@superblocksteam/vite-plugin-file-sync 2.0.86 → 2.0.87-next.0

package/dist/ai-service/skills/system/superblocks-api/skill.generated.js

@@ -18,12 +18,14 @@ This skill covers building backend APIs using Superblocks workflow blocks, integ
 ## Mental Model
 
 APIs in Superblocks are backend logic blocks that run in a secure server environment. They:
+
 - Execute integrations (database queries, API calls, etc.)
 - Process data with JavaScript or Python
 - Return data to the frontend
 - **Cannot** directly modify UI state
 
 **Superblocks APIs are NOT traditional backend services.** They are frontend-coupled workflow builders that:
+
 - Build declarative workflows using a chain of blocks
 - Receive input parameters passed from the frontend
 - Are visualized in the Superblocks editor
@@ -65,6 +67,25 @@ export default new Api("apiName", [
 
 **🚨 CRITICAL:** Only code inside \`new Api()\` is serialized. Constants/helpers defined outside cause \`ReferenceError\` at runtime.
 
+## Getting Integration-Specific Types
+
+**BEFORE building APIs with integrations, call the \`getIntegrationTypes\` tool** with the integration IDs you plan to use.
+
+This tool provides dynamic, integration-specific information that cannot be included in skill files:
+
+- TypeScript class definitions (constructor signatures, config options, methods)
+- Integration-specific examples and patterns
+- SQL parameterized query syntax (for database integrations, if supported)
+
+**Example:**
+
+\`\`\`
+getIntegrationTypes({ integrationIds: ["postgres-abc123", "snowflake-xyz789"] })
+\`\`\`
+
+The core patterns in this skill file (scoping rules, control flow, best practices) apply to ALL integrations.
+The \`getIntegrationTypes\` tool provides the specific TypeScript types for the integration classes you're using.
+
 ## 🔍 Integration Exploration Workflow (CRITICAL)
 
 When exploring integrations and data sources, use \`grepMetadata\` to understand schema before querying:
@@ -72,6 +93,7 @@ When exploring integrations and data sources, use \`grepMetadata\` to understand
 ### 1. Start with metadata exploration
 
 Use \`grepMetadata\` to understand:
+
 - What tables/endpoints exist
 - Schema structure and
 - Available fields and data types
@@ -86,6 +108,7 @@ Use \`grepMetadata\` to understand:
 ### 3. Database vs OpenAPI key formats
 
 **DATABASE integrations** (Postgres, MySQL, Snowflake, Databricks):
+
 - Use **numeric array indices**: \`[0]\`, \`[1]\`, \`[2]\`, etc.
 - Pattern: Use \`\\\\d+\` to match any number
 - Structure: All databases use \`json.dbSchema.schemas[]\` and \`json.dbSchema.tables[]\`
@@ -96,6 +119,7 @@ Use \`grepMetadata\` to understand:
   - ❌ \`"\\\\.schema\\\\.tables"\` - WRONG! It's \`dbSchema\` not \`schema\`
 
 **OPENAPI integrations** (REST APIs with OpenAPI specs):
+
 - Use **string object keys**: \`["/users"]\`, \`["/repos"]\`
 - Pattern: Use \`.*\` to match any key (NOT \`\\\\d+\`!)
 - Examples:
@@ -105,6 +129,7 @@ Use \`grepMetadata\` to understand:
 ### 4. REST API vs OpenAPI Selection
 
 **🚨 CRITICAL: When working with REST API integrations:**
+
 1. ALWAYS call \`grepMetadata\` first to determine if the REST API is OpenAPI-backed
 2. If metadata shows it's an OpenAPI-backed API, you MUST use the \`OpenApi\` class with \`openapi.path\`
 3. Only use \`RestApi\` class for non-OpenAPI REST integrations
@@ -118,38 +143,56 @@ export type Binding<T> = T | ((state: State) => T);
 
 // Control Flow Blocks
 export declare class Conditional extends Block {
-  constructor(name: string, config: {
-    if: { when: Binding<boolean>; then: Block[] };
-    elif?: { when: Binding<boolean>; then: Block[] }[];
-    else?: Block[];
-  });
+  constructor(
+    name: string,
+    config: {
+      if: { when: Binding<boolean>; then: Block[] };
+      elif?: { when: Binding<boolean>; then: Block[] }[];
+      else?: Block[];
+    },
+  );
 }
 
 export declare class Loop extends Block {
-  constructor(name: string, config:
-    | { type?: "TYPE_FOREACH"; over: Binding<JsonValue[]>; variables: { item: string; index: string }; blocks: Block[] }
-    | { type: "TYPE_WHILE"; condition: Binding<boolean>; blocks: Block[] }
+  constructor(
+    name: string,
+    config:
+      | {
+          type?: "TYPE_FOREACH";
+          over: Binding<JsonValue[]>;
+          variables: { item: string; index: string };
+          blocks: Block[];
+        }
+      | { type: "TYPE_WHILE"; condition: Binding<boolean>; blocks: Block[] },
   );
 }
 
 export declare class Parallel extends Block {
-  constructor(name: string, config:
-    | { mode: "dynamic"; over: Binding<JsonValue[]>; blocks: Block[] }
-    | { mode: "static"; paths: Record<string, Block[]> }
+  constructor(
+    name: string,
+    config:
+      | { mode: "dynamic"; over: Binding<JsonValue[]>; blocks: Block[] }
+      | { mode: "static"; paths: Record<string, Block[]> },
   );
 }
 
 export declare class Variables extends Block {
-  constructor(name: string, variables: { key: string; value: Binding<JsonValue> }[]);
+  constructor(
+    name: string,
+    variables: { key: string; value: Binding<JsonValue> }[],
+  );
 }
 
 export declare class TryCatch extends Block {
-  constructor(name: string, config: {
-    try: Block[];
-    catch: Block[];
-    finally?: Block[];
-    variables: { error: string };
-  });
+  constructor(
+    name: string,
+    config: {
+      try: Block[];
+      catch: Block[];
+      finally?: Block[];
+      variables: { error: string };
+    },
+  );
 }
 
 export declare class Throw extends Block {
@@ -179,12 +222,14 @@ export declare class Api {
 **CRITICAL: Blocks can only access outputs from specific scopes.**
 
 ### What blocks CAN access:
+
 1. **Previous sibling blocks** at the same level (executed before them)
 2. **ALL ancestor block outputs** (parent, grandparent, etc.)
 3. **Parent control flow variables** (e.g., \`item\` and \`index\` in Loop)
 4. **Control flow block outputs** (equals output of their last child block)
 
 ### What blocks CANNOT access:
+
 - ❌ Outputs from blocks nested inside other control flow blocks
 - ❌ Outputs from blocks in other Conditional branches
 - ❌ Outputs from blocks that come after them
@@ -193,21 +238,22 @@ export declare class Api {
 
 \`\`\`typescript
 // ✅ CORRECT: Destructure variables/blocks you need
-when: ({ hasMore }) => !hasMore.value
-over: ({ items }) => items.output
-condition: ({ counter }) => counter.value < 10
+when: ({ hasMore }) => !hasMore.value;
+over: ({ items }) => items.output;
+condition: ({ counter }) => counter.value < 10;
 
 // ✅ Multiple variables in one function
 fn: ({ results, page, hasMore }) => {
   results.set([...results.value, ...newItems]);
   page.set(page.value + 1);
-}
+};
 
 // ❌ WRONG: Single param pattern causes runtime error!
-when: (p) => !p.hasMore.value  // TypeError!
+when: (p) => !p.hasMore.value; // TypeError!
 \`\`\`
 
 **Access patterns by type:**
+
 - **API Inputs**: Access directly (no \`.value\`)
 - **Step Outputs**: Use \`.output\`
 - **Loop Variables**: Use \`.value\`
@@ -217,6 +263,7 @@ when: (p) => !p.hasMore.value  // TypeError!
 ## Input Discovery Rules
 
 **You do NOT need to explicitly declare API inputs.** They are automatically discovered when:
+
 1. Destructured in block functions but not defined elsewhere
 2. Referenced but not produced by any previous block
 
@@ -225,52 +272,96 @@ when: (p) => !p.hasMore.value  // TypeError!
 \`\`\`typescript
 // ✅ CORRECT - Typed parameters
 new JavaScript("validate_email", {
-  fn: ({ email }: { email: string }) => email.includes("@")
-})
+  fn: ({ email }: { email: string }) => email.includes("@"),
+});
 
 new PostgreSQL("search_users", "postgres-id", {
   statement: ({ searchTerm, limit }: { searchTerm: string; limit: number }) =>
-    \`SELECT * FROM users WHERE name ILIKE '%\${searchTerm}%' LIMIT \${limit}\`
-})
+    \`SELECT * FROM users WHERE name ILIKE '%\${searchTerm}%' LIMIT \${limit}\`,
+});
 
 // ❌ WRONG - Untyped parameters
 new JavaScript("validate_email", {
-  fn: ({ email }) => email.includes("@")  // ❌ No type!
-})
+  fn: ({ email }) => email.includes("@"), // ❌ No type!
+});
 \`\`\`
 
 ## SQL Best Practices
 
-### 1. ONE Query Per Block Rule
+### 1. 🚨 ALWAYS Add Defensive Row Limits
+
+**Every SELECT query MUST include a row limit to prevent timeouts and crashes.** Always include a row limit clause to prevent runaway queries. Use 100 as the default unless user specifies otherwise.
+
+Different SQL dialects have different syntax:
+
+| Database                                                  | Syntax                    | Example                                                                  |
+| --------------------------------------------------------- | ------------------------- | ------------------------------------------------------------------------ |
+| PostgreSQL, MySQL, MariaDB, Snowflake, Redshift, BigQuery | \`LIMIT N\`                 | \`SELECT * FROM users LIMIT 100\`                                          |
+| SQL Server (MSSQL)                                        | \`SELECT TOP N\`            | \`SELECT TOP 100 * FROM users\`                                            |
+| SQL Server with ORDER BY                                  | \`OFFSET...FETCH\`          | \`SELECT * FROM users ORDER BY id OFFSET 0 ROWS FETCH NEXT 100 ROWS ONLY\` |
+| Oracle                                                    | \`FETCH FIRST N ROWS ONLY\` | \`SELECT * FROM users FETCH FIRST 100 ROWS ONLY\`                          |
+
+**Examples:**
+
+\`\`\`sql
+-- ✅ PostgreSQL/MySQL/Snowflake
+SELECT * FROM orders ORDER BY created_at DESC LIMIT 100;
+
+-- ✅ SQL Server
+SELECT TOP 100 * FROM orders ORDER BY created_at DESC;
+
+-- ✅ SQL Server with OFFSET (for pagination)
+SELECT * FROM orders ORDER BY created_at DESC OFFSET 0 ROWS FETCH NEXT 100 ROWS ONLY;
+
+-- ❌ WRONG - No limit! Can timeout or crash on large tables
+SELECT * FROM orders ORDER BY created_at DESC;
+\`\`\`
+
+**Why this matters:**
+
+- Tables can have millions of rows
+- Queries without limits can timeout (30+ seconds)
+- Large result sets crash the browser/app
+- Even "small" tables can grow unexpectedly
+
+### 2. ONE Query Per Block Rule
 
 Each SQL block can execute **ONLY ONE SQL query**.
 
 ❌ **WRONG:**
+
 \`\`\`sql
 UPDATE users SET status = 'active';
 DELETE FROM logs WHERE created < '2023-01-01';
 \`\`\`
 
 ✅ **CORRECT:**
+
 \`\`\`typescript
-new PostgreSQL("update_status", "pg-id", {
-  statement: "UPDATE users SET status = 'active'"
+(new PostgreSQL("update_status", "pg-id", {
+  statement: "UPDATE users SET status = 'active'",
 }),
-new PostgreSQL("clean_logs", "pg-id", {
-  statement: "DELETE FROM logs WHERE created < '2023-01-01'"
-})
+  new PostgreSQL("clean_logs", "pg-id", {
+    statement: "DELETE FROM logs WHERE created < '2023-01-01'",
+  }));
 \`\`\`
 
-### 2. Sort, Don't Filter by Date (Default)
+### 3. Sort, Don't Filter by Date (Default)
 
 Do NOT add automatic date filters unless explicitly requested.
 
 ✅ **Default:** \`SELECT * FROM orders ORDER BY created_at DESC LIMIT 100\`
 ❌ **Avoid:** \`SELECT * FROM orders WHERE created_at >= CURRENT_DATE - INTERVAL '90 days'\`
 
-### 3. Always Add Defensive Row Limits
+### 4. Always Specify Columns When Possible
 
-Always include a row limit (default 100) to prevent runaway queries.
+\`\`\`sql
+-- ✅ PREFERRED - Explicit columns
+SELECT id, name, email, created_at FROM users LIMIT 100
+
+-- ⚠️ AVOID when possible - Select all
+SELECT * FROM users LIMIT 100
+\`\`\`
 
 ## Database Naming Conventions
 
@@ -280,8 +371,8 @@ Databricks uses: \`catalog.schema.table\`
 
 \`\`\`sql
 -- Metadata shows: uber.default.orders
-SELECT * FROM uber.default.orders     -- ✅ Full path
-SELECT * FROM uber.orders            -- ❌ Missing schema part
+SELECT * FROM uber.default.orders LIMIT 100     -- ✅ Full path + LIMIT
+SELECT * FROM uber.orders LIMIT 100            -- ❌ Missing schema part
 \`\`\`
 
 **Note:** The word "default" in Databricks paths is NOT optional - it's the actual schema name.
@@ -292,8 +383,8 @@ Snowflake uses: \`schema.table\`
 
 \`\`\`sql
 -- If table has schema property "MASTERDATA"
-SELECT * FROM MASTERDATA.PRODUCTLINE  -- ✅ Fully qualified
-SELECT * FROM PRODUCTLINE             -- ❌ Will fail if no default schema
+SELECT * FROM MASTERDATA.PRODUCTLINE LIMIT 100  -- ✅ Fully qualified + LIMIT
+SELECT * FROM PRODUCTLINE LIMIT 100             -- ❌ Will fail if no default schema
 \`\`\`
 
 ## Runtime Safety and Defensive Coding
@@ -305,11 +396,12 @@ SELECT * FROM PRODUCTLINE             -- ❌ Will fail if no default schema
 \`\`\`typescript
 // ✅ Defensive transformation
 new JavaScript("normalize_users", {
-  fn: ({ fetch_users }) => (Array.isArray(fetch_users.output) ? fetch_users.output : []).map(u => ({
-    id: u.id,
-    name: (u.name ?? "Unknown").toString()
-  }))
-})
+  fn: ({ fetch_users }) =>
+    (Array.isArray(fetch_users.output) ? fetch_users.output : []).map((u) => ({
+      id: u.id,
+      name: (u.name ?? "Unknown").toString(),
+    })),
+});
 \`\`\`
 
 ## Common API Patterns
@@ -319,8 +411,18 @@ new JavaScript("normalize_users", {
 \`\`\`typescript
 export default new Api("getUsersApi", [
   new PostgreSQL("fetch_users", "postgres-id", {
-    statement: "SELECT * FROM users LIMIT 100"
-  })
+    // ✅ ALWAYS include LIMIT clause to prevent timeouts
+    statement:
+      "SELECT id, name, email FROM users ORDER BY created_at DESC LIMIT 100",
+  }),
+]);
+
+// With dynamic limit from input
+export default new Api("getUsersWithLimitApi", [
+  new PostgreSQL("fetch_users", "postgres-id", {
+    statement: ({ pageSize }: { pageSize?: number }) =>
+      \`SELECT id, name, email FROM users ORDER BY created_at DESC LIMIT \${pageSize || 100}\`,
+  }),
 ]);
 \`\`\`
 
@@ -330,21 +432,34 @@ export default new Api("getUsersApi", [
 export default new Api("createUserApi", [
   new Conditional("validate_inputs", {
     if: {
-      when: ({ FirstNameInput, EmailInput }: { FirstNameInput: string; EmailInput: string }) =>
-        !FirstNameInput || !EmailInput,
+      when: ({
+        FirstNameInput,
+        EmailInput,
+      }: {
+        FirstNameInput: string;
+        EmailInput: string;
+      }) => !FirstNameInput || !EmailInput,
       then: [
-        new Throw("validation_error", { error: "First name and email are required" })
-      ]
-    }
+        new Throw("validation_error", {
+          error: "First name and email are required",
+        }),
+      ],
+    },
   }),
   new JavaScript("create_user", {
-    fn: ({ FirstNameInput, EmailInput }: { FirstNameInput: string; EmailInput: string }) => ({
+    fn: ({
+      FirstNameInput,
+      EmailInput,
+    }: {
+      FirstNameInput: string;
+      EmailInput: string;
+    }) => ({
       id: Math.floor(Math.random() * 1000),
       name: FirstNameInput,
       email: EmailInput,
-      created_at: new Date().toISOString()
-    })
-  })
+      created_at: new Date().toISOString(),
+    }),
+  }),
 ]);
 \`\`\`
 
@@ -355,8 +470,8 @@ export default new Api("processOrdersApi", [
   new JavaScript("get_orders", {
     fn: () => [
       { id: 1, status: "pending", amount: 100 },
-      { id: 2, status: "pending", amount: 200 }
-    ]
+      { id: 2, status: "pending", amount: 200 },
+    ],
   }),
   new Loop("process_each_order", {
     over: ({ get_orders }) => get_orders.output,
@@ -367,11 +482,11 @@ export default new Api("processOrdersApi", [
           ...order.value,
           tax: order.value.amount * 0.1,
           total: order.value.amount * 1.1,
-          position: i.value
-        })
-      })
-    ]
-  })
+          position: i.value,
+        }),
+      }),
+    ],
+  }),
 ]);
 \`\`\`
 
@@ -384,21 +499,22 @@ export default new Api("paginatedFetchApi", [
     { key: "cursor", value: () => null },
     { key: "hasMore", value: () => true },
   ]),
-  
+
   new Loop("fetch_all_pages", {
     type: "TYPE_FOREACH",
-    over: () => [...Array(100).keys()],  // Max iterations safety
+    over: () => [...Array(100).keys()], // Max iterations safety
     variables: { item: "_", index: "i" },
     blocks: [
       new Conditional("check_done", {
         if: {
           when: ({ hasMore }) => !hasMore.value,
-          then: [new Break("exit_loop", { condition: () => true })]
-        }
+          then: [new Break("exit_loop", { condition: () => true })],
+        },
       }),
       new RestApi("fetch_page", "rest-api-id", {
         method: "GET",
-        url: ({ cursor }) => \`https://api.example.com/items\${cursor.value ? \`?cursor=\${cursor.value}\` : ""}\`,
+        url: ({ cursor }) =>
+          \`https://api.example.com/items\${cursor.value ? \`?cursor=\${cursor.value}\` : ""}\`,
       }),
       new JavaScript("accumulate", {
         fn: ({ fetch_page, allResults, cursor, hasMore }) => {
@@ -407,32 +523,34 @@ export default new Api("paginatedFetchApi", [
           cursor.set(response.nextCursor);
           hasMore.set(response.hasMore);
           return allResults.value;
-        }
-      })
-    ]
+        },
+      }),
+    ],
   }),
-  
+
   new JavaScript("return_results", {
-    fn: ({ allResults }) => allResults.value
-  })
+    fn: ({ allResults }) => allResults.value,
+  }),
 ]);
 \`\`\`
 
 ### File Uploads to S3/GCS
 
 **Frontend wraps files in \`{ files: [...] }\` format:**
+
 \`\`\`typescript
 const response = await runUploadApi({ userFiles: { files: selectedFiles } });
 \`\`\`
 
 **Backend API - pass files directly:**
+
 \`\`\`typescript
 export default new Api("uploadFilesApi", [
   new S3("upload_files", "your-s3-integration-id", {
     action: "UPLOAD_MULTIPLE_OBJECTS",
     resource: ({ bucketName }) => bucketName,
-    fileObjects: ({ userFiles }) => userFiles.files  // Direct pass-through
-  })
+    fileObjects: ({ userFiles }) => userFiles.files, // Direct pass-through
+  }),
 ]);
 \`\`\`
 
@@ -443,10 +561,13 @@ new JavaScript("parse_csv", {
   fn: async ({ csvFile }) => {
     const file = csvFile.files[0];
     const content = await file.readContentsAsync();
-    const headers = content.split("\\n")[0].split(",").map(h => h.trim());
+    const headers = content
+      .split("\\n")[0]
+      .split(",")
+      .map((h) => h.trim());
     return { fileName: file.name, headers };
-  }
-})
+  },
+});
 \`\`\`
 
 ## Error Handling Guidelines
@@ -454,10 +575,12 @@ new JavaScript("parse_csv", {
 **IMPORTANT: Do NOT use TryCatch blocks by default.** Only use when truly necessary.
 
 ### ❌ DO NOT use TryCatch for:
+
 - Standard database queries
 - Simple data transformations
 
 ### ✅ DO use TryCatch when:
+
 - User explicitly requests error handling
 - Continuing execution after failure is business-critical
 - Partial failure recovery in loops
@@ -470,6 +593,7 @@ When you encounter errors while building APIs:
 ### Read Error Messages Carefully
 
 Error messages contain specific guidance on how to fix the problem. Pay close attention to:
+
 - What operation failed (compilation, validation, execution)
 - Suggestions for how to resolve the issue
 - Whether metadata is missing
@@ -477,6 +601,7 @@ Error messages contain specific guidance on how to fix the problem. Pay close at
 ### When to Check Integration Metadata
 
 If you encounter errors mentioning:
+
 - "unknown column", "table not found", "invalid field"
 - "check integration metadata"
 - Integration type mismatches
@@ -491,6 +616,7 @@ You MUST call \`grepMetadata\` to get the correct schema/table structure before
 - **TYPE_WHILE**: Repeats while \`condition\` is true. Provides only \`index\` variable.
 
 **Breaking out of loops:**
+
 \`\`\`typescript
 new Loop("process_until_complete", {
   over: ({ items }) => items.output,
@@ -500,18 +626,18 @@ new Loop("process_until_complete", {
       if: {
         when: ({ current }) => current.value.status === "complete",
         then: [
-          new Break("exit_loop", { condition: () => true }) // ✅ Only way to exit
-        ]
-      }
+          new Break("exit_loop", { condition: () => true }), // ✅ Only way to exit
+        ],
+      },
     }),
     new JavaScript("process_item", {
       fn: ({ current, i }) => ({
         processed: current.value,
-        position: i.value
-      })
-    })
-  ]
-})
+        position: i.value,
+      }),
+    }),
+  ],
+});
 \`\`\`
 
 ## Response Interface Guidelines
@@ -521,15 +647,18 @@ The \`responseInterface\` describes what external code gets from \`apiName.respo
 ### Direct Response Types
 
 ✅ **CORRECT**: Direct array response
+
 \`\`\`typescript
 interface GetUsersApiResponse {
   id: number;
   name: string;
   email: string;
-}[]
+}
+[];
 \`\`\`
 
 ✅ **CORRECT**: Direct data structure
+
 \`\`\`typescript
 interface GetOrdersApiResponse {
   orders: Order[];
@@ -538,10 +667,11 @@ interface GetOrdersApiResponse {
 \`\`\`
 
 ❌ **WRONG**: Exposing internal steps
+
 \`\`\`typescript
 interface GetOrdersApiResponse {
-  fetchStep: { output: Order[] };  // ❌ Steps are internal
-  countStep: { output: number };   // ❌ Not visible outside
+  fetchStep: { output: Order[] }; // ❌ Steps are internal
+  countStep: { output: number }; // ❌ Not visible outside
 }
 \`\`\`
 
@@ -556,15 +686,17 @@ When uncertain if an API field will always be present, mark it optional:
 interface GitHubPRResponse {
   id: number;
   title: string;
-  user?: {  // ← Optional, can be null for deleted users
+  user?: {
+    // ← Optional, can be null for deleted users
     login: string;
     avatar_url: string;
   } | null;
-  labels?: Label[];  // ← Optional, might be omitted in response
+  labels?: Label[]; // ← Optional, might be omitted in response
 }
 \`\`\`
 
 Mark fields optional when:
+
 1. **User/account references** - Can be null for deleted/deactivated accounts
 2. **Nested objects** - May be omitted in partial responses
 3. **Third-party APIs** - GitHub, Stripe, etc. often have nullable fields
@@ -582,7 +714,7 @@ type Global = {
     username: string;
     id: string;
     name: string;
-    groups: Group[]
+    groups: Group[];
   };
 };
 \`\`\`
@@ -592,15 +724,20 @@ type Global = {
 \`\`\`typescript
 new JavaScript("check_groups", {
   fn: ({ Global }) => {
-    const isFieldEngUser = Global.groups.some(group => group.name === "FieldEngineer");
+    const isFieldEngUser = Global.groups.some(
+      (group) => group.name === "FieldEngineer",
+    );
     if (isFieldEngUser) {
       // Perform actions for FieldEngineer
     } else {
       // Perform actions for non-FieldEngineer
     }
-    return { isAdmin: Global.groups.some(g => g.name === "Admin"), userId: Global.user.id };
-  }
-})
+    return {
+      isAdmin: Global.groups.some((g) => g.name === "Admin"),
+      userId: Global.user.id,
+    };
+  },
+});
 \`\`\`
 
 **NEVER rely on frontend data for security-critical operations.**
@@ -636,18 +773,19 @@ export default new Api("MyApi", [
 \`\`\`typescript
 // ❌ WRONG - JavaScript in SQL block
 new PostgreSQL("bad", "id", {
-  statement: ({ userId }) => \`SELECT * FROM users WHERE id = \${userId}\`
-})
+  statement: ({ userId }) => \`SELECT * FROM users WHERE id = \${userId}\`,
+});
 
 // ❌ WRONG - SQL in JavaScript block
 new JavaScript("bad", {
-  fn: "SELECT * FROM users"  // This is SQL!
-})
+  fn: "SELECT * FROM users", // This is SQL!
+});
 
 // ✅ CORRECT
 new PostgreSQL("good", "id", {
-  statement: ({ userId }: { userId: string }) => \`SELECT * FROM users WHERE id = '\${userId}'\`
-})
+  statement: ({ userId }: { userId: string }) =>
+    \`SELECT * FROM users WHERE id = '\${userId}' LIMIT 1\`,
+});
 \`\`\`
 
 ### 3. Fake Integration IDs
@@ -663,18 +801,18 @@ new PostgreSQL("query", "fake-postgres-id", { ... })
 // ❌ WRONG - Cannot set state in APIs
 new JavaScript("update", {
   fn: ({ userData }) => {
-    userNameVar.value = userData.name;  // ❌ Cannot do this!
+    userNameVar.value = userData.name; // ❌ Cannot do this!
     return userData;
-  }
-})
+  },
+});
 
 // ✅ CORRECT - Return data, frontend handles state
 new JavaScript("update", {
   fn: ({ userData }) => ({
     ...userData,
-    fullName: \`\${userData.firstName} \${userData.lastName}\`
-  })
-})
+    fullName: \`\${userData.firstName} \${userData.lastName}\`,
+  }),
+});
 \`\`\`
 
 ### 5. Return Blocks Cannot Contain Statements
@@ -682,16 +820,43 @@ new JavaScript("update", {
 \`\`\`typescript
 // ✅ CORRECT - Returns data immediately
 new Return("test_return", {
-  data: (({ records }) => ({ records, totalCount: records.length }))()
-})
+  data: (({ records }) => ({ records, totalCount: records.length }))(),
+});
 
 // ❌ WRONG - Contains statements
 new Return("test_return", {
   data: (({ records }) => {
-    const totalCount = records.length;  // ❌ Statement not allowed
+    const totalCount = records.length; // ❌ Statement not allowed
     return { records, totalCount };
-  })()
-})
+  })(),
+});
+\`\`\`
+
+### 6. Missing LIMIT Clause (Causes Timeouts)
+
+\`\`\`typescript
+// ❌ WRONG - No LIMIT, can timeout or crash
+new PostgreSQL("fetch_all", "pg-id", {
+  statement: "SELECT * FROM orders",
+});
+
+new Snowflake("fetch_data", "sf-id", {
+  statement: "SELECT * FROM SCHEMA.LARGE_TABLE ORDER BY date",
+});
+
+// ✅ CORRECT - Always include LIMIT
+new PostgreSQL("fetch_orders", "pg-id", {
+  statement: "SELECT * FROM orders ORDER BY created_at DESC LIMIT 100",
+});
+
+new Snowflake("fetch_data", "sf-id", {
+  statement: "SELECT * FROM SCHEMA.LARGE_TABLE ORDER BY date LIMIT 100",
+});
+
+// ✅ CORRECT - SQL Server syntax
+new MicrosoftSql("fetch_orders", "mssql-id", {
+  statement: "SELECT TOP 100 * FROM orders ORDER BY created_at DESC",
+});
 \`\`\`
 
 ## When to Load References
@@ -717,5 +882,10 @@ When creating APIs:
 8. ✅ Error handling only where appropriate
 9. ✅ NEVER change API name when editing existing API
 10. ✅ ALWAYS test after building
+11. ✅ **ALL SELECT queries have LIMIT clauses** (default 100) - use dialect-appropriate syntax
+
+## Interpreting testApi tool Results
+
+**CRITICAL**: \\\`success: false\\\` or missing = FAILURE. Never show success toast. Even when \\\`success: true\\\`, verify the output data is valid before confirming success to the user.
 `;
 //# sourceMappingURL=skill.generated.js.map