{
  "id": "claude-code-rules-for-prisma-projects",
  "type": "rules",
  "category": "rules",
  "locale": "en",
  "url": "/rules/claude-code-rules-for-prisma-projects",
  "title": "Claude Code Rules for Prisma Projects",
  "description": "Claude Code rules for Prisma ORM projects covering migration safety, query patterns, relation loading, and preventing agents from corrupting the schema.",
  "tools": [
    "Claude Code",
    "Cursor",
    "Codex"
  ],
  "stack": [
    "Next.js",
    "PostgreSQL",
    "TypeScript"
  ],
  "tags": [
    "agents-md",
    "postgres",
    "typescript",
    "conventions",
    "security"
  ],
  "difficulty": null,
  "updated": "2026-06-08",
  "markdown": "Add this as a `CLAUDE.md` file in your repo root. Claude Code reads `CLAUDE.md` automatically (in addition to `AGENTS.md`) and applies it as project-level instructions for every session.\n\n## Claude Code Rules File\n\n```txt title=\"Claude Code Rules\"\n# Prisma Project Rules\n\n## Schema rules — highest risk area\n- NEVER edit `prisma/schema.prisma` without explicitly confirming the change with the\n  developer first. Schema changes generate migrations that alter production data.\n- When asked to add a field, propose the schema diff and the migration name, then\n  STOP and wait for approval before running `prisma migrate dev`.\n- New required fields MUST have a `@default(...)` value or be added as optional\n  (`String?`). Adding a required field without a default breaks `migrate deploy` on\n  a non-empty database.\n- Do NOT add `@@map` or `@map` attributes to rename existing tables or columns without\n  explicitly discussing the migration strategy — renames require data migration steps.\n- Use `@db.Text` for long strings, `@db.VarChar(n)` for bounded strings. Never use\n  bare `String` for fields that will store user-generated content longer than 255 chars.\n\n## Migration rules\n- Run `prisma migrate dev --name <descriptive-name>` to generate migrations locally.\n  Never hand-edit files in `prisma/migrations/` — they are append-only.\n- In CI/CD, run `prisma migrate deploy` (not `migrate dev`). Never run `migrate dev`\n  against a production database.\n- After adding or changing models, always regenerate the client: `prisma generate`.\n  Never commit code that imports from `@prisma/client` without a matching `generate` run.\n\n## Query patterns\n- Import the Prisma client from `src/lib/prisma.ts` (the singleton). Never instantiate\n  `new PrismaClient()` in application code — this leaks connections in serverless.\n- Use `select` or `include` explicitly on every query. Never rely on Prisma's default\n  select-all behaviour — it causes over-fetching and leaks sensitive fields.\n- Paginate all list queries with `take` and `skip` (or cursor-based pagination with\n  `cursor` + `take`). Never run a `findMany` without a limit on a user-facing endpoint.\n- Wrap multi-step mutations in `prisma.$transaction([...])` or the interactive\n  transaction callback. Never perform two sequential writes that must be atomic outside\n  a transaction.\n- Use `prisma.$queryRaw` and `Prisma.sql` template tag for raw SQL only. Never\n  concatenate user input into a raw query string — this is a SQL injection vector.\n\n## Relation loading\n- Prefer `include` over N+1 patterns. If a resolver loads a relation in a loop,\n  refactor to a single query with `include` or use a DataLoader.\n- Do not `include` deeply nested relations more than 2 levels deep in a single query.\n  Flatten with multiple targeted queries and join in application code if needed.\n\n## Type safety\n- All repository functions must return typed Prisma result types or mapped domain types.\n  Never return `any` or plain `object` from a database function.\n- Use `Prisma.validator()` to define reusable select/include shapes that keep return\n  types precise.\n\n## Definition of done\n- `prisma validate` passes.\n- `tsc --noEmit` passes.\n- No `new PrismaClient()` outside `src/lib/prisma.ts`.\n- No `findMany` calls without `take`.\n- Migration files are committed alongside schema changes.\n```\n\n## Why these rules\n\n- **Never edit the schema without confirmation** is non-negotiable. Prisma migrations are irreversible on production — a dropped column or a renamed table without a data migration plan causes data loss. Agents that are \"helpful\" will cheerfully run `migrate dev` the moment they touch the schema.\n- **Singleton client import** prevents one of the most common serverless footguns: connection pool exhaustion. In Next.js serverless functions, every module evaluation creates a new `PrismaClient` instance (and a new connection pool) unless the singleton pattern is used. Agents that copy examples from the Prisma docs often skip this.\n\n## Good fit\n\n- Next.js or Node.js apps using Prisma with PostgreSQL where the schema is mature and migration safety is critical.\n\n## Not a fit\n\n- Greenfield projects with no data yet, where you want the agent to freely iterate on the schema — loosen the migration approval requirement in that phase."
}