convex-review
Installation
SKILL.md
Convex Code Review
Security Checklist
1. Argument AND Return Validators
- All public
query,mutation,actionhaveargsvalidators - All functions have
returnsvalidators - No
v.any()for sensitive data - HTTP actions validate request body (Zod recommended)
Search: query({, mutation({, action({ - check each has args: AND returns:
2. Error Handling
- Uses
ConvexErrorfor user-facing errors (not plainError) - Error codes are structured:
{ code: "NOT_FOUND", message: "..." } - No sensitive info leaked in error messages
Search: throw new Error should be throw new ConvexError