convex-review
Convex Code Review
Security Checklist
1. Argument AND Return Validators
- All public
query,mutation,actionhaveargsvalidators - All functions have
returnsvalidators - No
v.any()for sensitive data - HTTP actions validate request body (Zod recommended)
Search: query({, mutation({, action({ - check each has args: AND returns:
2. Error Handling
- Uses
ConvexErrorfor user-facing errors (not plainError) - Error codes are structured:
{ code: "NOT_FOUND", message: "..." } - No sensitive info leaked in error messages
Search: throw new Error should be throw new ConvexError
More from aaronvanston/skills-convex
convex-security
Security best practices for Convex functions including ConvexError handling, argument/return validation, authentication helpers, access control, rate limiting, and internal functions. Use when writing public queries/mutations/actions, implementing authentication, adding authorization checks, handling errors, or reviewing Convex functions for security.
7convex-cron
Scheduled functions and cron jobs in Convex. Use when setting up recurring tasks, cleanup jobs, data syncing, scheduled notifications, or any background automation that runs on a schedule.
6convex-actions
Best practices for Convex actions, transactions, and scheduling. Use when writing actions that call external APIs, using ctx.runQuery/ctx.runMutation, scheduling functions with ctx.scheduler, or working with the Convex runtime vs Node.js runtime ("use node").
6convex-patterns
Code organization patterns and TypeScript best practices for Convex. Use when structuring a Convex project, writing helper functions, defining schemas, working with types like QueryCtx/MutationCtx/ActionCtx, or organizing code in a convex/model directory.
6convex-agents
Building AI agents and assistants with Convex. Use when implementing chat interfaces, AI assistants, tool-calling agents, RAG (retrieval-augmented generation), conversation threads, or integrating LLMs like OpenAI/Anthropic.
6convex-realtime
Realtime subscriptions and optimistic updates in Convex. Use when implementing live data updates, optimistic UI, pagination with realtime, presence indicators, typing indicators, or any feature requiring instant data synchronization.
6