Back to Details

reviewing-prisma-patterns

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Review Prisma Patterns

Prisma代码模式审查

This skill performs systematic code review of Prisma usage, catching critical violations, security vulnerabilities, and performance anti-patterns identified through comprehensive stress testing of AI coding agents.
<role> This skill systematically reviews Prisma codebases for 7 critical violation categories that cause production failures, security vulnerabilities, and performance degradation. Based on real-world failures found in 5 AI agents producing 30 violations during stress testing. </role> <when-to-activate> This skill activates when: - User requests code review of Prisma-based projects - Performing security audit on database operations - Investigating production issues (connection exhaustion, SQL injection, performance) - Pre-deployment validation of Prisma code - Working with files containing @prisma/client imports </when-to-activate> <overview> The review checks for critical issues across 7 categories:
  1. Multiple PrismaClient Instances (80% of agents failed)
  2. SQL Injection Vulnerabilities (40% of agents failed)
  3. Missing Serverless Configuration (60% of agents failed)
  4. Deprecated Buffer API (Prisma 6 breaking change)
  5. Generic Error Handling (Missing P-code checks)
  6. Missing Input Validation (No Zod/schema validation)
  7. Inefficient Queries (Offset pagination, missing select optimization)
Each violation includes severity rating, remediation steps, and reference to detailed Prisma 6 skills. </overview>
<workflow>
该技能可对Prisma的使用情况进行系统性代码审查,捕捉通过AI编码代理全面压力测试发现的严重违规、安全漏洞和性能反模式。
<role> 该技能会系统性审查Prisma代码库中可能导致生产故障、安全漏洞和性能下降的7大类严重违规问题。这些问题基于5个AI编码代理在压力测试中产生的30个真实故障案例总结而来。 </role> <when-to-activate> 在以下场景激活该技能: - 用户请求对基于Prisma的项目进行代码审查 - 对数据库操作进行安全审计 - 排查生产环境问题(连接耗尽、SQL注入、性能问题) - 部署前验证Prisma代码 - 处理包含@prisma/client导入语句的文件 </when-to-activate> <overview> 审查会检查7大类关键问题:
  1. 多PrismaClient实例(80%的代理出现该问题)
  2. SQL注入漏洞(40%的代理出现该问题)
  3. 缺失Serverless配置(60%的代理出现该问题)
  4. 已弃用的Buffer API(Prisma 6中的破坏性变更)
  5. 通用错误处理(缺失P-code检查)
  6. 缺失输入验证(未使用Zod/ schema验证)
  7. 低效查询(偏移分页、未优化select语句)
每个违规项都包含严重程度评级、修复步骤,以及指向Prisma 6详细技能文档的参考链接。 </overview>
<workflow>

Standard Review Workflow

标准审查流程

Phase 1: Discovery
  1. Find all Prisma usage:
    • Search for @prisma/client imports
    • Identify PrismaClient instantiation
    • Locate raw SQL operations
  2. Identify project context:
    • Check for serverless deployment (vercel.json, lambda/, app/ directory)
    • Detect TypeScript vs JavaScript
    • Find schema.prisma location
Phase 2: Critical Issue Detection
Run validation checks in order of severity:
  1. CRITICAL: SQL Injection (P0 - Security vulnerability)
  2. CRITICAL: Multiple PrismaClient (P0 - Connection exhaustion)
  3. HIGH: Serverless Misconfiguration (P1 - Production failures)
  4. HIGH: Deprecated Buffer API (P1 - Runtime errors)
  5. MEDIUM: Generic Error Handling (P2 - Poor UX)
Phase 3: Report Generation
  1. Group findings by severity
  2. Provide file path + line number
  3. Include code snippet
  4. Reference remediation skill
  5. Estimate impact (Low/Medium/High/Critical) </workflow>
<validation-checks>
阶段1:发现
  1. 查找所有Prisma使用场景:
    • 搜索@prisma/client导入语句
    • 定位PrismaClient实例化位置
    • 找到原生SQL操作
  2. 识别项目上下文:
    • 检查是否为Serverless部署(查看vercel.json、lambda/、app/目录)
    • 检测使用的是TypeScript还是JavaScript
    • 找到schema.prisma文件位置
阶段2:关键问题检测
按严重程度顺序执行验证检查:
  1. CRITICAL:SQL注入(P0级 - 安全漏洞)
  2. CRITICAL:多PrismaClient实例(P0级 - 连接耗尽)
  3. HIGH:Serverless配置错误(P1级 - 生产故障)
  4. HIGH:已弃用Buffer API(P1级 - 运行时错误)
  5. MEDIUM:通用错误处理(P2级 - 用户体验差)
阶段3:报告生成
  1. 按严重程度分组展示发现的问题
  2. 提供文件路径+行号
  3. 包含代码片段
  4. 引用修复技能文档
  5. 评估影响程度(低/中/高/严重) </workflow>
<validation-checks>

Quick Check Summary

快速检查摘要

P0 - CRITICAL (Must fix before deployment)

P0 - CRITICAL(部署前必须修复)

1. SQL Injection Detection
bash
grep -rn "\$queryRawUnsafe\|Prisma\.raw" --include="*.ts" --include="*.js" .
Red flag: String concatenation with user input Fix: Use 
$queryRaw
tagged template
2. Multiple PrismaClient Instances
bash
grep -rn "new PrismaClient()" --include="*.ts" --include="*.js" . | wc -l
Red flag: Count > 1 Fix: Global singleton pattern
1. SQL注入检测
bash
grep -rn "\$queryRawUnsafe\|Prisma\.raw" --include="*.ts" --include="*.js" .
危险信号:使用用户输入拼接字符串 修复方案:使用
$queryRaw
标签模板
2. 多PrismaClient实例
bash
grep -rn "new PrismaClient()" --include="*.ts" --include="*.js" . | wc -l
危险信号:实例数量>1 修复方案:使用全局单例模式

P1 - HIGH (Fix before production)

P1 - HIGH(上线前必须修复)

3. Missing Serverless Configuration
bash
grep -rn "connection_limit=1" --include="*.env*" .
Red flag: No connection_limit in serverless app Fix: Add 
?connection_limit=1
to DATABASE_URL
4. Deprecated Buffer API
bash
grep -rn "Buffer\.from" --include="*.ts" --include="*.js" . | grep -i "bytes"
Red flag: Buffer usage with Prisma Bytes fields Fix: Use Uint8Array instead
See 
references/validation-checks.md
for complete validation patterns with examples. </validation-checks>
<review-workflow>
3. 缺失Serverless配置
bash
grep -rn "connection_limit=1" --include="*.env*" .
危险信号:Serverless应用中未设置connection_limit 修复方案:在DATABASE_URL后添加
?connection_limit=1
4. 已弃用Buffer API
bash
grep -rn "Buffer\.from" --include="*.ts" --include="*.js" . | grep -i "bytes"
危险信号:在Prisma Bytes字段中使用Buffer 修复方案:改用Uint8Array
完整的验证模式及示例请查看
references/validation-checks.md
</validation-checks>
<review-workflow>

Automated Review Process

自动化审查流程

Step 1: Find Prisma Files
bash
find . -type f \( -name "*.ts" -o -name "*.js" \) -exec grep -l "@prisma/client" {} \;
Step 2: Run All Checks
Execute checks in severity order (P0 → P3):
  1. SQL Injection check
  2. Multiple PrismaClient check
  3. Serverless configuration check
  4. Deprecated Buffer API check
  5. Error handling check
  6. Input validation check
  7. Query efficiency check
Step 3: Generate Report
Format:
Prisma Code Review - [Project Name]
Generated: [timestamp]

CRITICAL Issues (P0): [count]
HIGH Issues (P1): [count]
MEDIUM Issues (P2): [count]
LOW Issues (P3): [count]

---

[P0] SQL Injection Vulnerability
File: src/api/users.ts:45
Impact: CRITICAL - Enables SQL injection attacks
Fix: Use $queryRaw tagged template
Reference: @prisma-6/SECURITY-sql-injection

[P0] Multiple PrismaClient Instances
Files: src/db.ts:3, src/api/posts.ts:12
Count: 3 instances found
Impact: CRITICAL - Connection pool exhaustion
Fix: Use global singleton pattern
Reference: @prisma-6/CLIENT-singleton-pattern
</review-workflow> <output-format>
步骤1:查找Prisma相关文件
bash
find . -type f \( -name "*.ts" -o -name "*.js" \) -exec grep -l "@prisma/client" {} \;
步骤2:执行所有检查
按严重程度顺序执行检查(从P0到P3):
  1. SQL注入检查
  2. 多PrismaClient实例检查
  3. Serverless配置检查
  4. 已弃用Buffer API检查
  5. 错误处理检查
  6. 输入验证检查
  7. 查询效率检查
步骤3:生成报告
格式示例:
Prisma代码审查 - [项目名称]
生成时间:[时间戳]

严重问题(P0):[数量]
高优先级问题(P1):[数量]
中等优先级问题(P2):[数量]
低优先级问题(P3):[数量]

---

[P0] SQL注入漏洞
文件:src/api/users.ts:45
影响:严重 - 可被利用发起SQL注入攻击
修复方案:使用$queryRaw标签模板
参考文档:@prisma-6/SECURITY-sql-injection

[P0] 多PrismaClient实例
文件:src/db.ts:3, src/api/posts.ts:12
数量:发现3个实例
影响:严重 - 导致连接池耗尽
修复方案:使用全局单例模式
参考文档:@prisma-6/CLIENT-singleton-pattern
</review-workflow> <output-format>

Report Format

报告格式

Provide structured review with:
Summary:
  • Total files reviewed
  • Issues by severity (P0/P1/P2/P3)
  • Overall assessment (Pass/Needs Fixes/Critical Issues)
Detailed Findings: For each issue:
  1. Severity badge ([P0] CRITICAL, [P1] HIGH, etc.)
  2. Issue title
  3. File path and line number
  4. Code snippet (5 lines context)
  5. Impact explanation
  6. Specific remediation steps
  7. Reference to detailed skill
Remediation Priority:
  1. P0 issues must be fixed before deployment
  2. P1 issues should be fixed before production
  3. P2 issues improve code quality
  4. P3 issues optimize performance
</output-format> <constraints>
提供结构化审查报告,包含以下内容:
摘要:
  • 审查的文件总数
  • 按严重程度分类的问题数量(P0/P1/P2/P3)
  • 整体评估结果(通过/需要修复/存在严重问题)
详细发现: 每个问题需包含:
  1. 严重程度标识([P0] 严重、[P1] 高优先级等)
  2. 问题标题
  3. 文件路径和行号
  4. 代码片段(包含5行上下文)
  5. 影响说明
  6. 具体修复步骤
  7. 详细技能文档参考
修复优先级:
  1. P0级问题必须在部署前修复
  2. P1级问题应在上线前修复
  3. P2级问题可提升代码质量
  4. P3级问题用于优化性能
</output-format> <constraints>

Review Guidelines

审查指南

MUST:
  • Check all 7 critical issue categories
  • Report findings with file path + line number
  • Include code snippets for context
  • Reference specific Prisma 6 skills for remediation
  • Group by severity (P0 → P3)
SHOULD:
  • Prioritize P0 (CRITICAL) issues first
  • Provide specific fix recommendations
  • Estimate impact of each violation
  • Consider project context (serverless vs traditional)
NEVER:
  • Skip P0 security checks
  • Report false positives without verification
  • Recommend fixes without testing patterns
  • Ignore serverless-specific issues in serverless projects
</constraints> <progressive-disclosure>
必须执行:
  • 检查所有7大类关键问题
  • 报告中包含文件路径+行号
  • 提供带上下文的代码片段
  • 引用具体的Prisma 6技能文档作为修复参考
  • 按严重程度分组展示(从P0到P3)
建议执行:
  • 优先处理P0(严重)级问题
  • 提供具体的修复建议
  • 评估每个违规问题的影响
  • 结合项目上下文(Serverless vs 传统部署)
禁止操作:
  • 跳过P0级安全检查
  • 在未验证的情况下报告误报
  • 在未测试修复方案有效性的情况下推荐修复
  • 在Serverless项目中忽略Serverless特有的问题
</constraints> <progressive-disclosure>

Reference Files

参考文件

For detailed information on specific topics:
  • Validation Checks: See 
    references/validation-checks.md
    for all 7 validation patterns with detailed examples
  • Example Reviews: See 
    references/example-reviews.md
    for complete review examples (e-commerce, dashboard)
Load references when performing deep review or encountering specific violation patterns. </progressive-disclosure>
<validation>
如需特定主题的详细信息:
  • 验证检查:所有7种验证模式及详细示例请查看
    references/validation-checks.md
  • 审查示例:完整的审查示例(电商、仪表板项目)请查看
    references/example-reviews.md
在进行深度审查或遇到特定违规模式时加载参考文件。
</progressive-disclosure> <validation>

Review Validation

审查验证

After generating review:
  1. Verify Findings:
    • Re-run grep commands to confirm matches
    • Check context around flagged lines
    • Eliminate false positives
  2. Test Remediation:
    • Verify recommended fixes are valid
    • Ensure skill references are accurate
    • Confirm impact assessments
  3. Completeness Check:
    • All 7 categories checked
    • All Prisma files reviewed
    • Severity correctly assigned
</validation>
Integration: This skill is discoverable by the review plugin via 
review: true
frontmatter. Invoke with 
/review prisma-patterns
or automatically when reviewing Prisma-based projects.
Performance: Review of typical project (50 files) completes in < 10 seconds using grep-based pattern matching.
Updates: As new Prisma violations emerge, add patterns to validation checks with corresponding skill references.
生成审查报告后:
  1. 验证发现的问题:
    • 重新执行grep命令确认匹配结果
    • 检查标记行的上下文
    • 排除误报
  2. 测试修复方案:
    • 验证推荐的修复方案是否有效
    • 确保技能文档参考准确
    • 确认影响评估结果
  3. 完整性检查:
    • 已检查所有7大类问题
    • 已审查所有Prisma相关文件
    • 严重程度分配正确
</validation>
集成方式: 审查插件可通过
review: true
前置元数据发现该技能。可通过
/review prisma-patterns
命令调用,或在审查基于Prisma的项目时自动激活。
性能: 使用基于grep的模式匹配,对典型项目(50个文件)的审查可在10秒内完成。
更新: 当出现新的Prisma违规模式时,将其添加到验证检查中并关联对应的技能文档参考。