skillsSource-backedReview first Safety ✓ Privacy ✓

Convex Next.js Realtime Apps Skill

Build Convex-backed Next.js App Router applications with typed backend functions, reactive queries, client providers, realtime UI, data imports, and production deployment review.

by oktofeesh1·added 2026-06-04·

Claude CodeCodexWindsurfGeminiCursorCLI

HarnessClaude CodeCodexWindsurfGeminiCursorCLI

Level:advancedType:generalVerified:validated

Review first — review before installing

Open the source and read safety notes before installing.

Safety notes

The download URL is Convex's external JavaScript SDK source archive, not a HeyClaude-packaged skill archive; review source provenance before using it in automated workflows.
`convex dev` logs in, creates or connects a cloud dev deployment, writes deployment URLs, and syncs backend functions; confirm the target account and project first.
Treat `convex import`, migrations, table rewrites, backfills, deletes, and scheduled functions as data-mutating operations that need environment confirmation.
Do not commit Convex deployment secrets, auth provider secrets, API keys for actions, webhook secrets, or copied dashboard values.
Keep client-exposed values such as `NEXT_PUBLIC_CONVEX_URL` separate from server-only secrets used by actions, auth providers, integrations, or external APIs.
Review generated APIs, table indexes, pagination, and query fan-out before shipping realtime screens that could overload clients or expose broad datasets.
When actions call external services or LLM APIs, add timeout, retry, logging, rate-limit, and secret-handling guidance before production use.

Privacy notes

Convex can store user records, app data, realtime query results, auth identifiers, scheduled job state, file metadata, logs, and action inputs or outputs.
Client queries, browser traces, app logs, error trackers, screenshots, and AI prompts can expose document IDs, user IDs, table names, deployment URLs, or sampled records.
Use synthetic seed data for examples, imports, demos, issue reports, screenshots, and AI-assisted troubleshooting.
Review Convex, auth-provider, deployment-provider, analytics, external API, and AI-assistant retention policies before using real customer data.
If Convex actions call LLMs, payment systems, email providers, or webhooks, document what user data leaves Convex and where it is retained.

Prerequisites

Next.js App Router project or migration branch with a known package manager.
Convex account access and permission to create or use the target Convex project and deployment.
`NEXT_PUBLIC_CONVEX_URL` and any Convex deployment environment variables managed through local, preview, staging, and production secret configuration.
Data model plan for Convex tables, indexes, generated API functions, and client query/mutation usage.
Auth integration decision, such as Clerk, Auth0, custom JWT, or unauthenticated prototype.
Realtime UX plan covering loading states, optimistic UI, offline behavior, and conflict handling.

Schema details

Install type: package
Reading time: 8 min
Difficulty score: 76
Troubleshooting: Yes
Breaking changes: No

Source repository stats

Scope: Source repo

Package metadata

Download URL: https://github.com/get-convex/convex-js/archive/refs/heads/main.zip

Skill and platform metadata

Skill type: general
Skill level: advanced
Verification: validated
Verified at: 2026-06-04

Retrieval sources

https://docs.convex.dev/quickstart/nextjshttps://docs.convex.dev/https://www.convex.dev/https://github.com/get-convex/convex-js

Tested platforms

ClaudeCodexWindsurfGeminiCursorGeneric AGENTS

Platform	Support	Install path
claude-code	Native	.claude/skills/<skill-name>/SKILL.md
codex	Native	.agents/skills/<skill-name>/SKILL.md
windsurf	Native	.windsurf/skills/<skill-name>/SKILL.md
gemini	Native	.gemini/skills/<skill-name>/SKILL.md or .agents/skills/<skill-name>/SKILL.md
cursor	Adapter	.cursor/rules/<skill-name>.mdc
cli	Manual	AGENTS.md or tool-specific context file

Full copyable content

# Trigger
"Apply the Convex Next.js realtime apps skill to this project."

# Required output
1) Current Next.js, data model, auth, and realtime inventory
2) Convex package, deployment, provider, schema, query, and mutation plan
3) Client/server boundary and production deployment checklist
4) Safety, privacy, data import, secret, and rollback notes

About this resource

Knowledge Freshness

This skill is based on Convex's official Next.js quickstart, documentation hub, website, and get-convex/convex-js repository reviewed on 2026-06-04. The current Next.js quickstart installs the convex package, runs npx convex dev to create or connect a deployment, writes backend functions in a convex/ folder, wraps App Router UI with ConvexProvider and ConvexReactClient, and reads data from generated APIs with useQuery().

Retrieval Sources

Prefer the live Convex docs and official JavaScript repository over model memory for package names, generated API paths, provider setup, CLI behavior, auth integration, hosting guidance, schema APIs, and production deployment steps.

Scope Note

Use this skill for Convex-backed Next.js App Router applications that need typed backend functions and reactive data. It is not a generic database guide, not a Supabase/Postgres/RLS workflow, and not a replacement for application-specific authorization, data modeling, or production capacity review.

Core Workflow

Inventory the current Next.js version, router mode, package manager, /src usage, client components, server components, route handlers, auth provider, realtime screens, and current data layer.
Confirm whether this is a new Convex project, an existing Convex deployment, or a migration from another backend, and record the target local, preview, staging, and production environments.
Add convex with the project package manager and document how the team will run or replace the interactive npx convex dev flow in local development.
Create or review the convex/ directory, generated API files, backend function naming, schema definitions, validators, indexes, queries, mutations, and actions.
Wire the App Router provider with a client component that creates ConvexReactClient from NEXT_PUBLIC_CONVEX_URL and wraps the app in ConvexProvider.
Keep client components that call useQuery() or mutations explicit, and keep server-only logic out of client bundles.
Model read patterns first. Add indexes, pagination, and narrow query arguments before building realtime lists, dashboards, notifications, or collaborative UI.
Add mutations with validation, ownership checks, idempotency where needed, and clear optimistic UI or reconciliation behavior.
If importing seed or migrated data, verify the target deployment, table, sample data shape, and rollback plan before running convex import.
Integrate auth deliberately. Map provider identity to Convex user records, enforce authorization in backend functions, and test unauthenticated and wrong-tenant access.
Review actions, scheduled jobs, external APIs, file storage, webhooks, and LLM calls for secrets, retries, rate limits, timeouts, and observability.
Produce a deployment checklist covering environment URLs, generated files, codegen, auth config, data import state, realtime smoke tests, and rollback.

Required Inputs

Next.js version, router mode, package manager, and whether the app uses a /src directory.
Current data layer, table/document model, realtime requirements, and migration constraints.
Convex project, team, deployment, dashboard access, and environment names.
Auth provider and authorization model, including tenants, organizations, roles, user ownership, anonymous access, and public data.
List of client components, server components, API routes, background jobs, webhooks, scheduled jobs, and external integrations that will touch Convex.
Seed data, import files, backfills, or migration scripts that may mutate a Convex deployment.
Deployment provider, preview environment policy, generated-file policy, and rollback plan.

Production Rules

Treat convex dev, convex deploy, imports, backfills, scheduled jobs, and data deletes as environment-specific operations. Confirm the target deployment before running them.
Do not rely on client-side filtering for authorization. Enforce access rules in Convex queries, mutations, actions, or shared backend helpers.
Keep public environment variables and server-only secrets separate. Only client-safe deployment URLs belong in NEXT_PUBLIC_* configuration.
Use validators and narrow function arguments for every public query and mutation. Avoid broad "return all documents" queries in production screens.
Add indexes and pagination before large realtime lists, activity feeds, notifications, search screens, or multi-tenant dashboards.
Use synthetic data for examples and AI prompts. Do not paste real Convex table exports, logs, dashboard screenshots, auth tokens, or user documents into chat, issues, or PRs.
Record how generated Convex API files are created and validated so agents do not hand-edit generated output.
For actions that call LLMs, payment processors, email services, or webhooks, document outbound data, timeout behavior, retries, and failure handling.

Compatibility

Native

Claude Code / Claude: use as a reusable Agent Skill for Convex app planning, realtime UI implementation, migration review, and production readiness checks.
Codex/OpenAI workflows: use as SKILL.md-style instructions when editing Next.js apps that use Convex.

Manual Adaptation

Cursor, Windsurf, Gemini, and Generic AGENTS files: adapt the trigger, workflow, safety notes, privacy notes, and output contract into repository rules for Convex work.

Output Contract

Source evidence: Convex docs, website, and repository URLs reviewed, with date.
App inventory: Next.js router, current data layer, auth provider, realtime surfaces, backend functions, imports, and deployment environments.
Implementation plan: package install, Convex dev/deploy flow, provider setup, generated APIs, schema, queries, mutations, actions, indexes, auth checks, and client/server boundaries.
Safety and privacy review: deployment targeting, secrets, data imports, generated files, broad queries, logs, prompts, external APIs, and real-user data handling.
Validation checklist: local Convex dev connection, generated API refresh, unauthenticated access, wrong-tenant access, realtime update, mutation, data import dry run, preview deploy, production smoke test, and rollback.

Duplicate And Source Review

Current HeyClaude content includes a Supabase realtime database skill, but that entry is Postgres/RLS/Supabase-specific. There is no dedicated Convex, convex-js, ConvexReactClient, ConvexProvider, or docs.convex.dev content entry. This skill is specifically scoped to Convex's official Next.js App Router workflow and source-backed by current Convex docs, website, and the official JavaScript SDK repository.

Troubleshooting

Issue: The app cannot connect to Convex from the browser

Fix: Confirm NEXT_PUBLIC_CONVEX_URL is present for the current environment and that ConvexReactClient is created only in a client component.

Issue: Generated API imports fail

Fix: Re-run the documented Convex codegen/dev flow, confirm the convex/ function file exports are valid, and avoid hand-editing generated API files.

Issue: Realtime UI renders too much data or exposes another tenant's data

Fix: Move filtering and authorization into the Convex backend function, add indexes and pagination, and test wrong-user or wrong-organization access by calling the generated API directly.

Issue: A data import writes to the wrong deployment

Fix: Stop additional imports, identify the target deployment and table, take a snapshot of current state if available, and use the rollback or cleanup plan before retrying against the intended environment.

Issue: An action works locally but fails in production

Fix: Check production environment variables, external API secrets, action timeouts, rate limits, retry behavior, and logs. Do not expose service tokens to client components while debugging.

#convex#nextjs#realtime#app-router#database

Source citations

Signals

Loading live community signals…