Stats
Actions
Tags
Connect to FoodHealth's NDO Postgres (DigitalOcean managed) and HeroDB (GCP Cloud SQL via cloud-sql-proxy). Handles proxy lifecycle, credential lookup from Dagster Cloud secrets, and the right `psql` invocation for each env. Use when the user asks to query NDO or HeroDB, run audit/forensic SQL, verify data after a Dagster or Databricks run, or set up a local DB connection for the first time. Trigger phrases include "query NDO", "query HeroDB", "connect to herodb", "run this SQL on prod", "check the for_ingestion table", "check gtin_matrix".
How this skill is triggered — by the user, by Claude, or both
Slash command
/foodhealthco-db-connect:db-connectThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Reach FoodHealth's production data stores from a local machine in a consistent, repeatable way.
Reach FoodHealth's production data stores from a local machine in a consistent, repeatable way.
Two databases, two patterns:
psql works.cloud-sql-proxy because public IP isn't allowlisted from a laptop.| Env | Host | Port | DB | User | Password source |
|---|---|---|---|---|---|
| prod | ndo-production-database-do-user-12255452-0.e.db.ondigitalocean.com | 25060 | defaultdb | doadmin | Dagster Cloud secret NDO_PROD_DB_PASSWORD (or bitewell-databricks cluster env DB_CONNECTION_STRING) |
| dev | ndo-db-development-do-user-12255452-0.d.db.ondigitalocean.com | 25060 | defaultdb | doadmin | Dagster Cloud secret NDO_DEV_DB_PASSWORD |
sslmode=require is mandatory.
| Env | Project | Region | Instance | Connection name |
|---|---|---|---|---|
| dev | foodhealth-platform-dev | us-central1 | hero-db-dev | foodhealth-platform-dev:us-central1:hero-db-dev |
| staging | foodhealth-platform-staging | us-central1 | foodhealth-postgres-staging | foodhealth-platform-staging:us-central1:foodhealth-postgres-staging |
| prod | foodhealth-platform-prod | us-central1 | hero-db-prod | foodhealth-platform-prod:us-central1:hero-db-prod (public IP 34.70.167.23; confirmed against Dagster Cloud prod deployment secrets, 2026-05-07) |
DB: herodb. User: dagster. Local proxy port: pick a free port (default 15432). Password: Dagster Cloud secret HERODB_DB_PASSWORD.
If the local password file doesn't exist, fetch it via the Dagster Cloud GraphQL API:
SECRET_NAME='HERODB_DB_PASSWORD' # or NDO_PROD_DB_PASSWORD, NDO_DEV_DB_PASSWORD, etc.
OUTFILE="$HOME/.$(echo "$SECRET_NAME" | tr '[:upper:]' '[:lower:]')"
curl -sS -X POST 'https://food-health-company.dagster.cloud/prod/graphql' \
-H "Dagster-Cloud-Api-Token: $(cat ~/.dagster_cloud_token)" \
-H 'Content-Type: application/json' \
-d '{"query":"{ secretsOrError { __typename ... on Secrets { secrets { secretName secretValue } } } }"}' \
| SECRET_NAME="$SECRET_NAME" python3 -c "
import json, os, sys
d = json.load(sys.stdin)
target = os.environ['SECRET_NAME']
for s in d.get('data', {}).get('secretsOrError', {}).get('secrets', []) or []:
if s.get('secretName') == target:
sys.stdout.write(s.get('secretValue') or '')
sys.exit(0)
sys.exit(f'secret {target} not found')
" > "$OUTFILE"
chmod 600 "$OUTFILE"
echo "wrote $OUTFILE"
The Dagster Cloud
proddeployment endpoint (/prod/graphql) is the deployment name, not necessarily the production-data DB. Read the secret values and verify host before drawing conclusions about which env you're on.
PGPASSWORD=$(cat ~/.ndo_prod_db_password) psql \
"host=ndo-production-database-do-user-12255452-0.e.db.ondigitalocean.com port=25060 user=doadmin dbname=defaultdb sslmode=require" \
-c "<sql>"
# 1. Start the proxy. In Claude Code, ALWAYS start with run_in_background: true so
# the proxy survives across tool calls — a `&`-backgrounded proxy dies when the
# spawning bash invocation finishes.
cloud-sql-proxy "<connection-name>" --port 15432 &
sleep 3 # let it bind
# 2. Run queries
PGPASSWORD=$(cat ~/.herodb_db_password) psql \
"host=127.0.0.1 port=15432 user=dagster dbname=herodb" \
-c "<sql>"
# 3. Stop the proxy when done
lsof -ti:15432 | xargs kill
SELECT current_database(), current_user, inet_server_addr();
For HeroDB, double-check via row counts on a known table:
SELECT COUNT(*) FROM gtin_matrix; -- if much smaller than expected, you're probably on dev
SELECT COUNT(*) FROM nutrient_profiles;
chmod 600. Verify with ls -la ~/.<file>.PGPASSWORD=$(cat ~/.<file>) so the secret stays out of ps.cloud-sql-proxy.gcloud sql instances list returns 0 items. Cloud SQL Admin API isn't enabled in that GCP project, or your account lacks roles/cloudsql.viewer. Try --project=foodhealth-platform-dev if the current default doesn't have HeroDB.run_in_background: true. A simple & only lives as long as the parent shell.prod, and its HERODB_DB_HOST secret points to 34.70.167.23 (the hero-db-prod Cloud SQL instance). If you're querying for production data, double-check via inet_server_addr() or row counts before drawing conclusions.~/.herodb_db_password exists and is chmod 600. If not, fetch from Dagster Cloud (above).cloud-sql-proxy <connection-name> --port 15432 with run_in_background: true.lsof -ti:15432 | xargs kill.When you discover a missing connection name, a new env, or a confirmed-prod instance, edit this SKILL.md directly and PR. The connection-inventory table is the most-referenced section — keep it accurate.
Searches MemPalace before answering questions about past work, people, projects, or prior decisions. Returns verbatim stored content instead of guessing from model memory.
Guides Payload CMS config (payload.config.ts), collections, fields, hooks, access control, APIs. Debugs validation errors, security, relationships, queries, transactions, hook behavior.
Implements vector databases with Pinecone, Weaviate, Qdrant, Milvus, pgvector for semantic search, RAG, recommendations, and similarity systems. Optimizes embeddings, indexing, and hybrid search.
npx claudepluginhub bitewell/foodhealthco-claude-code-plugins --plugin foodhealthco-db-connect