A comprehensive skill for AI coding agents that provides best practices for Azure SQL Database development. Based on Microsoft's SQL Assessment API, Azure SQL Database performance guidance, and official documentation.
npx skills add <your-github-username>/azure-sql-best-practicesThis skill helps AI agents:
- Analyze T-SQL code for performance, security, and maintainability issues
- Fix SQL injection vulnerabilities in application code (Python, Node.js, C#)
- Optimize queries by identifying non-SARGable predicates, missing indexes, and inefficient patterns
- Improve connection management with pooling and retry logic
- Configure databases with Query Store, automatic tuning, and proper settings
- Review security including permissions, encryption, and row-level security
azure-sql-best-practices/
├── skills/
│ └── azure-sql-best-practices/
│ ├── SKILL.md # Main skill definition
│ ├── AGENTS.md # Compiled guide for agents
│ ├── rules/ # Individual rule files
│ │ ├── query-avoid-select-star.md
│ │ ├── query-parameterize.md
│ │ ├── index-cover-queries.md
│ │ ├── connection-pooling.md
│ │ ├── security-least-privilege.md
│ │ ├── tsql-set-nocount.md
│ │ └── config-query-store.md
│ ├── scripts/ # Helper scripts
│ │ ├── analyze-tsql.py
│ │ ├── check-indexes.sql
│ │ └── security-audit.sql
│ └── references/ # Reference documentation
├── test-app/ # Test application with violations
│ ├── sql/ # T-SQL with issues
│ ├── python/ # Python app with issues
│ ├── node/ # Node.js app with issues
│ ├── csharp/ # C# app with issues
│ └── tests/ # Test runner
└── README.md
| Priority | Category | Impact | Example Rules |
|---|---|---|---|
| 1 | Query Performance | CRITICAL | query-avoid-select-star, query-parameterize, query-sargable |
| 2 | Indexing Strategy | CRITICAL | index-cover-queries, index-missing-index-dmv |
| 3 | Security | HIGH | security-least-privilege, security-encrypt-connections |
| 4 | Connection Management | HIGH | connection-pooling, connection-retry-logic |
| 5 | T-SQL Patterns | MEDIUM-HIGH | tsql-set-nocount, tsql-error-handling |
| 6 | Database Configuration | MEDIUM | config-query-store, config-auto-tuning |
| 7 | Data Modeling | MEDIUM | model-normalization, model-appropriate-types |
| 8 | Monitoring | LOW-MEDIUM | monitor-dmvs, monitor-query-performance-insight |
Once installed, your AI agent will automatically apply these best practices when working with Azure SQL Database code.
"Review this stored procedure for best practices"
"Fix SQL injection vulnerabilities in my Python database code"
"Optimize this query that's running slowly"
"Check my database for security issues"
"Add retry logic and connection pooling to this application"
Before (Vulnerable):
def get_user(user_id):
query = f"SELECT * FROM Users WHERE UserID = {user_id}"
cursor.execute(query)After (Fixed):
def get_user(user_id: int) -> Optional[User]:
query = "SELECT UserID, Name, Email FROM Users WHERE UserID = ?"
cursor.execute(query, (user_id,))The test-app/ directory contains applications with intentional violations for testing:
# Run the T-SQL analyzer
cd skills/azure-sql-best-practices/scripts
python analyze-tsql.py ../../test-app/sql/
# Run all tests
cd test-app/tests
python test_runner.pyThis skill is based on:
- SQL Assessment API
- Azure SQL Database Performance Guidance
- Azure SQL Database Security Best Practices
- Query Store Best Practices
Contributions are welcome! Please:
- Fork the repository
- Create a feature branch
- Add new rules following the existing format
- Include tests for new rules
- Submit a pull request
MIT License - see LICENSE for details.
- vercel-labs/agent-skills - React/Next.js best practices