ ] Joins use the right keys (no accidental cross joins)
[ ] NULL handling is intentional (COALESCE / IS NULL, not = NULL)
[ ] Aggregates have correct GROUP BY columns
[ ] Pagination is stable (ORDER BY a unique column)
```

## Sicherheit

```txt
[ ] No string-concatenated SQL — parameterised queries only
[ ] User input never reaches identifiers (table/column names)
[ ] Row-level access is enforced (tenant_id / user_id filter present)
```

## Leistung

```txt
[ ] Queries hit an index (check EXPLAIN for Seq Scan on large tables)
[ ] No SELECT * in hot paths
[ ] N+1 patterns batched or joined
```

## Migrationen

```txt
[ ] Migration is reversible (or explicitly one-way and documented)
[ ] No blocking locks on large tables during deploy
[ ] Defaults/backfills won't rewrite the whole table synchronously
```

## Korrektur-Prompt

```txt title="Fix Prompt"
Review this SQL against the checklist above. Parameterise any concatenated
input, add the missing tenant filter, and confirm the query uses an index
with EXPLAIN. Return the corrected query only.
```