CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl-labs/postgresql-node-best-practices

PostgreSQL patterns for Node.js with pg — connection pooling, parameterized

99

1.75x
Quality

99%

Does it follow best practices?

Impact

100%

1.75x

Average score across 5 eval scenarios

SecuritybySnyk

Passed

No known issues

Overview
Quality
Evals
Security
Files

criteria.jsonevals/scenario-5/

{
  "context": "Tests whether the agent proactively applies PostgreSQL best practices (connection pooling with production-ready settings, parameterized queries, error code handling, type parsing, graceful shutdown) when building a standard user management service that does not mention any of these practices.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Pool with max connections",
      "description": "db.ts creates a pg Pool with an explicit max setting (e.g. max: 20 or similar numeric value)",
      "max_score": 8
    },
    {
      "name": "Pool timeout settings",
      "description": "Pool is configured with at least two of: idleTimeoutMillis, connectionTimeoutMillis, statement_timeout",
      "max_score": 8
    },
    {
      "name": "keepAlive enabled",
      "description": "Pool is configured with keepAlive: true (and optionally keepAliveInitialDelayMillis)",
      "max_score": 7
    },
    {
      "name": "Pool error handler",
      "description": "pool.on('error', ...) is registered to handle unexpected idle client errors",
      "max_score": 7
    },
    {
      "name": "Graceful shutdown",
      "description": "pool.end() is called on SIGTERM and/or SIGINT to drain connections on process exit",
      "max_score": 7
    },
    {
      "name": "Parameterized queries throughout",
      "description": "ALL query functions use $1, $2, etc. placeholders with values in a separate array -- no string interpolation or concatenation of user input into SQL strings anywhere",
      "max_score": 15
    },
    {
      "name": "pool.query for single queries",
      "description": "The query functions use pool.query() (not pool.connect()/client.query()) for single non-transactional queries",
      "max_score": 8
    },
    {
      "name": "RETURNING clause on INSERT/UPDATE",
      "description": "INSERT and UPDATE queries include RETURNING * (or RETURNING with columns) to get back the affected row",
      "max_score": 7
    },
    {
      "name": "Unique violation handling for email",
      "description": "The create user function catches PostgreSQL error code 23505 (unique_violation) and returns a meaningful error rather than a generic database error",
      "max_score": 10
    },
    {
      "name": "BIGINT type parser configured",
      "description": "pg.types.setTypeParser is called for OID 20 (BIGINT/int8) since the user id is bigint -- preventing silent string coercion bugs",
      "max_score": 8
    },
    {
      "name": "TIMESTAMPTZ in migration",
      "description": "The migration uses TIMESTAMPTZ (not TIMESTAMP) for created_at and updated_at columns",
      "max_score": 5
    },
    {
      "name": "CHECK constraint on role",
      "description": "The migration includes a CHECK constraint on the role column limiting values to the specified set (admin, editor, viewer)",
      "max_score": 5
    },
    {
      "name": "Index on email column",
      "description": "The migration includes a unique index or unique constraint on the email column",
      "max_score": 5
    }
  ]
}

evals

scenario-5

criteria.json

task.md

tile.json