@homenshum/convex-mcp-nodebench 0.4.1 → 0.8.0

package/dist/tools/toolRegistry.js

@@ -261,6 +261,230 @@ export const REGISTRY = [
         phase: "meta",
         complexity: "low",
     },
+    // ── Authorization Tools ──────────────────
+    {
+        name: "convex_audit_authorization",
+        category: "function",
+        tags: ["auth", "authorization", "security", "getUserIdentity", "public", "mutation", "permission"],
+        quickRef: {
+            nextAction: "Fix critical auth issues: add getUserIdentity() checks to public mutations that write data",
+            nextTools: ["convex_audit_functions", "convex_audit_actions"],
+            methodology: "convex_function_compliance",
+            relatedGotchas: ["internal_for_private"],
+            confidence: "high",
+        },
+        phase: "audit",
+        complexity: "high",
+    },
+    // ── Query Efficiency Tools ────────────────
+    {
+        name: "convex_audit_query_efficiency",
+        category: "schema",
+        tags: ["query", "performance", "collect", "filter", "index", "pagination", "efficiency", "table-scan"],
+        quickRef: {
+            nextAction: "Add .take() limits to unbounded .collect() calls and indexes for .filter() patterns",
+            nextTools: ["convex_suggest_indexes", "convex_audit_pagination"],
+            methodology: "convex_index_optimization",
+            relatedGotchas: ["index_field_order"],
+            confidence: "high",
+        },
+        phase: "audit",
+        complexity: "medium",
+    },
+    // ── Action Audit Tools ────────────────────
+    {
+        name: "convex_audit_actions",
+        category: "function",
+        tags: ["action", "ctx.db", "use-node", "fetch", "error-handling", "external-api", "runtime"],
+        quickRef: {
+            nextAction: "Fix critical action issues: remove ctx.db access, add 'use node' directives, wrap external calls in try/catch",
+            nextTools: ["convex_audit_functions", "convex_audit_transaction_safety"],
+            methodology: "convex_function_compliance",
+            relatedGotchas: ["action_from_action"],
+            confidence: "high",
+        },
+        phase: "audit",
+        complexity: "medium",
+    },
+    // ── Type Safety Tools ─────────────────────
+    {
+        name: "convex_check_type_safety",
+        category: "function",
+        tags: ["type", "safety", "as-any", "undefined", "null", "id", "generated", "typescript"],
+        quickRef: {
+            nextAction: "Replace `as any` casts with proper types and use v.id() instead of v.string() for ID fields",
+            nextTools: ["convex_check_validator_coverage", "convex_audit_functions"],
+            methodology: "convex_function_compliance",
+            relatedGotchas: [],
+            confidence: "high",
+        },
+        phase: "audit",
+        complexity: "medium",
+    },
+    // ── Transaction Safety Tools ──────────────
+    {
+        name: "convex_audit_transaction_safety",
+        category: "function",
+        tags: ["transaction", "atomicity", "race-condition", "TOCTOU", "runMutation", "consistency"],
+        quickRef: {
+            nextAction: "Combine multiple runMutation calls into single atomic mutation to avoid partial failures",
+            nextTools: ["convex_audit_actions", "convex_audit_functions"],
+            methodology: "convex_function_compliance",
+            relatedGotchas: [],
+            confidence: "medium",
+        },
+        phase: "audit",
+        complexity: "high",
+    },
+    // ── Storage Audit Tools ───────────────────
+    {
+        name: "convex_audit_storage_usage",
+        category: "function",
+        tags: ["storage", "file", "upload", "blob", "getUrl", "orphan", "null-check"],
+        quickRef: {
+            nextAction: "Add null checks for storage.get()/getUrl() and implement file cleanup on record deletion",
+            nextTools: ["convex_audit_functions", "convex_check_type_safety"],
+            methodology: "convex_function_compliance",
+            relatedGotchas: [],
+            confidence: "high",
+        },
+        phase: "audit",
+        complexity: "low",
+    },
+    // ── Pagination Tools ──────────────────────
+    {
+        name: "convex_audit_pagination",
+        category: "schema",
+        tags: ["pagination", "paginate", "cursor", "numItems", "paginationOptsValidator", "limit"],
+        quickRef: {
+            nextAction: "Add paginationOptsValidator to paginated queries and bound numItems",
+            nextTools: ["convex_audit_query_efficiency", "convex_suggest_indexes"],
+            methodology: "convex_index_optimization",
+            relatedGotchas: [],
+            confidence: "high",
+        },
+        phase: "audit",
+        complexity: "low",
+    },
+    // ── Data Modeling Tools ───────────────────
+    {
+        name: "convex_audit_data_modeling",
+        category: "schema",
+        tags: ["modeling", "schema", "nesting", "array", "v.id", "referential-integrity", "normalization"],
+        quickRef: {
+            nextAction: "Fix dangling v.id() references and consider normalizing deeply nested tables",
+            nextTools: ["convex_audit_schema", "convex_suggest_indexes"],
+            methodology: "convex_schema_audit",
+            relatedGotchas: ["system_fields_auto"],
+            confidence: "medium",
+        },
+        phase: "audit",
+        complexity: "medium",
+    },
+    // ── Dev Setup Tools ───────────────────────
+    {
+        name: "convex_audit_dev_setup",
+        category: "deployment",
+        tags: ["setup", "gitignore", "env", "tsconfig", "initialize", "onboarding", "convex-json"],
+        quickRef: {
+            nextAction: "Fix setup issues: update .gitignore, create .env.example, run npx convex dev",
+            nextTools: ["convex_bootstrap_project", "convex_pre_deploy_gate"],
+            methodology: "convex_deploy_verification",
+            relatedGotchas: [],
+            confidence: "high",
+        },
+        phase: "deploy",
+        complexity: "low",
+    },
+    // ── Migration Tools ───────────────────────
+    {
+        name: "convex_schema_migration_plan",
+        category: "schema",
+        tags: ["migration", "diff", "snapshot", "deploy", "risk", "breaking-change", "backup"],
+        quickRef: {
+            nextAction: "Review migration steps and back up data before deploying if risk is high",
+            nextTools: ["convex_snapshot_schema", "convex_pre_deploy_gate"],
+            methodology: "convex_deploy_verification",
+            relatedGotchas: [],
+            confidence: "high",
+        },
+        phase: "deploy",
+        complexity: "medium",
+    },
+    // ── Reporting Tools ─────────────────────
+    {
+        name: "convex_export_sarif",
+        category: "integration",
+        tags: ["sarif", "export", "report", "github", "code-scanning", "ci", "static-analysis"],
+        quickRef: {
+            nextAction: "Upload the SARIF file to GitHub Code Scanning or open in VS Code SARIF Viewer",
+            nextTools: ["convex_audit_diff", "convex_quality_gate"],
+            methodology: "convex_deploy_verification",
+            relatedGotchas: [],
+            confidence: "high",
+        },
+        phase: "deploy",
+        complexity: "low",
+    },
+    {
+        name: "convex_audit_diff",
+        category: "deployment",
+        tags: ["diff", "baseline", "trend", "new-issues", "fixed", "improving", "degrading", "comparison"],
+        quickRef: {
+            nextAction: "Focus on fixing new issues first, then tackle existing ones",
+            nextTools: ["convex_export_sarif", "convex_quality_gate"],
+            methodology: "convex_deploy_verification",
+            relatedGotchas: [],
+            confidence: "high",
+        },
+        phase: "deploy",
+        complexity: "medium",
+    },
+    // ── Vector Search Tools ─────────────────
+    {
+        name: "convex_audit_vector_search",
+        category: "schema",
+        tags: ["vector", "search", "embedding", "dimension", "similarity", "vectorIndex", "float64", "AI", "RAG"],
+        quickRef: {
+            nextAction: "Fix dimension mismatches and add filterFields to vector indexes for better performance",
+            nextTools: ["convex_audit_schema", "convex_suggest_indexes"],
+            methodology: "convex_schema_audit",
+            relatedGotchas: [],
+            confidence: "high",
+        },
+        phase: "audit",
+        complexity: "medium",
+    },
+    // ── Scheduler Tools ─────────────────────
+    {
+        name: "convex_audit_schedulers",
+        category: "function",
+        tags: ["scheduler", "runAfter", "runAt", "schedule", "cron", "infinite-loop", "backoff", "retry", "delayed"],
+        quickRef: {
+            nextAction: "Fix self-scheduling loops (add termination conditions) and implement exponential backoff",
+            nextTools: ["convex_check_crons", "convex_audit_actions"],
+            methodology: "convex_function_compliance",
+            relatedGotchas: [],
+            confidence: "high",
+        },
+        phase: "audit",
+        complexity: "medium",
+    },
+    // ── Quality Gate Tools ──────────────────
+    {
+        name: "convex_quality_gate",
+        category: "deployment",
+        tags: ["quality", "gate", "score", "grade", "threshold", "sonarqube", "metrics", "pass-fail", "A-F"],
+        quickRef: {
+            nextAction: "Fix blockers to raise your grade, then run again to verify improvement",
+            nextTools: ["convex_audit_diff", "convex_export_sarif", "convex_pre_deploy_gate"],
+            methodology: "convex_deploy_verification",
+            relatedGotchas: [],
+            confidence: "high",
+        },
+        phase: "deploy",
+        complexity: "high",
+    },
 ];
 export function getQuickRef(toolName) {
     const entry = REGISTRY.find((e) => e.name === toolName);
@@ -338,6 +562,10 @@ export function findTools(query) {
 /**
  * Async wrapper around findTools that fuses BM25 results with embedding RRF
  * when a neural embedding provider is available. Falls back to plain findTools otherwise.
+ *
+ * Uses Agent-as-a-Graph bipartite RRF (arxiv:2511.18194):
+ * - Tool nodes get direct wRRF with α_T = 1.0
+ * - Domain nodes get stronger wRRF with α_D = 1.5 (paper-optimal, lifts sibling tools in that category)
  */
 export async function findToolsWithEmbedding(query) {
     const bm25Results = findTools(query);
@@ -346,22 +574,57 @@ export async function findToolsWithEmbedding(query) {
     const queryVec = await embedQuery(query);
     if (!queryVec)
         return bm25Results;
-    const vecResults = embeddingSearch(queryVec, 16);
-    const vecRanks = new Map();
-    vecResults.forEach((r, i) => vecRanks.set(r.name, i + 1));
-    // RRF fusion: combine BM25 rank with embedding rank
+    const vecResults = embeddingSearch(queryVec, 30);
+    // Split embedding results by node type
+    const toolRanks = new Map();
+    const domainRanks = new Map();
+    let toolIdx = 0, domainIdx = 0;
+    for (const r of vecResults) {
+        if (r.nodeType === "domain") {
+            domainIdx++;
+            domainRanks.set(r.name.replace("domain:", ""), domainIdx);
+        }
+        else {
+            toolIdx++;
+            toolRanks.set(r.name, toolIdx);
+        }
+    }
+    // Type-specific wRRF: α_T for direct tool matches, α_D for domain matches
+    // Paper-optimal (arxiv:2511.18194): α_A=1.5, α_T=1.0, K=60
+    // Validated via 6-config ablation grid in mcp-local tools.test.ts
+    const ALPHA_T = 1.0; // tool weight
+    const ALPHA_D = 1.5; // domain weight (paper-optimal — upward traversal boost)
+    const K = 60; // RRF k parameter (paper-optimal)
+    // RRF fusion: combine BM25 rank with type-specific embedding ranks
     const fusedScores = new Map();
     bm25Results.forEach((entry, i) => {
-        const bm25Rrf = 1000 / (20 + i + 1);
-        const embRank = vecRanks.get(entry.name);
-        const embRrf = embRank ? 1000 / (20 + embRank) : 0;
-        fusedScores.set(entry.name, bm25Rrf + embRrf);
+        const bm25Rrf = 1000 / (K + i + 1);
+        // Direct tool embedding match
+        const tRank = toolRanks.get(entry.name);
+        const toolRrf = tRank ? ALPHA_T * 1000 / (K + tRank) : 0;
+        // Domain-level embedding match (upward traversal: tool → category → domain node)
+        const dRank = domainRanks.get(entry.category);
+        const domainRrf = dRank ? ALPHA_D * 1000 / (K + dRank) : 0;
+        fusedScores.set(entry.name, bm25Rrf + toolRrf + domainRrf);
     });
     // Also include embedding-only hits not in BM25 results
-    for (const [name, rank] of vecRanks) {
+    for (const [name, rank] of toolRanks) {
         if (!fusedScores.has(name)) {
-            const embRrf = 1000 / (20 + rank);
-            fusedScores.set(name, embRrf);
+            const toolRrf = ALPHA_T * 1000 / (K + rank);
+            // Look up domain boost for this tool
+            const entry = REGISTRY.find((e) => e.name === name);
+            const dRank = entry ? domainRanks.get(entry.category) : undefined;
+            const domainRrf = dRank ? ALPHA_D * 1000 / (K + dRank) : 0;
+            fusedScores.set(name, toolRrf + domainRrf);
+        }
+    }
+    // Domain-only hits: boost all tools in a matched domain even without direct tool hit
+    for (const [category, dRank] of domainRanks) {
+        const domainRrf = ALPHA_D * 1000 / (K + dRank);
+        for (const entry of REGISTRY) {
+            if (entry.category === category && !fusedScores.has(entry.name)) {
+                fusedScores.set(entry.name, domainRrf);
+            }
         }
     }
     // Re-sort by fused score

package/dist/tools/transactionSafetyTools.d.ts

@@ -0,0 +1,2 @@
+import type { McpTool } from "../types.js";
+export declare const transactionSafetyTools: McpTool[];

package/dist/tools/transactionSafetyTools.js

@@ -0,0 +1,166 @@
+import { readFileSync, existsSync, readdirSync } from "node:fs";
+import { join, resolve } from "node:path";
+import { getDb, genId } from "../db.js";
+import { getQuickRef } from "./toolRegistry.js";
+// ── Helpers ──────────────────────────────────────────────────────────
+function findConvexDir(projectDir) {
+    const candidates = [join(projectDir, "convex"), join(projectDir, "src", "convex")];
+    for (const c of candidates) {
+        if (existsSync(c))
+            return c;
+    }
+    return null;
+}
+function collectTsFiles(dir) {
+    const results = [];
+    if (!existsSync(dir))
+        return results;
+    const entries = readdirSync(dir, { withFileTypes: true });
+    for (const entry of entries) {
+        const full = join(dir, entry.name);
+        if (entry.isDirectory() && entry.name !== "node_modules" && entry.name !== "_generated") {
+            results.push(...collectTsFiles(full));
+        }
+        else if (entry.isFile() && entry.name.endsWith(".ts")) {
+            results.push(full);
+        }
+    }
+    return results;
+}
+function auditTransactionSafety(convexDir) {
+    const files = collectTsFiles(convexDir);
+    const issues = [];
+    let totalMutations = 0;
+    let readModifyWrite = 0;
+    let multipleRunMutation = 0;
+    let checkThenAct = 0;
+    for (const filePath of files) {
+        const content = readFileSync(filePath, "utf-8");
+        const relativePath = filePath.replace(convexDir, "").replace(/^[\\/]/, "");
+        const lines = content.split("\n");
+        // Find action/mutation bodies
+        const funcPattern = /export\s+(?:const\s+(\w+)\s*=|default)\s+(action|internalAction|mutation|internalMutation)\s*\(/g;
+        let m;
+        while ((m = funcPattern.exec(content)) !== null) {
+            const funcName = m[1] || "default";
+            const funcType = m[2];
+            if (funcType === "mutation" || funcType === "internalMutation")
+                totalMutations++;
+            const startLine = content.slice(0, m.index).split("\n").length - 1;
+            // Extract body
+            let depth = 0;
+            let foundOpen = false;
+            let endLine = Math.min(startLine + 100, lines.length);
+            for (let j = startLine; j < lines.length; j++) {
+                for (const ch of lines[j]) {
+                    if (ch === "{") {
+                        depth++;
+                        foundOpen = true;
+                    }
+                    if (ch === "}")
+                        depth--;
+                }
+                if (foundOpen && depth <= 0) {
+                    endLine = j + 1;
+                    break;
+                }
+            }
+            const body = lines.slice(startLine, endLine).join("\n");
+            // Check 1: Multiple ctx.runMutation calls in an action (separate transactions)
+            if (funcType === "action" || funcType === "internalAction") {
+                const runMutationMatches = body.match(/ctx\.runMutation\s*\(/g);
+                if (runMutationMatches && runMutationMatches.length >= 2) {
+                    multipleRunMutation++;
+                    issues.push({
+                        severity: "warning",
+                        location: `${relativePath}:${startLine + 1}`,
+                        functionName: funcName,
+                        message: `${funcType} "${funcName}" calls ctx.runMutation ${runMutationMatches.length} times. Each is a separate transaction — if the second fails, the first is NOT rolled back.`,
+                        fix: "Combine into a single mutation that does both operations atomically, or add idempotency handling",
+                    });
+                }
+            }
+            // Check 2: Read-modify-write in action (TOCTOU race)
+            if (funcType === "action" || funcType === "internalAction") {
+                const hasRunQuery = /ctx\.runQuery\s*\(/.test(body);
+                const hasRunMutation = /ctx\.runMutation\s*\(/.test(body);
+                if (hasRunQuery && hasRunMutation) {
+                    // Potential read-then-write pattern — check if they reference similar data
+                    readModifyWrite++;
+                    issues.push({
+                        severity: "warning",
+                        location: `${relativePath}:${startLine + 1}`,
+                        functionName: funcName,
+                        message: `${funcType} "${funcName}" reads via runQuery then writes via runMutation. Between these calls, another client may have changed the data (TOCTOU race).`,
+                        fix: "Move the read-modify-write into a single mutation for atomicity, or add optimistic concurrency checks",
+                    });
+                }
+            }
+            // Check 3: Check-then-act in mutations (get → check → modify)
+            if (funcType === "mutation" || funcType === "internalMutation") {
+                // Pattern: const x = await ctx.db.get(...); if (!x) throw; ctx.db.patch(x._id, ...)
+                const hasGet = /ctx\.db\.get\s*\(/.test(body);
+                const hasPatch = /ctx\.db\.(patch|replace|delete)\s*\(/.test(body);
+                const hasConditional = /if\s*\(\s*!?\w+/.test(body);
+                if (hasGet && hasPatch && hasConditional) {
+                    // This is actually safe in Convex mutations (they're serializable), but flag for review
+                    // Only flag if there are multiple get/patch patterns suggesting complexity
+                    const getCount = (body.match(/ctx\.db\.get\s*\(/g) || []).length;
+                    const patchCount = (body.match(/ctx\.db\.(patch|replace|delete)\s*\(/g) || []).length;
+                    if (getCount >= 2 && patchCount >= 2) {
+                        checkThenAct++;
+                        issues.push({
+                            severity: "info",
+                            location: `${relativePath}:${startLine + 1}`,
+                            functionName: funcName,
+                            message: `${funcType} "${funcName}" has complex read-check-modify pattern (${getCount} reads, ${patchCount} writes). Convex mutations are serializable so this is safe, but consider simplifying.`,
+                            fix: "Consider breaking into smaller, focused mutations if the logic is complex",
+                        });
+                    }
+                }
+            }
+        }
+    }
+    return {
+        issues,
+        stats: { totalMutations, readModifyWrite, multipleRunMutation, checkThenAct },
+    };
+}
+// ── Tool Definition ─────────────────────────────────────────────────
+export const transactionSafetyTools = [
+    {
+        name: "convex_audit_transaction_safety",
+        description: "Audit Convex functions for transaction safety: multiple ctx.runMutation calls in actions (separate transactions — partial failure risk), read-then-write patterns across query/mutation boundaries (TOCTOU races), and complex check-then-act mutations.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                projectDir: {
+                    type: "string",
+                    description: "Absolute path to the project root containing a convex/ directory",
+                },
+            },
+            required: ["projectDir"],
+        },
+        handler: async (args) => {
+            const projectDir = resolve(args.projectDir);
+            const convexDir = findConvexDir(projectDir);
+            if (!convexDir) {
+                return { error: "No convex/ directory found" };
+            }
+            const { issues, stats } = auditTransactionSafety(convexDir);
+            const db = getDb();
+            db.prepare("INSERT INTO audit_results (id, project_dir, audit_type, issues_json, issue_count) VALUES (?, ?, ?, ?, ?)").run(genId("audit"), projectDir, "transaction_safety", JSON.stringify(issues), issues.length);
+            return {
+                summary: {
+                    ...stats,
+                    totalIssues: issues.length,
+                    critical: issues.filter((i) => i.severity === "critical").length,
+                    warnings: issues.filter((i) => i.severity === "warning").length,
+                },
+                issues: issues.slice(0, 30),
+                quickRef: getQuickRef("convex_audit_transaction_safety"),
+            };
+        },
+    },
+];
+//# sourceMappingURL=transactionSafetyTools.js.map

package/dist/tools/typeSafetyTools.d.ts

@@ -0,0 +1,2 @@
+import type { McpTool } from "../types.js";
+export declare const typeSafetyTools: McpTool[];

package/dist/tools/typeSafetyTools.js

@@ -0,0 +1,146 @@
+import { readFileSync, existsSync, readdirSync } from "node:fs";
+import { join, resolve } from "node:path";
+import { getDb, genId } from "../db.js";
+import { getQuickRef } from "./toolRegistry.js";
+// ── Helpers ──────────────────────────────────────────────────────────
+function findConvexDir(projectDir) {
+    const candidates = [join(projectDir, "convex"), join(projectDir, "src", "convex")];
+    for (const c of candidates) {
+        if (existsSync(c))
+            return c;
+    }
+    return null;
+}
+function collectTsFiles(dir) {
+    const results = [];
+    if (!existsSync(dir))
+        return results;
+    const entries = readdirSync(dir, { withFileTypes: true });
+    for (const entry of entries) {
+        const full = join(dir, entry.name);
+        if (entry.isDirectory() && entry.name !== "node_modules" && entry.name !== "_generated") {
+            results.push(...collectTsFiles(full));
+        }
+        else if (entry.isFile() && entry.name.endsWith(".ts")) {
+            results.push(full);
+        }
+    }
+    return results;
+}
+function auditTypeSafety(convexDir) {
+    const files = collectTsFiles(convexDir);
+    const issues = [];
+    let filesWithAsAny = 0;
+    let asAnyCastCount = 0;
+    let undefinedReturns = 0;
+    let looseIdTypes = 0;
+    for (const filePath of files) {
+        const content = readFileSync(filePath, "utf-8");
+        const relativePath = filePath.replace(convexDir, "").replace(/^[\\/]/, "");
+        const lines = content.split("\n");
+        let fileHasAsAny = false;
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            if (line.trim().startsWith("//") || line.trim().startsWith("*"))
+                continue;
+            // Check 1: `as any` casts
+            const asAnyMatches = line.match(/as\s+any\b/g);
+            if (asAnyMatches) {
+                asAnyCastCount += asAnyMatches.length;
+                if (!fileHasAsAny) {
+                    fileHasAsAny = true;
+                    filesWithAsAny++;
+                }
+            }
+            // Check 2: return undefined (should be null in Convex)
+            if (/return\s+undefined\b/.test(line)) {
+                undefinedReturns++;
+                issues.push({
+                    severity: "warning",
+                    location: `${relativePath}:${i + 1}`,
+                    message: "Returning undefined — Convex serializes undefined differently from null. Use null explicitly.",
+                    fix: "Replace `return undefined` with `return null`",
+                });
+            }
+            // Check 3: Using string type where Id<'table'> should be
+            // Heuristic: args with names like *Id that use v.string() instead of v.id("table")
+            const idArgMatch = line.match(/(\w+Id)\s*:\s*v\.string\s*\(\s*\)/);
+            if (idArgMatch) {
+                looseIdTypes++;
+                issues.push({
+                    severity: "warning",
+                    location: `${relativePath}:${i + 1}`,
+                    message: `Arg "${idArgMatch[1]}" uses v.string() but looks like an ID field. Use v.id("tableName") for type-safe ID references.`,
+                    fix: `Change ${idArgMatch[1]}: v.string() to ${idArgMatch[1]}: v.id("tableName")`,
+                });
+            }
+            // Check 4: Manual interface/type definitions that shadow generated types
+            if (/(?:interface|type)\s+(Doc|Id|DataModel|FunctionReference)\b/.test(line)) {
+                issues.push({
+                    severity: "critical",
+                    location: `${relativePath}:${i + 1}`,
+                    message: "Manual type definition shadows Convex generated type. Import from _generated/dataModel instead.",
+                    fix: 'Import from "_generated/dataModel" or "_generated/server" instead of defining manually',
+                });
+            }
+        }
+        // Aggregate `as any` per file
+        if (fileHasAsAny) {
+            const count = (content.match(/as\s+any\b/g) || []).length;
+            issues.push({
+                severity: "warning",
+                location: relativePath,
+                message: `${count} \`as any\` cast(s) in this file. Each cast bypasses Convex's automatic type safety.`,
+                fix: "Replace `as any` with proper typing or use Convex generated types",
+            });
+        }
+    }
+    return {
+        issues,
+        stats: {
+            totalFiles: files.length,
+            filesWithAsAny,
+            asAnyCastCount,
+            undefinedReturns,
+            looseIdTypes,
+        },
+    };
+}
+// ── Tool Definition ─────────────────────────────────────────────────
+export const typeSafetyTools = [
+    {
+        name: "convex_check_type_safety",
+        description: "Check Convex code for type safety issues: `as any` casts (bypass generated types), returning undefined instead of null, v.string() where v.id() should be used, and manual type definitions shadowing Convex generated types.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                projectDir: {
+                    type: "string",
+                    description: "Absolute path to the project root containing a convex/ directory",
+                },
+            },
+            required: ["projectDir"],
+        },
+        handler: async (args) => {
+            const projectDir = resolve(args.projectDir);
+            const convexDir = findConvexDir(projectDir);
+            if (!convexDir) {
+                return { error: "No convex/ directory found" };
+            }
+            const { issues, stats } = auditTypeSafety(convexDir);
+            const db = getDb();
+            db.prepare("INSERT INTO audit_results (id, project_dir, audit_type, issues_json, issue_count) VALUES (?, ?, ?, ?, ?)").run(genId("audit"), projectDir, "type_safety", JSON.stringify(issues), issues.length);
+            return {
+                summary: {
+                    ...stats,
+                    totalIssues: issues.length,
+                    critical: issues.filter((i) => i.severity === "critical").length,
+                    warnings: issues.filter((i) => i.severity === "warning").length,
+                },
+                issues: issues.slice(0, 30),
+                quickRef: getQuickRef("convex_check_type_safety"),
+            };
+        },
+    },
+];
+//# sourceMappingURL=typeSafetyTools.js.map

package/dist/tools/vectorSearchTools.d.ts

@@ -0,0 +1,2 @@
+import type { McpTool } from "../types.js";
+export declare const vectorSearchTools: McpTool[];