claude-git-hooks/templates/presets/database/PRE_COMMIT_GUIDELINES.md

Git hooks with Claude CLI for code analysis and automatic commit messages

# Database Code Quality Guidelines

## SQL Server Best Practices

### Schema Design
✅ Use appropriate data types (avoid VARCHAR(MAX) unless needed)
✅ Define primary keys on all tables
✅ Define foreign keys for relationships
✅ Add CHECK constraints for data validation
✅ Use NOT NULL where appropriate
✅ Add default values where sensible

### Indexes
✅ Index all foreign key columns
✅ Index columns used in WHERE, JOIN, ORDER BY
✅ Consider covering indexes for frequent queries
✅ Don't over-index (impacts INSERT/UPDATE performance)
✅ Use include columns for covering indexes
✅ Monitor index fragmentation

### Query Performance
✅ Avoid SELECT * (specify columns)
✅ Use proper JOIN types (INNER, LEFT, etc.)
✅ Include WHERE clauses to limit results
✅ Use appropriate indexes
✅ Avoid functions on indexed columns in WHERE
✅ Use EXISTS instead of IN for subqueries
✅ Implement pagination for large result sets

### Stored Procedures
✅ Start with SET NOCOUNT ON
✅ Use TRY...CATCH for error handling
✅ Use parameters (prevent SQL injection)
✅ Return meaningful error codes/messages
✅ Use transactions for multi-step operations
✅ Comment complex logic

### Transactions
✅ Keep transactions short
✅ Handle errors properly (ROLLBACK on error)
✅ Use appropriate isolation level
✅ Don't hold locks longer than needed
✅ Commit or rollback all transactions

### Security
✅ Use parameterized queries (no string concatenation)
✅ Grant minimum necessary permissions
✅ Encrypt sensitive data at rest
✅ Use schemas to organize objects
✅ Avoid dynamic SQL when possible
✅ If using dynamic SQL, use sp_executesql with parameters

## Common Issues to Avoid

### Critical Issues (BLOCKER)
❌ UPDATE/DELETE without WHERE clause
❌ SQL injection vulnerabilities
❌ Granting excessive permissions (db_owner, sysadmin)
❌ No transaction handling for multi-step operations

### Performance Issues (MAJOR)
❌ SELECT * in production code
❌ Missing indexes on foreign keys
❌ Functions on indexed columns in WHERE
❌ Implicit conversions
❌ Cursors for set-based operations
❌ Missing WHERE clause causing full table scan

### Data Integrity Issues (CRITICAL)
❌ Missing foreign key constraints
❌ Missing primary keys
❌ No CHECK constraints for validation
❌ Nullable columns that shouldn't be
❌ No default values where needed

### Code Quality Issues (MINOR)
❌ No error handling
❌ Unclear variable names
❌ Missing comments on complex logic
❌ Inconsistent formatting
❌ Magic numbers without explanation

## T-SQL Specific

### Error Handling
```sql
BEGIN TRY
    BEGIN TRANSACTION;

    -- Your operations here

    COMMIT TRANSACTION;
END TRY
BEGIN CATCH
    IF @@TRANCOUNT > 0
        ROLLBACK TRANSACTION;

    -- Log error or re-throw
    THROW;
END CATCH;
```

### Parameterization
```sql
-- ✅ Good (parameterized)
EXEC sp_executesql
    N'SELECT * FROM Users WHERE UserId = @UserId',
    N'@UserId INT',
    @UserId = @InputUserId;

-- ❌ Bad (SQL injection risk)
EXEC('SELECT * FROM Users WHERE UserId = ' + @InputUserId);
```

### Index Usage
```sql
-- ❌ Bad (function prevents index usage)
SELECT * FROM Users WHERE YEAR(CreatedDate) = 2024;

-- ✅ Good (can use index)
SELECT * FROM Users
WHERE CreatedDate >= '2024-01-01'
  AND CreatedDate < '2025-01-01';
```

## Migration Scripts

✅ Include rollback script
✅ Make scripts idempotent when possible
✅ Check for existence before CREATE/ALTER
✅ Use transactions
✅ Test on non-production first
✅ Document breaking changes
✅ Version your scripts

## Testing

- Test with realistic data volumes
- Test edge cases (NULL, empty strings, etc.)
- Test concurrent access
- Verify indexes are being used (execution plan)
- Test rollback scenarios
- Verify constraints work as expected