convex-audit
Convex Audit
Use this skill for read-first Convex audits that produce a clear remediation plan before implementation.
Workflow
- Read the repo
AGENTS.md. - Run
/home/bjorn/.codex/skill-support/bin/convex-scan inventory --cwd <repo> --out <json>. - Run
/home/bjorn/.codex/skill-support/bin/convex-scan surface --cwd <repo> --out <json>. - Run
/home/bjorn/.codex/skill-support/bin/convex-scan gaps --inventory <json> --out <json>. - Read only the references needed for the active findings:
references/security.mdreferences/schema.mdreferences/runtime-boundaries.mdreferences/migrations.md
- Validate non-trivial recommendations against current docs before finalizing.
- Output a remediation plan with file targets, risk level, and verification steps.
Use When
- The user asks for a Convex audit, security pass, schema review, or backend remediation plan.
- The repo has Convex and the main task is to assess existing architecture or implementation quality.
Do Not Use When
- The task is a new feature specification with multiple design options.
- The task is only a dependency upgrade or docs sync.
Outputs
- A concise audit summary.
- Ranked findings.
- An implementation-ready remediation checklist.
Resources
- Inventory helpers via
/home/bjorn/.codex/skill-support/bin/convex-scan references/security.mdreferences/schema.mdreferences/runtime-boundaries.mdreferences/migrations.md
More from bjornmelin/dev-skills
streamdown
|
13zod-v4
Expert guidance for Zod v4 schema validation in TypeScript. Use when designing schemas, migrating from Zod 3, handling validation errors, generating JSON Schema/OpenAPI, using codecs/transforms, or integrating with React Hook Form, tRPC, Hono, or Next.js. Covers all Zod v4 APIs including top-level string formats, strictObject/looseObject, metadata, registries, branded types, and recursive schemas.
9vitest-dev
World-class Vitest QA/test engineer for TypeScript + Next.js (local + CI performance focused)
8docker-architect
SOTA Docker/Compose architecture, implementation, refactor, and security hardening. Use when working on containerization tasks such as creating or rewriting Dockerfiles, docker-compose files, buildx/bake configs, .dockerignore, and CI pipelines for build/test/scan/publish; auditing existing container setups for security, correctness, size/perf, and best practices (least privilege, non-root, minimal images, pinned base images, BuildKit secrets, healthchecks); debugging Docker build/run issues; or designing dev vs prod compose workflows across services (DB/cache/queues) with correct networking, volumes, secrets, and resource limits.
6notebook-ml-architect
>
5ai-sdk-ui
|
5