| name | search |
| description | Use when creating, updating, reviewing, or debugging search, filtering, sorting, pagination, full-text search, query performance, indexes, relevance, or search security. |
Search
Use this skill for safe, fast, and relevant search/query features.
Rules
- Follow the project’s existing search pattern.
- Do not add a new search engine, database extension, cache layer, or query library unless already used or explicitly requested.
- Validate and limit all search input.
- Use parameterized queries or safe query builders.
- Never concatenate raw user input into queries.
- Add pagination or limits to every search result.
- Use indexes for searched, filtered, and sorted fields where needed.
- Return empty results safely when nothing matches.
- Keep filters, sorting, and pagination consistent with existing API/UI patterns.
- Cache search results only when safe and invalidation is clear.
- Preserve existing response, error, logging, and test patterns.
- Avoid unrelated refactors.
Inspect First
Before changing search code, check existing patterns for:
- search endpoint or service
- query builder or ORM usage
- full-text search support
- indexes
- pagination style
- filter format
- sort options
- cache usage
- response shape
- frontend debounce behavior
- test style
Implementation Checklist
- Identify searchable fields.
- Validate query length and filter values.
- Normalize search input where appropriate.
- Use safe parameterized queries.
- Add max result limits.
- Implement pagination.
- Apply filters safely.
- Restrict sort fields to an allowlist.
- Select only needed fields.
- Avoid N+1 queries.
- Add indexes or note missing indexes when needed.
- Add or update relevant tests.
Security Rules
- Prevent SQL/NoSQL injection.
- Do not expose private records through search.
- Enforce user, organization, tenant, role, or permission filters server-side.
- Do not trust client-provided scope or ownership.
- Do not expose sensitive fields in results.
- Avoid logging raw sensitive search terms.
Performance Rules
- Avoid unbounded queries.
- Avoid loading all rows into memory.
- Use indexes for common filters and sorts.
- Prefer cursor pagination for large or changing datasets when the project supports it.
- Log or investigate slow queries using existing project tooling.
- Avoid expensive fuzzy/full-text search unless supported by the current stack.
Relevance Rules
- Match the project’s existing ranking behavior.
- Prefer exact matches before fuzzy matches when appropriate.
- Keep sorting predictable.
- Make empty, loading, and no-result states clear in UI.
- Debounce frontend search input if the project searches on typing.
Cache Rules
- Cache only when results are not permission-sensitive or cache keys include the required scope.
- Include query, filters, sort, page, locale, tenant/user scope, and relevant variants in cache keys.
- Use short TTLs unless invalidation is reliable.
- Invalidate search cache when indexed data changes.
Tests
Cover relevant paths:
- basic search
- empty query behavior
- no results
- filters
- sorting
- pagination
- invalid input
- injection attempt
- permission/scoped results
- slow or large result handling if relevant