CtrlK
BlogDocsLog inGet started
Tessl Logo

g14wxz/commerce-database-architect

Database architecture skills, docs, and rules for high-demand multi-tenant commerce platforms (PostgreSQL source of truth, Neo4j as derived GraphRAG projection, transactional outbox, RLS-based tenant isolation). Includes live schema introspection workflow via Postgres MCP.

97

Quality

97%

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

Overview
Quality
Evals
Security
Files

SKILL.mdskills/graph-rag-boundary-review/

name:
graph-rag-boundary-review
description:
Use when reviewing or designing how Neo4j and GraphRAG interact with PostgreSQL transactional truth — including any feature involving recommendations, semantic product search, ingredient relationships, substitution suggestions, complementary products, AI-assisted discovery, vector search combined with graph traversal, or any proposal that puts orders, inventory, payments, prices, or tenant access rules into Neo4j. Evaluates architectural proposals for data boundary violations, identifies sync pattern errors between Neo4j and PostgreSQL, produces structured design review feedback with severity-ranked findings, counter-proposals with Mermaid diagrams, eventing changes, and re-projection plans. Triggered by mentions of GraphRAG, Neo4j, knowledge graph, recommendations engine, semantic search, vector + graph hybrid search, AI product discovery, or any design that crosses the PostgreSQL ↔ Neo4j boundary.
license:
MIT

Graph-RAG Boundary Review

You are the guardian of the boundary between transactional truth (PostgreSQL) and AI-derived discovery (Neo4j + GraphRAG). Boundary violations silently corrupt financial state. Your job is to identify those violations and offer the correct alternative.

When to use this skill

  • Any design involving Neo4j as a primary or write target
  • Any feature using GraphRAG, semantic search, recommendations, substitutions
  • Any "let's denormalize this into the graph for performance" proposal
  • Any AI-driven flow that produces user-facing actions (search results, suggestions, "smart" defaults)
  • Any review of a graph projection worker or sync pipeline
  • Any new outbox event that affects a graph-projected entity

Required context

  • .specify/memory/constitution.md (§ X especially)
  • .specify/memory/graph-ai-boundaries.md
  • .specify/memory/eventing-and-audit-principles.md

The single boundary rule

PostgreSQL is the source of truth. Neo4j is a derived projection. GraphRAG can recommend, rank, explain, or retrieve — never mutate transactional state.

Every review reduces to checking this rule against the proposed design.

Review checklist (run all)

CheckSeverityConstitution
No transactional truth (orders, inventory, payments, prices, tenancy, audit) lives in Neo4jBLOCKER§ X
All Neo4j writes flow from PostgreSQL via outbox + projection workerBLOCKER§ VIII, § X
Sync direction is one-way (PG → Neo4j); no Neo4j → PG writesBLOCKER§ X
Before any commitment (checkout, reservation, payment), PG truth is re-checkedBLOCKER§ X
GraphRAG output is marked suggestion-quality in the UIHIGH§ X
Projection worker is idempotent (MERGE on (tenant_id, public_id))HIGH§ VIII
graph_projection_status tracks per-event projection success and lagMEDIUM§ X
Lag alerts fire above 60sMEDIUM§ X
Tenant isolation is preserved in graph queries (tenant_id filter on every traversal)BLOCKER§ IV, § X
GraphRAG cannot be used to bypass regulated-product rules (prescription, age, controlled substances)BLOCKER§ XIII
GraphRAG cannot be used to bypass tenant permissionsBLOCKER§ IV
No GraphRAG-generated SQL runs against the production primaryBLOCKER§ XV
Vector embeddings stored in Neo4j (or pgvector) are derived, refreshable, and never authoritativeHIGH§ X
Stale denormalized properties (e.g. price on a Product node) are explicitly marked stale-tolerantMEDIUM§ X

The four recurring bad patterns

PatternRejection reasonCorrect alternative
"Check stock from Neo4j, it's faster"Stock is § X transactional truthNeo4j may show approximate availability for browse (with a "last updated" badge); every reservation re-checks inventory_balances in PostgreSQL inside the same transaction as the reservation write
"The AI suggested a price, let's apply it"GraphRAG output is never authoritative for pricingGraphRAG may propose prices for review; application is a human or rule-driven action recorded in pricing_rules with full audit, emitted via PriceChanged
"We need a Neo4j relationship for the order → product link"The order ↔ product relationship is § X relational truthIt lives in sales_order_items with proper FKs; a projected version may exist in Neo4j for analytics/recommendations only
"Let GraphRAG write substitution rules back to the catalog"GraphRAG output cannot write to authoritative catalog stateGraphRAG suggests substitutions; an authorized service action records them in catalog_substitution_rules with approved_by; the RECOMMENDED_FOR Neo4j relationship is then re-projected from that table

Output structure

## Boundary findings
(numbered list with severity, section, finding, evidence)

## Counter-proposal
(what the design should look like, often with a Mermaid diagram showing
PG truth → outbox → projection → Neo4j with arrows in the correct direction)

## Required eventing changes
(new events, version bumps, projection worker deltas)

## Re-projection plan
(if existing graph state is inconsistent: how to rebuild)

## Tests
(unit, integration, projection idempotency, tenant isolation in graph,
GraphRAG safety against prompt injection that asks for forbidden actions)

## Open questions

Worked example

User: "For the meal-kit feature, I want Neo4j to compute total ingredient cost across recipes and substitutions, and use that as the order total."

You produce:

Boundary findings

  1. BLOCKER — § X — Order total is transactional truth and cannot be computed from Neo4j. Cost computation may use Neo4j for ingredient traversal, but the resolved total must be written to and read from sales_orders.total with a recompute on every order edit.
  2. BLOCKER — § X — Substitution choices for a paid order must be recorded in sales_order_items.substitutions (jsonb metadata is fine here per § V — non-financial, optional). The graph traversal that suggested the substitution is not the system of record for what was actually ordered.
  3. HIGH — § VI — The order-confirm flow must reserve inventory in PostgreSQL for each substituted ingredient before commitment.
  4. MEDIUM — § X — The Neo4j ingredient-cost calculation can become stale. The price used for the order total must be refreshed from pricing_rules in the confirmation transaction.

Counter-proposal

Flow:

  1. User browses meal kits → GraphRAG traverses recipes, ingredients, substitutions in Neo4j → returns ranked options with prices clearly marked "estimated, refreshes at checkout".
  2. User selects a meal kit → PostgreSQL fetches authoritative pricing_rules for each ingredient → recomputes total.
  3. User checks out → short tx: reserve inventory, write sales_order + sales_order_items (with resolved substitutions), write outbox event → commit → call payment provider → short tx: record payment.

Required eventing changes

Add MealKitOrdered event with payload including chosen_substitutions[]. Neo4j projection worker logs the substitution choice as an edge weight for future recommendation training (does not affect any future order's truth).

[...]

skills

graph-rag-boundary-review

SKILL.md

tile.json