CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl-labs/postgresql-node-best-practices

PostgreSQL patterns for Node.js with pg — connection pooling, parameterized

99

1.75x
Quality

99%

Does it follow best practices?

Impact

100%

1.75x

Average score across 5 eval scenarios

SecuritybySnyk

Passed

No known issues

Overview
Quality
Evals
Security
Files

criteria.jsonevals/scenario-1/

{
  "context": "Tests whether the agent proactively configures BIGINT and NUMERIC type parsers, SSL for production/cloud, proper pool settings, and uses ANY for array filtering when building a dashboard backend. The task mentions column types and AWS RDS as business context but never tells the agent to configure type parsers or SSL.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "BIGINT type parser configured",
      "description": "pg.types.setTypeParser is called for OID 20 (BIGINT/int8) to parse as number, BigInt, or handle appropriately -- preventing silent string coercion where typeof id === 'string'",
      "max_score": 15
    },
    {
      "name": "NUMERIC type parser configured",
      "description": "pg.types.setTypeParser is called for OID 1700 (NUMERIC) to parse as float or number -- preventing revenue/amount values from being returned as strings",
      "max_score": 12
    },
    {
      "name": "Type parsers before pool creation",
      "description": "pg.types.setTypeParser calls appear before the Pool is instantiated (or at module top level)",
      "max_score": 8
    },
    {
      "name": "SSL configured for production",
      "description": "Pool SSL is configured -- either always-on for cloud databases or conditional on NODE_ENV. Does NOT set rejectUnauthorized: false.",
      "max_score": 12
    },
    {
      "name": "Pool with production settings",
      "description": "Pool is configured with max connections and at least one timeout setting (idleTimeoutMillis, connectionTimeoutMillis, or statement_timeout)",
      "max_score": 8
    },
    {
      "name": "keepAlive enabled",
      "description": "Pool is configured with keepAlive: true (important for cloud-hosted PostgreSQL behind load balancers like ALB)",
      "max_score": 7
    },
    {
      "name": "Parameterized queries throughout",
      "description": "ALL queries use $1, $2 placeholders with values in a separate array -- no string interpolation for date ranges, status values, or limits",
      "max_score": 12
    },
    {
      "name": "ANY for multi-status filter",
      "description": "Filtering by multiple statuses uses ANY($1::text[]) with a single array parameter -- NOT dynamically building IN ($1, $2, $3...) placeholders",
      "max_score": 10
    },
    {
      "name": "pool.query for single queries",
      "description": "All query functions use pool.query() directly (these are read-only single queries)",
      "max_score": 6
    },
    {
      "name": "Pool error handler",
      "description": "pool.on('error', ...) is registered",
      "max_score": 5
    },
    {
      "name": "Graceful shutdown",
      "description": "pool.end() is called on SIGTERM/SIGINT",
      "max_score": 5
    }
  ]
}

evals

scenario-1

criteria.json

task.md

tile.json