Agent skill
convex-pro
Senior Backend Architect for Convex.dev (2026). Specialized in reactive database design, type-safe full-stack synchronization, and hardened authorization patterns. Expert in building low-latency, real-time applications using Convex v2+ features like RLS (Row Level Security), HTTP Actions, File Storage, and advanced indexing.
Install this agent skill to your Project
npx add-skill https://github.com/YuniorGlez/gemini-elite-core/tree/main/skills/convex-pro
SKILL.md
⚡ Skill: convex-pro (v1.0.0)
Executive Summary
Senior Backend Architect for Convex.dev (2026). Specialized in reactive database design, type-safe full-stack synchronization, and hardened authorization patterns. Expert in building low-latency, real-time applications using Convex v2+ features like RLS (Row Level Security), HTTP Actions, File Storage, and advanced indexing.
📋 The Conductor's Protocol
- Schema First: Always define the data model in
convex/schema.tsbefore writing functions. - Auth Validation: Every public function MUST validate
ctx.auth.getUserIdentity(). - Indexing: Never use
.filter()on unbounded datasets; define and use.withIndex(). - Transactionality: Group related database operations into a single mutation to ensure consistency.
🛠️ Mandatory Protocols (2026 Standards)
1. Hardened Authorization (Beyond RLS)
While Convex supports RLS, the standard for 2026 is Explicit Authorization at the Function Boundary.
- Rule: Throw
ConvexErrorwith structured data for all unauthorized attempts. - Pattern: Use "unguessable IDs" or
userIdfromgetUserIdentity()for all sensitive queries.
2. Reactive Query Efficiency
- Rule: Queries are reactive by default. Minimize the surface area of returned data to reduce bandwidth.
- Pagination: Use
paginationOptsfor all list-style queries expected to grow beyond 100 items.
3. Mutational Integrity (OCC)
Convex uses Optimistic Concurrency Control.
- Rule: Mutations must be idempotent. Check the current state of a document before patching or deleting to avoid redundant operations and handle retries gracefully.
🚀 Show, Don't Just Tell (Implementation Patterns)
Quick Start: Hardened Mutation with Auth (React 19)
// convex/tasks.ts
import { mutation } from "./_generated/server";
import { v, ConvexError } from "convex/values";
export const createTask = mutation({
args: { title: v.string() },
handler: async (ctx, args) => {
const identity = await ctx.auth.getUserIdentity();
if (!identity) {
throw new ConvexError({ code: "UNAUTHORIZED", message: "Login required" });
}
const taskId = await ctx.db.insert("tasks", {
title: args.title,
userId: identity.subject, // Unique provider ID (e.g. Clerk ID)
completed: false,
});
return taskId;
},
});
Advanced Pattern: Transactional Internal Logic
// convex/users.ts
import { internalMutation } from "./_generated/server";
export const _onboardUser = internalMutation({
args: { userId: v.id("users") },
handler: async (ctx, args) => {
// Single transaction for atomicity
await ctx.db.patch(args.userId, { status: "active" });
await ctx.db.insert("logs", { type: "ONBOARDING_COMPLETE", userId: args.userId });
}
});
🛡️ The Do Not List (Anti-Patterns)
- DO NOT use
npx convex deployunless specifically asked; usenpx convex devfor local development. - DO NOT use
Array.filter()inside a query handler for large datasets. Usectx.db.query(...).withIndex(...). - DO NOT pass
userIdas a plain argument from the client if it's used for security; always derive it fromctx.auth.getUserIdentity(). - DO NOT use
ctx.runQueryorctx.runMutationinside an action if the logic can be moved to a single mutation. It breaks transactionality. - DO NOT ignore return validators. Always specify
returns: v.any()or a strict object schema.
📂 Progressive Disclosure (Deep Dives)
- Auth & RLS Strategies: Integrating Clerk/Auth.js and enforcing access control.
- Advanced Indexing: Search indexes, vector indexes (AI), and performance optimization.
- HTTP Actions & Webhooks: External API integration and Hono on Convex.
- File Storage Mastery: Large file uploads, transformations, and access URLs.
🛠️ Specialized Tools & Scripts
scripts/sync-schema.ts: Automatically generates Zod schemas from your Convex data model.scripts/audit-indexes.py: Scans your functions to find queries without proper indexing.
🎓 Learning Resources
Updated: January 23, 2026 - 16:15
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
filesystem-context
Uso del sistema de archivos como extensión de la ventana de contexto, persistencia de planes, comunicación entre sub-agentes y carga dinámica de habilidades.
git-flow
Senior Workflow Architect. Master of Trunk-Based Development, Stacked Changes, and 2026 Branching Strategies.
track-master
Senior Progress Analyst & Conductor Strategist. Expert in Predictive Project Tracking and Agentic Milestone Management for 2026.
artifact-janitor
Senior Build Cleanup & System Optimization Specialist. Expert in reclaiming disk space and resolving build corruption in 2026 ecosystems.
openapi-pro
Senior API Architect & Integration Engineer for 2026. Specialized in Type-Safe API contracts using OpenAPI 3.1, Zod-First schema derivation, and automated TypeScript client generation. Expert in bridging the gap between Hono backends and Next.js 16 frontends using `openapi-fetch`, `orval`, and unified monorepo type-sharing.
seo-pro
Senior SEO Architect & Content Strategist. Expert in SGE Optimization, E-E-A-T Standards, and Semantic Entity SEO for 2026.
Didn't find tool you were looking for?