CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl-labs/postgresql-python-best-practices

PostgreSQL patterns for Python with psycopg and asyncpg — connection pooling,

99

1.15x
Quality

99%

Does it follow best practices?

Impact

99%

1.15x

Average score across 5 eval scenarios

SecuritybySnyk

Passed

No known issues

Overview
Quality
Evals
Security
Files

pg-query-safety.jsonverifiers/

{
  "instruction": "Use parameterized queries, explicit transactions, and bulk operations for PostgreSQL in Python",
  "relevant_when": "Agent writes PostgreSQL queries, database operations, or data access code in Python",
  "context": "All PostgreSQL queries must use parameterized placeholders: %s for psycopg 3, $1/$2/$N for asyncpg. Never use f-strings, .format(), or string concatenation to build SQL. Multi-statement writes must be wrapped in explicit transactions (conn.transaction() context manager). Bulk inserts of 100+ rows should use COPY (conn.cursor().copy or conn.copy_records_to_table) or executemany, never single-row INSERT in a loop. Dict row factory should be used for readable results.",
  "sources": [
    {
      "type": "file",
      "filename": "skills/postgresql-python-best-practices/SKILL.md",
      "tile": "tessl-labs/postgresql-python-best-practices@0.2.0"
    }
  ],
  "checklist": [
    {
      "name": "parameterized-queries",
      "rule": "All queries use parameterized placeholders (%s for psycopg, $1 for asyncpg), never f-strings, .format(), or string concatenation to include values in SQL",
      "relevant_when": "Agent writes any SQL query with dynamic values in Python"
    },
    {
      "name": "correct-placeholder-syntax",
      "rule": "Placeholder syntax matches the driver: psycopg uses %s positional placeholders with tuple args, asyncpg uses $1/$2 numbered placeholders with positional args. Never mix them.",
      "relevant_when": "Agent writes parameterized PostgreSQL queries"
    },
    {
      "name": "transaction-for-multi-writes",
      "rule": "Multi-statement write operations are wrapped in an explicit transaction using 'with conn.transaction():' (psycopg) or 'async with conn.transaction():' (asyncpg) to ensure atomicity",
      "relevant_when": "Agent writes code that performs multiple INSERT/UPDATE/DELETE operations that must succeed or fail together"
    },
    {
      "name": "bulk-insert-efficient",
      "rule": "Bulk inserts of many rows use COPY (psycopg cursor.copy or asyncpg copy_records_to_table) or executemany, not individual INSERT statements in a loop",
      "relevant_when": "Agent writes code to insert multiple rows into PostgreSQL"
    },
    {
      "name": "dict-row-factory",
      "rule": "psycopg queries use dict_row factory (conn.row_factory = psycopg.rows.dict_row) for readable dict access instead of tuple indexing",
      "relevant_when": "Agent writes psycopg queries that return results"
    }
  ]
}

verifiers

pg-async-patterns.json

pg-pool-config.json

pg-query-safety.json

tile.json