数据库查询效率审计器 - 自动检测冗余获取、批量操作误用与缓存问题

ln-651-query-efficiency-auditor by levnikolaevich/claude-code-skills

201 周安装量

313 GitHub Stars

安装命令

npx skills add https://github.com/levnikolaevich/claude-code-skills --skill ln-651-query-efficiency-auditor

🇨🇳中文介绍

Paths: File paths (shared/, references/, ../ln-*) are relative to skills repo root. If not found at CWD, locate this SKILL.md directory and go up one level for repo root. If shared/ is missing, fetch files via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/{path}.

查询效率审计器 (L3 Worker)

专门用于审计数据库查询模式中冗余、低效和误用问题的 Worker。

目的与范围

位于 ln-650 协调器流水线中的 Worker - 由 ln-650-persistence-performance-auditor 调用
审计查询效率 (优先级：高)
检查冗余获取、批量操作误用、缓存作用域问题
将结构化发现写入文件，包含严重性、位置、工作量、建议
计算查询效率类别的合规分数 (X/10)

输入 (来自协调器)

必读： 加载 shared/references/audit_worker_core_contract.md。

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

审计规则 (优先级：高)

1. 冗余实体获取

内容： 在同一调用链中两次从数据库获取同一实体

找到函数 A，它调用 repo.get(id) 或 session.get(Model, id)，然后将 id (而非对象) 传递给函数 B
函数 B 也为同一实体调用 repo.get(id) 或 session.get(Model, id)
常见模式：acquire_next_pending() 返回作业，但 _process_job(job_id) 重新获取它

检测模式 (Python/SQLAlchemy)：

在 service/handler 文件中 Grep repo.*get_by_id|session\.get\(|session\.query.*filter.*id
跟踪：如果函数接收 entity_id: int/UUID 并且在内部执行 repo.get(entity_id)，检查调用者是否已拥有实体对象
检查 expire_on_commit 设置：如果为 False，对象在提交后保持有效

高： API 请求处理器中的冗余获取 (增加每次请求的延迟)
中：后台作业中的冗余获取 (不太关键)
降级情况： 初始化/迁移代码中的获取 (运行一次) → 低。仅管理员使用的低流量端点 → 降低一个级别

建议： 传递实体对象而非 ID，或在 expire_on_commit=False 时移除第二次获取

工作量： 小 (更改签名以接受对象而非 ID)

2. N-更新/删除循环

内容： 使用单独的 UPDATE/DELETE 操作循环，而非单个批量查询

模式：for item in items: await repo.update(item.id, ...) 或 for item in items: await repo.delete(item.id)
模式：for item in items: session.execute(update(Model).where(...))

Grep for .* in .*: 后 1-3 行内跟有 repo\.(update|delete|reset|save|mark_)
Grep for .* in .*: 后 1-3 行内跟有 session\.execute\(.*update\(

高：循环超过 10 个项目 (N 次单独的数据库往返)
中：循环小于等于 10 个项目
降级情况： 引导/迁移代码中的循环 (运行一次) → 低。仅管理员使用的端点 → 降低一个级别

建议： 替换为单个 UPDATE ... WHERE id IN (...) 或 session.execute(update(Model).where(Model.id.in_(ids)))

工作量： 中 (重写查询 + 测试)

3. 不必要的解析

内容： 当值已在调用者作用域内可用时，从数据库重新解析该值

方法接收 profile_id 并从中解析引擎，但调用者已确定 engine
方法接收 lang_code 并查找 dialect_id，但调用者已同时拥有 lang 和 dialect
模式：函数接收 X_id，执行 get(X_id)，提取 .field，而调用者已拥有 field

中：每次调用额外的数据库查询，尤其是在高频路径中

建议： 将方法拆分为两个变体：with_known_value(value, ...) 和 resolving_value(id, ...)；或直接传递已解析的值

工作量： 小-中 (重构签名，更新调用者)

内容： 加载完整的 ORM 模型，而实际上只需要少数几个字段

session.query(Model) 或 select(Model) 没有为列数超过 10 的模型使用 .options(load_only(...))
尤其是在返回多行的列表/搜索端点中
模式：加载完整实体但只使用 2-3 个字段

中：列表端点中的大型模型 (>15 列)
低：小型模型 (<10 列) 或单实体端点

建议： 对于列表查询，使用 load_only()、defer() 或原始的 select(Model.col1, Model.col2)

工作量： 小 (在查询中添加 load_only)

5. 缺少批量操作

内容： 使用顺序 INSERT/DELETE/UPDATE 而非批量操作

for item in items: session.add(item) 而不是 session.add_all(items)
for item in items: session.delete(item) 而不是批量删除
模式：每次迭代执行单个 INSERT 的循环

中：循环中的任何顺序添加/删除 (错失批量优化)

建议： 使用 session.add_all()、session.execute(insert(Model).values(list_of_dicts))、bulk_save_objects()

工作量： 小 (用批量调用替换循环)

6. 错误的缓存作用域

内容： 为很少变化的数据使用请求作用域缓存 (应使用应用作用域)

服务注册为请求作用域 (例如，通过 FastAPI Depends())，并带有内部缓存 (_cache 字典、_loaded 标志)
缓存由每次请求的昂贵查询 (JOIN、聚合) 填充
数据 TTL >> 请求持续时间 (例如，引擎配置、语言列表、功能标志)

查找具有 _cache、_loaded、_initialized 属性的类
检查类是否为每个请求创建 (通过 DI 注册作用域)
比较：数据变化频率与缓存生命周期

高：昂贵查询 (JOIN、子查询) 仅按请求缓存
中：简单查询按请求缓存

建议： 将缓存移至应用作用域服务 (单例)，添加基于 TTL 的失效，或使用具有可配置 TTL 的 CacheService

工作量： 中 (更改 DI 作用域，添加 TTL 逻辑)

必读： 加载 shared/references/audit_worker_core_contract.md 和 shared/references/audit_scoring.md。

必读： 加载 shared/references/audit_worker_core_contract.md 和 shared/templates/audit_worker_report_template.md。

将报告写入 {output_dir}/651-query-efficiency.md，设置 category: "Query Efficiency" 和检查项：redundant_fetch, n_update_delete_loop, unnecessary_resolve, over_fetching, missing_bulk_ops, wrong_caching_scope。

向协调器返回摘要：

Report written: docs/project/.audit/ln-650/{YYYY-MM-DD}/651-query-efficiency.md
Score: X.X/10 | Issues: N (C:N H:N M:N L:N)

必读： 加载 shared/references/audit_worker_core_contract.md。

不要自动修复： 仅报告
跟踪调用链： 规则 1 和 3 需要同时读取调用者和被调用者
ORM 感知： 在标记冗余获取之前，检查 expire_on_commit、autoflush、会话作用域
上下文感知： 小型数据集或不频繁的操作可能证明更简单的代码是合理的
排除测试： 不要标记测试夹具或设置代码

必读： 加载 shared/references/audit_worker_core_contract.md。

contextStore 解析成功 (包括 output_dir)
scan_path 已确定 (领域路径或代码库根目录)
所有 6 项检查已完成：
- 冗余获取、N-更新循环、不必要解析、过度获取、批量操作、缓存作用域
已收集发现项，包含严重性、位置、工作量、建议
已使用惩罚算法计算分数
报告已写入 {output_dir}/651-query-efficiency.md (原子性的单次 Write 调用)
摘要已返回给协调器

审计输出模式： shared/references/audit_output_schema.md

版本： 1.0.0 最后更新： 2026-02-04

🇺🇸English

Paths: File paths (shared/, references/, ../ln-*) are relative to skills repo root. If not found at CWD, locate this SKILL.md directory and go up one level for repo root. If shared/ is missing, fetch files via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/{path}.

Query Efficiency Auditor (L3 Worker)

Specialized worker auditing database query patterns for redundancy, inefficiency, and misuse.

Purpose & Scope

Worker in ln-650 coordinator pipeline - invoked by ln-650-persistence-performance-auditor
Audit query efficiency (Priority: HIGH)
Check redundant fetches, batch operation misuse, caching scope problems
Write structured findings to file with severity, location, effort, recommendations
Calculate compliance score (X/10) for Query Efficiency category

Inputs (from Coordinator)

MANDATORY READ: Load shared/references/audit_worker_core_contract.md.

Receives contextStore with: tech_stack, best_practices, db_config (database type, ORM settings), codebase_root, output_dir.

Domain-aware: Supports domain_mode + current_domain.

Workflow

MANDATORY READ: Load shared/references/two_layer_detection.md for detection methodology.

Parse context from contextStore
- Extract tech_stack, best_practices, db_config, output_dir
- Determine scan_path (same logic as ln-624)
Scan codebase for violations
- All Grep/Glob patterns use scan_path
- Trace call chains for redundant fetches (requires reading caller + callee)
Collect findings with severity, location, effort, recommendation
Calculate score using penalty algorithm
Write Report: Build full markdown report in memory per shared/templates/audit_worker_report_template.md, write to {output_dir}/651-query-efficiency.md in single Write call
Return Summary: Return minimal summary to coordinator (see Output Format)

Audit Rules (Priority: HIGH)

1. Redundant Entity Fetch

What: Same entity fetched from DB twice in a call chain

Detection:

Find function A that calls repo.get(id) or session.get(Model, id), then passes id (not object) to function B
Function B also calls repo.get(id) or session.get(Model, id) for the same entity
Common pattern: acquire_next_pending() returns job, but _process_job(job_id) re-fetches it

Detection patterns (Python/SQLAlchemy):

Grep for repo.*get_by_id|session\.get\(|session\.query.*filter.*id in service/handler files
Trace: if function receives entity_id: int/UUID AND internally does repo.get(entity_id), check if caller already has entity object
Check expire_on_commit setting: if False, objects remain valid after commit

Severity:

HIGH: Redundant fetch in API request handler (adds latency per request)
MEDIUM: Redundant fetch in background job (less critical)
Downgrade when: Fetch in initialization/migration code (runs once) → LOW. Admin-only endpoint with low traffic → downgrade one level

Recommendation: Pass entity object instead of ID, or remove second fetch when expire_on_commit=False

Effort: S (change signature to accept object instead of ID)

2. N-UPDATE/DELETE Loop

What: Loop of individual UPDATE/DELETE operations instead of single batch query

Detection:

Pattern: for item in items: await repo.update(item.id, ...) or for item in items: await repo.delete(item.id)
Pattern: for item in items: session.execute(update(Model).where(...))

Detection patterns:

Grep for for .* in .*: followed by repo\.(update|delete|reset|save|mark_) within 1-3 lines
Grep for for .* in .*: followed by session\.execute\(.*update\( within 1-3 lines

Severity:

HIGH: Loop over >10 items (N separate round-trips to DB)
MEDIUM: Loop over <=10 items
Downgrade when: Loop in bootstrap/migration code (runs once) → LOW. Admin-only endpoint → downgrade one level

Recommendation: Replace with single UPDATE ... WHERE id IN (...) or session.execute(update(Model).where(Model.id.in_(ids)))

Effort: M (rewrite query + test)

3. Unnecessary Resolve

What: Re-resolving a value from DB when it is already available in the caller's scope

Detection:

Method receives profile_id and resolves engine from it, but caller already determined engine
Method receives lang_code and looks up dialect_id, but caller already has both lang and dialect
Pattern: function receives X_id, does get(X_id), extracts .field, when caller already has field

Severity:

MEDIUM: Extra DB query per invocation, especially in high-frequency paths

Recommendation: Split method into two variants: with_known_value(value, ...) and resolving_value(id, ...); or pass resolved value directly

Effort: S-M (refactor signature, update callers)

4. Over-Fetching

What: Loading full ORM model when only few fields are needed

Detection:

session.query(Model) or select(Model) without .options(load_only(...)) for models with >10 columns
Especially in list/search endpoints that return many rows
Pattern: loading full entity but only using 2-3 fields

Severity:

MEDIUM: Large models (>15 columns) in list endpoints
LOW: Small models (<10 columns) or single-entity endpoints

Recommendation: Use load_only(), defer(), or raw select(Model.col1, Model.col2) for list queries

Effort: S (add load_only to query)

5. Missing Bulk Operations

What: Sequential INSERT/DELETE/UPDATE instead of bulk operations

Detection:

for item in items: session.add(item) instead of session.add_all(items)
for item in items: session.delete(item) instead of bulk delete
Pattern: loop with single INSERT per iteration

Severity:

MEDIUM: Any sequential add/delete in loop (missed batch optimization)

Recommendation: Use session.add_all(), session.execute(insert(Model).values(list_of_dicts)), bulk_save_objects()

Effort: S (replace loop with bulk call)

6. Wrong Caching Scope

What: Request-scoped cache for data that rarely changes (should be app-scoped)

Detection:

Service registered as request-scoped (e.g., via FastAPI Depends()) with internal cache (_cache dict, _loaded flag)
Cache populated by expensive query (JOINs, aggregations) per each request
Data TTL >> request duration (e.g., engine configurations, language lists, feature flags)

Detection patterns:

Find classes with _cache, _loaded, _initialized attributes
Check if class is created per-request (via DI registration scope)
Compare: data change frequency vs cache lifetime

Severity:

HIGH: Expensive query (JOINs, subqueries) cached only per-request
MEDIUM: Simple query cached per-request

Recommendation: Move cache to app-scoped service (singleton), add TTL-based invalidation, or use CacheService with configurable TTL

Effort: M (change DI scope, add TTL logic)

Scoring Algorithm

MANDATORY READ: Load shared/references/audit_worker_core_contract.md and shared/references/audit_scoring.md.

Output Format

MANDATORY READ: Load shared/references/audit_worker_core_contract.md and shared/templates/audit_worker_report_template.md.

Write report to {output_dir}/651-query-efficiency.md with category: "Query Efficiency" and checks: redundant_fetch, n_update_delete_loop, unnecessary_resolve, over_fetching, missing_bulk_ops, wrong_caching_scope.

Return summary to coordinator:

Report written: docs/project/.audit/ln-650/{YYYY-MM-DD}/651-query-efficiency.md
Score: X.X/10 | Issues: N (C:N H:N M:N L:N)

Critical Rules

MANDATORY READ: Load shared/references/audit_worker_core_contract.md.

Do not auto-fix: Report only
Trace call chains: Rules 1 and 3 require reading both caller and callee
ORM-aware: Check expire_on_commit, autoflush, session scope before flagging redundant fetches
Context-aware: Small datasets or infrequent operations may justify simpler code
Exclude tests: Do not flag test fixtures or setup code

Definition of Done

MANDATORY READ: Load shared/references/audit_worker_core_contract.md.

contextStore parsed successfully (including output_dir)
scan_path determined (domain path or codebase root)
All 6 checks completed:
- redundant fetch, N-UPDATE loop, unnecessary resolve, over-fetching, bulk ops, caching scope
Findings collected with severity, location, effort, recommendation
Score calculated using penalty algorithm
Report written to {output_dir}/651-query-efficiency.md (atomic single Write call)
Summary returned to coordinator

Reference Files

Audit output schema: shared/references/audit_output_schema.md

Version: 1.0.0 Last Updated: 2026-02-04

Weekly Installs

145

Repository

levnikolaevich/…e-skills

GitHub Stars

245

First Seen

Feb 7, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykWarn

Installed on

cursor132

opencode132

gemini-cli131

claude-code131

codex131

github-copilot130

代码库搜索技能指南：精准查找函数、追踪依赖、理解架构与定位错误

10,900 周安装

数据库查询效率审计器 - 自动检测冗余获取、批量操作误用与缓存问题

🇨🇳中文介绍

查询效率审计器 (L3 Worker)

目的与范围

输入 (来自协调器)

相关 Skills

工作流程

审计规则 (优先级：高)

1. 冗余实体获取

2. N-更新/删除循环

3. 不必要的解析

4. 过度获取

5. 缺少批量操作

6. 错误的缓存作用域

评分算法

输出格式

关键规则

完成定义

参考文件

🇺🇸English

Query Efficiency Auditor (L3 Worker)

Purpose & Scope

Inputs (from Coordinator)

Workflow

Audit Rules (Priority: HIGH)

1. Redundant Entity Fetch

2. N-UPDATE/DELETE Loop

3. Unnecessary Resolve

4. Over-Fetching

5. Missing Bulk Operations

6. Wrong Caching Scope

Scoring Algorithm

Output Format

Critical Rules

Definition of Done

Reference Files

最新 Skills