Migración de base de datos

[lesterdlb]

Herramienta utilizada: Claude Code
Agente utilizado: sql-pro
MCP utilizado para verificación: postgres-mcp

Summary by CodeRabbit

• New Features

  • Database infrastructure to support recruitment workflows, including company management, employee roles, job positions, candidate applications, and interview tracking.

• Documentation

  • Added database migration planning and verification guides.
  • Added SQL expertise agent documentation.

• Chores

  • Configured PostgreSQL database server connectivity.

[coderabbitai]

Walkthrough

This PR introduces a comprehensive ATS (Applicant Tracking System) database expansion featuring initial schema setup and subsequent schema refinement. It adds thirteen new tables across recruitment workflows (Company, Employee, Position, Application, Interview, and supporting entities), five new enums, multiple indexes for query optimization, and PostgreSQL MCP configuration. Supporting documentation outlines requirements, schema planning, and verification workflows.

Changes

Cohort / File(s)	Summary
Agent & Configuration .claude/agents/sql-pro.md, .mcp.json	New SQL expertise agent definition with tool listings and domain expertise; PostgreSQL MCP server configuration for Docker-based database connectivity.
Database Migrations backend/prisma/migrations/20251116002143_initial/migration.sql, backend/prisma/migrations/20251116010152_expand_ats_schema/migration.sql	Initial schema with Candidate, Education, WorkExperience, Resume tables; expanded migration adding Company, Employee, Position, Application, Interview, InterviewFlow, InterviewStep, InterviewType with enums (PositionStatus, EmploymentType, ApplicationStatus, InterviewResult, EmployeeRole) and composite indexes.
Prisma Schema backend/prisma/schema.prisma	Updated data model with five new enums and twelve new models (Company, Employee, InterviewType, InterviewFlow, InterviewStep, Position, Application, Interview); modified Candidate/Education/WorkExperience/Resume with cascade delete behaviors and extended field constraints.
Documentation & Prompts prompts/Requerimiento.md, prompts/prompts-ldlb.md	Requirements document with Mermaid ERD for ATS entities; comprehensive prompt workflow covering schema analysis, migration creation with best practices, and database verification against PostgreSQL MCP server.

Sequence Diagram

sequenceDiagram
    actor User
    participant Prisma as Prisma ORM
    participant DB as PostgreSQL
    participant MCP as PostgreSQL MCP<br/>(Agent)
    
    rect rgb(200, 230, 255)
    note over User,MCP: Migration & Verification Workflow
    User->>Prisma: Run migration dev<br/>(expand_ats_schema)
    Prisma->>DB: Execute SQL:<br/>Create enums & tables
    DB-->>Prisma: Schema updated
    Prisma-->>User: Migration applied
    end
    
    rect rgb(220, 240, 220)
    note over User,MCP: Verification Phase
    User->>MCP: List tables & verify<br/>structure
    MCP->>DB: SELECT from<br/>pg_tables, pg_indexes
    DB-->>MCP: Return metadata
    MCP-->>User: Confirm 13 tables,<br/>32+ indexes, FKs
    end
    
    rect rgb(240, 220, 220)
    note over User,MCP: Validation Query
    User->>DB: Test join query:<br/>Position → Application<br/>→ Candidate
    DB-->>User: Results valid ✓
    end

Loading

Estimated Code Review Effort

🎯 4 (Complex) | ⏱️ ~45–60 minutes

Areas requiring extra attention:

• Foreign key cascade rules: Review the ON DELETE/UPDATE CASCADE vs. ON DELETE RESTRICT directives across all FK relationships in both migrations (e.g., Application and Interview have mixed strategies).
• Unique and composite indexes: Verify index coverage is sufficient for common queries on status, company filters, and application–candidate combinations without duplication.
• Enum definitions and usage: Confirm all five enums (PositionStatus, EmploymentType, ApplicationStatus, InterviewResult, EmployeeRole) are correctly referenced in models and migrations with no type mismatches.
• Migration order and idempotence: Ensure the two migrations run sequentially without conflicts, particularly the alterations to Candidate and related child tables between migrations.
• Data type choices: Validate DECIMAL(12,2) for salary fields, VARCHAR lengths (200, 320, 500), and TIMESTAMP(3) precision align with application requirements.
• Relationships and reverse relations: Confirm bidirectional relation definitions in schema.prisma (e.g., Company→Employees/Positions, Position→Applications, etc.) match FK definitions.

Poem

🐰 From seeds of schema, new tables bloom,
Five enums guide the hire and gloom,
Positions cascade, applications flow,
Interviews track each high and low.
With indexes swift and relations tight,
The ATS now dances in SQL light! ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Migración de base de datos' (Database Migration) directly and accurately describes the main purpose of this changeset, which implements a comprehensive ATS database schema with migrations, Prisma models, and supporting documentation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

backend/prisma/migrations/20251116010152_expand_ats_schema/migration.sql (1)

144-248: Comprehensive indexing strategy optimizes query performance across all entities.

Composite indexes target common query patterns:

• Position(companyId, status) - find open positions by company
• Position(status, applicationDeadline, isVisible) - find visible positions nearing deadline
• Application(positionId, status) - find applications for a position by status
• Interview(applicationId, interviewStepId, interviewDate) - complex interview queries
• Interview(employeeId, interviewDate) - find interviews by interviewer and date

One optimization note: Company has both a unique index on name (line 145) and a regular index on name (line 148). The unique index can serve both purposes; the regular index is redundant.

Consider removing the redundant index to reduce storage overhead:

 -- CreateIndex
 CREATE UNIQUE INDEX "Company_name_key" ON "Company"("name");
 
--- CreateIndex
-CREATE INDEX "Company_name_idx" ON "Company"("name");

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between eba3f29 and f3238ee.

📒 Files selected for processing (7)

• .claude/agents/sql-pro.md (1 hunks)
• .mcp.json (1 hunks)
• backend/prisma/migrations/20251116002143_initial/migration.sql (1 hunks)
• backend/prisma/migrations/20251116010152_expand_ats_schema/migration.sql (1 hunks)
• backend/prisma/schema.prisma (3 hunks)
• prompts/Requerimiento.md (1 hunks)
• prompts/prompts-ldlb.md (1 hunks)

🧰 Additional context used

🪛 Checkov (3.2.334)

.mcp.json

[medium] 15-16: Basic Auth Credentials

(CKV_SECRET_4)

🪛 LanguageTool

prompts/Requerimiento.md

[grammar] ~5-~5: Corrige la minúscula.
Context: ...osiciones. Convertir el ERD en formato mermaid aquí presentado a un script SQL. Analiz...

(QB_NEW_ES_OTHER_ERROR_IDS_REPLACEMENT_ORTHOGRAPHY_LOWERCASE)

---

[grammar] ~7-~7: Cambia la forma del sustantivo.
Context: ...buenas practicas, como la definición de Indices y la normalización de la base datos, ya...

(QB_NEW_ES_OTHER_ERROR_IDS_REPLACEMENT_NOUN_FORM)

---

[grammar] ~7-~7: Aquí puede haber un error.
Context: ...ión de Indices y la normalización de la base datos, ya que el ERD proporcionado no c...

(QB_NEW_ES)

prompts/prompts-ldlb.md

[grammar] ~17-~17: Ensure spelling is correct
Context: ... entities: - Candidate, Education, WorkExperience, Resume - Current relationships and...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

🔇 Additional comments (11)

backend/prisma/migrations/20251116002143_initial/migration.sql (1)

1-59: Initial migration looks structurally sound.

The Candidate, Education, WorkExperience, and Resume tables are well-defined with appropriate field types, indexes, and foreign key constraints. The RESTRICT-on-delete strategy prevents accidental data loss while CASCADE-on-update maintains referential integrity.

One note: The email field is VARCHAR(255) here, but the expand migration changes it to VARCHAR(320) for RFC 5321 compliance (covered separately).

.claude/agents/sql-pro.md (1)

1-73: Agent documentation provides clear SQL expertise framework.

The sql-pro agent documentation comprehensively outlines expertise in complex queries, optimization, database-specific features, and best practices. This serves as a valuable reference for migration planning and implementation.

prompts/Requerimiento.md (1)

1-98: Requirements document clearly specifies ATS expansion with comprehensive ERD.

The Mermaid ERD effectively captures all 9 entities, their fields, and relationships. The requirement to apply best practices (indices, normalization, enums) aligns well with the subsequent implementation.

Minor note: Static analysis flagged some Spanish grammar (lines 5, 7). These are stylistic and not critical, but can be addressed in future documentation maintenance if desired.

prompts/prompts-ldlb.md (1)

1-515: Migration planning and verification workflow is well-structured and comprehensive.

The three-prompt chain (Analysis → Creation → Verification) provides a clear methodology for the database expansion. The responses show detailed planning, implementation tracking, and verification records, which is valuable for documentation and audit trails.

Note: The responses claim 32 additional indexes and specific cascade behaviors. These should be verified against the actual SQL migration file (20251116010152_expand_ats_schema/migration.sql) to ensure all promised optimizations were implemented.

backend/prisma/schema.prisma (3)

17-55: Enums provide good data integrity for categorical fields.

The five enums (PositionStatus, EmploymentType, ApplicationStatus, InterviewResult, EmployeeRole) properly normalize fixed-value fields and enforce type safety at the database level.

---

57-156: Core ATS models are well-structured with comprehensive indexing.

Company, Employee, InterviewType, InterviewFlow, InterviewStep, and Position models establish proper relationships and include strategic indexing for common query patterns (e.g., Position composite indexes on companyId+status, status+deadline+visibility).

---

158-226: Application and Interview models have appropriate cascade and restrict rules.

The cascade/restrict strategy is thoughtful:

• CASCADE on Application→Interview deletion ensures cleanup of related interviews
• SET NULL on Interview→Employee allows interviewer deletion without losing interview history
• RESTRICT on Application→(Position, Candidate) prevents accidental deletion of entities with applications

One design consideration: The unique constraint on Application(positionId, candidateId) prevents the same candidate from applying to the same position twice. This may be intentional (avoid duplicate applications), but verify it doesn't block legitimate reapplications after rejection.

Can you confirm whether allowing re-applications to the same position after rejection is a business requirement? If yes, consider removing or relaxing the unique constraint.

backend/prisma/migrations/20251116010152_expand_ats_schema/migration.sql (4)

1-15: Enum types are well-defined and match Prisma schema.

All five enums (PositionStatus, EmploymentType, ApplicationStatus, InterviewResult, EmployeeRole) are created with appropriate values for ATS operations.

---

16-27: Candidate table type changes are safe and forward-looking.

The VARCHAR size expansions (email 255→320, phone 15→20) are widening operations that won't cause data loss with existing data. The 320-character email field accommodates RFC 5321 compliance, and 20-character phone supports international formats with extensions.

---

29-142: Eight new tables are well-structured with appropriate field types and defaults.

All tables include:

• Auto-incrementing primary keys
• Audit timestamps (createdAt, updatedAt)
• Sensible default values (e.g., PositionStatus DEFAULT 'DRAFT', ApplicationDate DEFAULT CURRENT_TIMESTAMP)
• Nullable fields for optional data (e.g., Interview.result, Interview.score, Employee.employeeId)
• Proper data types (DECIMAL for salary fields, SMALLINT for scores, TEXT for long-form content)

---

249-286: Foreign key cascade rules are thoughtfully designed for data integrity.

The strategy balances referential integrity with business logic:

CASCADE deletions (hierarchical cleanup):

• Employee → Company: Employees deleted when company is deleted ✓
• InterviewStep → InterviewFlow: Steps deleted when flow is deleted ✓
• Interview → Application: Interviews deleted when application is withdrawn/deleted ✓
• Education/WorkExperience/Resume → Candidate: Related records deleted when candidate is deleted ✓

RESTRICT deletions (prevent orphans):

• Application → Position: Prevents accidental deletion of positions with pending applications ✓
• Application → Candidate: Prevents deletion of candidates with active applications ✓
• InterviewStep → InterviewType: Prevents deletion of interview types in use ✓
• Interview → InterviewStep: Prevents deletion of interview steps with scheduled interviews ✓

SET NULL deletion (preserve history):

• Interview → Employee: Allows employee deletion without losing interview records ✓

One concern to verify: The Interview→Application CASCADE means deleting an Application record cascades to delete all related Interviews. This is permanent data loss. Confirm this aligns with business requirements—consider if soft deletes (isDeleted flag) would be safer for audit purposes.

Verify the CASCADE delete behavior on Application→Interview is intentional. If audit trails must be preserved, consider implementing soft deletes (add isDeleted or status='ARCHIVED' flag) instead of hard deletion.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Critical: Remove hardcoded database credentials from version control.

The DATABASE_URI contains plaintext username and password. This violates security best practices and compliance requirements, and credentials are now exposed in git history.

Immediate remediation required:

1. Rotate the exposed database credentials (LTIdbUser password)
2. Remove credentials from .mcp.json and use environment variables instead
3. Update git history if this is production data (e.g., git filter-branch or BFG Repo-Cleaner)

Recommended fix:

 {
   "mcpServers": {
     "postgres": {
       "command": "docker",
       "args": [
         "run",
         "-i",
         "--rm",
         "-e",
         "DATABASE_URI",
         "crystaldba/postgres-mcp",
         "--access-mode=unrestricted"
       ],
       "env": {
-        "DATABASE_URI": "postgresql://LTIdbUser:D1ymf8wyQEGthFR1E9xhCq@localhost:5432/LTIdb"
+        "DATABASE_URI": "${env.DATABASE_URI}"
       }
     }
   }
 }

Then set the environment variable in your shell or CI/CD pipeline before running the MCP server. Store the actual URI in your secrets manager (GitHub Secrets, 1Password, etc.).

---

---

🏁 Script executed:

```shell
#!/bin/bash
# Check if .mcp.json exists and show its content
echo "=== Checking for .mcp.json ===" 
fd -type f -name "\.mcp\.json$" -exec cat {} \;

echo -e "\n=== Git history for .mcp.json ===" 
git log --oneline -p .mcp.json 2>/dev/null | head -50

echo -e "\n=== Check for other config files with DATABASE_URI ===" 
rg -i "DATABASE_URI" -A2 -B2

echo -e "\n=== Look for environment variable patterns in config ===" 
rg -i "env\." --type json -A1 -B1

Length of output: 1714

---

🏁 Script executed:

#!/bin/bash
# Check for any secrets or credential patterns in config files
echo "=== Searching for password/credential patterns ===" 
rg -i "password|secret|credential" --type json -C2

echo -e "\n=== Check MCP configuration files ===" 
fd -type f \( -name "*.mcp.*" -o -name "mcp*" \) -exec ls -la {} \;

Length of output: 260

---

🏁 Script executed:

#!/bin/bash
# Verify MCP documentation on environment variable support
echo "Checking MCP server configuration documentation..."
curl -s "https://raw.githubusercontent.com/modelcontextprotocol/specification/main/README.md" | grep -A5 -B5 -i "environment\|env\|variable" | head -30

Length of output: 50

---

🏁 Script executed:

#!/bin/bash
# Search for MCP documentation or examples in the repository
echo "=== Looking for MCP documentation or examples ===" 
fd -name "*mcp*" -o -name "*MCP*" | head -20

echo -e "\n=== Check for README or docs ===" 
fd -name "README*" -o -name "*.md" | xargs grep -l -i "mcp\|environment" 2>/dev/null | head -10

echo -e "\n=== Check if there are environment variable references elsewhere ===" 
rg '\$\{env\.' -C2

echo -e "\n=== Full .mcp.json file ===" 
cat .mcp.json

Length of output: 964

---

🌐 Web query:

MCP model context protocol environment variables configuration syntax

💡 Result:

Short answer — MCP servers (stdio type) let you pass environment variables either via the CLI when adding the server or in the client config.toml. Example forms:

• CLI: codex mcp add --env VAR1=VALUE1 --env VAR2=VALUE2 -- . [1]

• config.toml (per-server table):
  [mcp.]
  command = ""
  args = ["arg1","arg2"] # optional
  env = { VAR1 = "VALUE1", VAR2 = "VALUE2" } # optional map of env vars

You can also configure timeouts and other MCP options (startup_timeout_sec, tool_timeout_sec, bearer_token for HTTP servers, experimental_use_rmcp_client, etc.). See the MCP spec / docs and the Codex MCP docs for full fields and examples. [1][2]

Sources:

• Codex / MCP configuration docs (config.toml and CLI examples). [1]
• Official Model Context Protocol repository / spec. [2]

---

---

🏁 Script executed:

#!/bin/bash
# Search for how MCP configs are loaded/parsed in the repo
echo "=== Check for .mcp.json usage or loading logic ===" 
rg -i "mcp\.json" -A3 -B3

echo -e "\n=== Check for variable interpolation or config parsing ===" 
rg -i "\$\{.*\}" --type=json --type=js --type=ts -C2

echo -e "\n=== Look for MCP-related package dependencies ===" 
fd -name "package.json" -exec cat {} \; | grep -i "mcp\|context.*protocol"

Length of output: 392

---

🌐 Web query:

MCP model context protocol JSON config variable substitution support

💡 Result:

Short answer: There is no single MCP-wide rule. Variable-substitution in JSON MCP config is implementation-dependent — some clients/servers accept ${...} (or ${env:VAR}) placeholders, but many do not. For example, Claude-format .mcp.json files commonly do NOT expand ${VAR} and require literal values or passing env via the process environment, while other tools (GenAIScript examples) show ${env:DEBUG} usage working in their toolchain. Sources: [OpenAI/Codex MCP docs], [voice-mode docs (tests showing no substitution)], [GenAIScript examples].

If you tell me which client (Claude Desktop, Codex, GenAIScript, Hyperspell, etc.) or which config file you’re editing, I’ll check that implementation and give exact behavior and a recommended workaround.

Sources

1. Model Context Protocol / Codex MCP docs. [1]
2. voice-mode doc: “Environment variable substitution is NOT supported in .mcp.json”. [2]
3. GenAIScript MCP config examples showing ${env:...} usage. [3]

---

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"env": {
	"DATABASE_URI": "postgresql://LTIdbUser:D1ymf8wyQEGthFR1E9xhCq@localhost:5432/LTIdb"
	}
	"env": {
	}

🧰 Tools

🪛 Checkov (3.2.334)

[medium] 15-16: Basic Auth Credentials

(CKV_SECRET_4)

🤖 Prompt for AI Agents

.mcp.json lines 14-16: the DATABASE_URI currently contains hardcoded plaintext
DB credentials; remove the URI from the file (do not replace with ${env.*}
syntax since .mcp.json substitution is implementation-dependent), commit the
file without secrets, and update the README/deployment docs to require that
DATABASE_URI be supplied by the runtime environment (e.g., container -e, host
env, or platform secret) and stored in a secrets manager; immediately rotate the
exposed database password and, if this is production data, scrub the secret from
git history using BFG or git-filter-repo and add a pre-commit secret-scanning
check to prevent future leaks.

[PetraZeta]

💪 Fortalezas

1. El modelado de Candidate, Education, WorkExperience y Resume está bien normalizado y refleja de forma clara las relaciones 1-N entre candidato y sus datos asociados.

2. Has definido restricciones importantes como la UNIQUE sobre Candidate.email, que es clave para mantener integridad lógica en un sistema de talento.

3. El schema.prisma está muy completo: enums bien pensados, índices compuestos relevantes para consultas reales y relaciones con onDelete explícito, lo cual demuestra un buen entendimiento de Prisma y del dominio del proyecto (Talent Tracking System).

---

🔧 Recomendaciones de mejora

1. Alinea las opciones de ON DELETE de las FKs en el SQL con lo que has definido en Prisma (onDelete: Cascade para Education, WorkExperience y Resume). Así evitas inconsistencias entre el comportamiento real de la BD y el que Prisma “cree” que existe.

2. Ajusta las longitudes de VARCHAR en el SQL (por ejemplo email y phone) para que coincidan con @db.VarChar(...) en Prisma; esto reduce sorpresas en futuras migraciones.

3. Añade índices explícitos sobre las columnas candidateId en las tablas relacionadas y considera algunos CHECK (como endDate >= startDate) para reforzar integridad y rendimiento en consultas frecuentes.

---

🚀 Mensaje final

Vas por muy buen camino: el modelo es sólido, las relaciones están bien pensadas y el uso de Prisma es más avanzado de lo habitual para este punto del curso. Los ajustes que faltan son principalmente de alineación fina entre el SQL y Prisma, y de optimización de integridad/rendimiento. Con un par de iteraciones más, este esquema puede pasar perfectamente como diseño profesional de un sistema de tracking de talento. ¡Sigue así, cada mejora que hagas ahora te acerca mucho al nivel de un DBA/Backend senior! 🙌