{
  "id": "review-ai-generated-sql",
  "type": "checklists",
  "category": "checklists",
  "locale": "pt",
  "url": "/pt/checklists/review-ai-generated-sql",
  "title": "Lista de Verificação para Revisar Consultas SQL Geradas por IA",
  "description": "Uma lista de verificação para revisão humana de SQL escrito por agentes de codificação de IA — corretude, injeção, desempenho e migrações.",
  "tools": [
    "Cursor",
    "Claude Code",
    "Codex"
  ],
  "stack": [
    "PostgreSQL",
    "TypeScript"
  ],
  "tags": [
    "sql",
    "review",
    "security",
    "postgres"
  ],
  "difficulty": null,
  "updated": "2026-06-08",
  "markdown": "A IA escreve SQL rapidamente, mas nem sempre com segurança. Execute toda consulta gerada por IA por esta lista antes de mesclar.\n\n## Corretude\n\n```txt\n[ ] Joins use the right keys (no accidental cross joins)\n[ ] NULL handling is intentional (COALESCE / IS NULL, not = NULL)\n[ ] Aggregates have correct GROUP BY columns\n[ ] Pagination is stable (ORDER BY a unique column)\n```\n\n## Segurança\n\n```txt\n[ ] No string-concatenated SQL — parameterised queries only\n[ ] User input never reaches identifiers (table/column names)\n[ ] Row-level access is enforced (tenant_id / user_id filter present)\n```\n\n## Desempenho\n\n```txt\n[ ] Queries hit an index (check EXPLAIN for Seq Scan on large tables)\n[ ] No SELECT * in hot paths\n[ ] N+1 patterns batched or joined\n```\n\n## Migrações\n\n```txt\n[ ] Migration is reversible (or explicitly one-way and documented)\n[ ] No blocking locks on large tables during deploy\n[ ] Defaults/backfills won't rewrite the whole table synchronously\n```\n\n## Prompt de Correção\n\n```txt title=\"Fix Prompt\"\nReview this SQL against the checklist above. Parameterise any concatenated\ninput, add the missing tenant filter, and confirm the query uses an index\nwith EXPLAIN. Return the corrected query only.\n```"
}