Db Diagnostics Rules

FATAL Constraints

• NEVER execute DROP, DELETE, TRUNCATE, or any DDL mutation during a diagnostics inspection. This skill is read-only. HALT if any write operation is attempted.
• NEVER expose connection strings, passwords, or credentials in diagnostic output.
• MUST NOT reset pg_stat_statements counters (pg_stat_statements_reset()) without explicit operator approval.
• MUST NOT run diagnostics without first confirming supabase-mcp-verification has passed. HALT otherwise.
• NEVER run EXPLAIN ANALYZE on production queries without operator confirmation — it executes the query.

Mandatory Behaviors

• MUST use MCP execute_sql for all database queries. NEVER use direct psql connections or ORMs.
• MUST query pg_stat_statements, pg_stat_user_tables, and pg_stat_user_indexes as the primary diagnostic sources.
• MUST flag any query with mean_exec_time > 100ms as a slow-query candidate.
• MUST flag tables with high sequential scans and zero index scans as missing-index targets.
• MUST flag tables with n_dead_tup > 10000 as needing vacuum attention.
• MUST report unused indexes (zero scan count) as removal candidates.
• MUST check pg_stat_activity for connection pool saturation and pg_locks for blocked queries.
• MUST produce a final severity rating (CRITICAL / WARNING / HEALTHY) for each diagnostic category.
• MUST structure all output as a single consolidated report, not scattered inline comments.