Overview
Database code reviews fail when they only check query correctness without checking query safety (injection), performance (missing indexes, N+1), transactional integrity (missing transactions on multi-step operations), and migration safety (destructive changes that don't support zero-downtime deploys). Any one of these dimensions can cause a production incident — a missed parameterization creates a SQL injection vulnerability; a missing index creates a production slowdown; a destructive migration creates downtime.
The Database Code Review Framework checks all four dimensions systematically, with the specific patterns that cause production database problems.
Key Features
SQL injection patterns with ORM-specific examples
SELECT FOR UPDATE for read-modify-write race conditions
Zero-downtime migration for NOT NULL, DROP COLUMN, and RENAME
CONCURRENTLY index creation