pm4ai

Convex self-hosted

Conventions for Convex projects running on self-hosted backends

Self-hosted Convex env + auth conventions. Applies WHEN a project has **/convex/_generated/ and CONVEX_SELF_HOSTED_URL in any .env.

MUST

  • Keep all Convex env vars in apps/backend/.env (or .env); push via a single sync.ts (bun run sync). Why: .env is sole source of truth.
  • Gate dev/prod branches on a custom var (ALLOW_OVERRIDES) or process.env.CONVEX_SELF_HOSTED_URL. Why: self-hosted runtime hardcodes NODE_ENV==='production' on dev AND prod.
  • WHEN depending on @convex-dev/auth, define JWT_PRIVATE_KEY + JWKS in .env; persist sync.ts auto-generated values back to .env. Why: backend + source of truth stay aligned.
  • Set SITE_URL for auth callbacks; multi-origin (prod + localhost + 127.0.0.1) = comma-separated list. Why: callback matches redirectTo against the full set.

NEVER

  • convex env set literal outside **/sync.ts. Cost: drift; sync silently overwrites it.
  • Branch on process.env.NODE_ENV inside **/convex/**/*.ts. Cost: always 'production', branch is dead.

Code Quality

Code quality standards and constraints

Drizzle

Drizzle ORM query conventions

On this page

MUSTNEVER