# Claude Code Rules for Prisma Projects > Claude Code rules for Prisma ORM projects covering migration safety, query patterns, relation loading, and preventing agents from corrupting the schema. **Type:** Rule **Tools:** Claude Code, Cursor, Codex **Stack:** Next.js, PostgreSQL, TypeScript **Updated:** 2026-06-08 --- Add this as a `CLAUDE.md` file in your repo root. Claude Code reads `CLAUDE.md` automatically (in addition to `AGENTS.md`) and applies it as project-level instructions for every session. ## Claude Code Rules File ```txt title="Claude Code Rules" # Prisma Project Rules ## Schema rules — highest risk area - NEVER edit `prisma/schema.prisma` without explicitly confirming the change with the developer first. Schema changes generate migrations that alter production data. - When asked to add a field, propose the schema diff and the migration name, then STOP and wait for approval before running `prisma migrate dev`. - New required fields MUST have a `@default(...)` value or be added as optional (`String?`). Adding a required field without a default breaks `migrate deploy` on a non-empty database. - Do NOT add `@@map` or `@map` attributes to rename existing tables or columns without explicitly discussing the migration strategy — renames require data migration steps. - Use `@db.Text` for long strings, `@db.VarChar(n)` for bounded strings. Never use bare `String` for fields that will store user-generated content longer than 255 chars. ## Migration rules - Run `prisma migrate dev --name ` to generate migrations locally. Never hand-edit files in `prisma/migrations/` — they are append-only. - In CI/CD, run `prisma migrate deploy` (not `migrate dev`). Never run `migrate dev` against a production database. - After adding or changing models, always regenerate the client: `prisma generate`. Never commit code that imports from `@prisma/client` without a matching `generate` run. ## Query patterns - Import the Prisma client from `src/lib/prisma.ts` (the singleton). Never instantiate `new PrismaClient()` in application code — this leaks connections in serverless. - Use `select` or `include` explicitly on every query. Never rely on Prisma's default select-all behaviour — it causes over-fetching and leaks sensitive fields. - Paginate all list queries with `take` and `skip` (or cursor-based pagination with `cursor` + `take`). Never run a `findMany` without a limit on a user-facing endpoint. - Wrap multi-step mutations in `prisma.$transaction([...])` or the interactive transaction callback. Never perform two sequential writes that must be atomic outside a transaction. - Use `prisma.$queryRaw` and `Prisma.sql` template tag for raw SQL only. Never concatenate user input into a raw query string — this is a SQL injection vector. ## Relation loading - Prefer `include` over N+1 patterns. If a resolver loads a relation in a loop, refactor to a single query with `include` or use a DataLoader. - Do not `include` deeply nested relations more than 2 levels deep in a single query. Flatten with multiple targeted queries and join in application code if needed. ## Type safety - All repository functions must return typed Prisma result types or mapped domain types. Never return `any` or plain `object` from a database function. - Use `Prisma.validator()` to define reusable select/include shapes that keep return types precise. ## Definition of done - `prisma validate` passes. - `tsc --noEmit` passes. - No `new PrismaClient()` outside `src/lib/prisma.ts`. - No `findMany` calls without `take`. - Migration files are committed alongside schema changes. ``` ## Why these rules - **Never edit the schema without confirmation** is non-negotiable. Prisma migrations are irreversible on production — a dropped column or a renamed table without a data migration plan causes data loss. Agents that are "helpful" will cheerfully run `migrate dev` the moment they touch the schema. - **Singleton client import** prevents one of the most common serverless footguns: connection pool exhaustion. In Next.js serverless functions, every module evaluation creates a new `PrismaClient` instance (and a new connection pool) unless the singleton pattern is used. Agents that copy examples from the Prisma docs often skip this. ## Good fit - Next.js or Node.js apps using Prisma with PostgreSQL where the schema is mature and migration safety is critical. ## Not a fit - Greenfield projects with no data yet, where you want the agent to freely iterate on the schema — loosen the migration approval requirement in that phase.