| name | wasp-operations |
| description | Complete Wasp operations patterns for queries and actions. Use when creating backend operations, implementing queries/actions, or working with server-side code. Includes type annotations, auth checks, entity access, client usage, and error handling. |
| triggers | ["create query","add action","operation","backend","server code","query","action","operations.ts","wasp operation","server operation"] |
| version | 1 |
| last_updated | "2025-10-18T00:00:00.000Z" |
| allowed_tools | ["Read","Write","Edit","Bash"] |
Wasp Operations Skill
Quick Reference
When to use this skill:
- Creating new queries or actions
- Implementing backend operations
- Working with operations.ts files
- Setting up client-server communication
- Need auth checks, permissions, or validation patterns
Key concepts:
- Queries: Read operations using useQuery hook
- Actions: Write operations using direct async/await (NOT useAction by default)
- Type annotations: CRITICAL for context.entities access
- Auto-invalidation: Queries refetch when actions with same entities complete
Complete Workflow
1. Define in main.wasp
Location: app/main.wasp
Query declaration (READ operations):
query getTasks {
fn: import { getTasks } from "@src/server/tasks/operations",
entities: [Task] // REQUIRED for context.entities + auto-invalidation
}
query getTask {
fn: import { getTask } from "@src/server/tasks/operations",
entities: [Task]
}
Action declaration (WRITE operations):
action createTask {
fn: import { createTask } from "@src/server/tasks/operations",
entities: [Task] // Same entities as getTasks → auto-invalidates getTasks!
}
action updateTask {
fn: import { updateTask } from "@src/server/tasks/operations",
entities: [Task] // Auto-invalidates getTasks query
}
action deleteTask {
fn: import { deleteTask } from "@src/server/tasks/operations",
entities: [Task] // Auto-invalidates getTasks query
}
Critical rules:
- ✅ Use
@src/ prefix in main.wasp imports (NOT relative paths)
- ✅ List ALL entities accessed in
entities: [...] array
- ✅ Same entities in query + action = auto-invalidation
2. Implement in operations.ts
Location: app/src/{feature}/operations.ts (one file per feature)
Required imports:
import { HttpError } from "wasp/server";
import type {
GetTasks,
GetTask,
CreateTask,
UpdateTask,
DeleteTask,
} from "wasp/server/operations";
import type { Task } from "wasp/entities";
Import rules:
- ✅
wasp/server for HttpError
- ✅
wasp/server/operations for type annotations
- ✅
wasp/entities for entity types
- ❌ NEVER use
@wasp/... (wrong prefix)
- ❌ NEVER use
@src/... in .ts files (use relative paths)
3. Pattern Library
Query Pattern: Get All (with filtering)
export const getTasks: GetTasks<
{ status?: string },
Task[]
> = async (args, context) => {
if (!context.user) throw new HttpError(401);
const where: any = { userId: context.user.id };
if (args.status) {
where.status = args.status;
}
return context.entities.Task.findMany({
where,
orderBy: { createdAt: "desc" },
include: {
user: {
select: { id: true, username: true },
},
},
});
};
Key points:
- Type annotation
GetTasks<Args, Return> is CRITICAL
- Without type annotation:
context.entities is undefined!
- Auth check is FIRST line (security requirement)
- Use Prisma include for relations (avoid N+1 queries)
Query Pattern: Get Single (with permission check)
export const getTask: GetTask<
{ id: string },
Task
> = async (args, context) => {
if (!context.user) throw new HttpError(401);
const taskRecord = await context.entities.Task.findUnique({
where: { id: args.id },
include: {
user: {
select: { id: true, username: true },
},
},
});
if (!taskRecord) {
throw new HttpError(404, "Task not found");
}
if (taskRecord.userId !== context.user.id) {
throw new HttpError(403, "Not authorized to access this task");
}
return taskRecord;
};
Error sequence (CRITICAL):
- 401 Unauthorized: No user (unauthenticated)
- 404 Not Found: Resource doesn't exist
- 403 Forbidden: User lacks permission
- 400 Bad Request: Invalid input
Always check in this order!
Action Pattern: Create (with validation)
export const createTask: CreateTask<
{ description: string; status?: string },
Task
> = async (args, context) => {
if (!context.user) throw new HttpError(401);
if (!args.description?.trim()) {
throw new HttpError(400, "Description is required");
}
if (args.description.length > 500) {
throw new HttpError(400, "Description must be 500 characters or less");
}
const taskRecord = await context.entities.Task.create({
data: {
description: args.description.trim(),
status: args.status || "TODO",
userId: context.user.id,
},
});
return taskRecord;
};
Auto-invalidation magic:
- createTask has
entities: [Task]
- getTasks has
entities: [Task]
- When createTask completes → getTasks auto-refetches!
- No manual cache invalidation needed
Action Pattern: Update (with validation + permission)
export const updateTask: UpdateTask<
{ id: string; data: { description?: string; status?: string } },
Task
> = async (args, context) => {
if (!context.user) throw new HttpError(401);
const taskRecord = await context.entities.Task.findUnique({
where: { id: args.id },
});
if (!taskRecord) {
throw new HttpError(404, "Task not found");
}
if (taskRecord.userId !== context.user.id) {
throw new HttpError(403, "Not authorized to update this task");
}
if (args.data.description !== undefined) {
if (!args.data.description.trim()) {
throw new HttpError(400, "Description cannot be empty");
}
if (args.data.description.length > 500) {
throw new HttpError(400, "Description must be 500 characters or less");
}
}
const updatedTask = await context.entities.Task.update({
where: { id: args.id },
data: {
...(args.data.description && {
description: args.data.description.trim(),
}),
...(args.data.status && { status: args.data.status }),
},
});
return updatedTask;
};
Partial update pattern:
- Use spread operator with conditional fields
- Validate only provided fields
- Preserve existing values if not updated
Action Pattern: Delete (with permission check)
export const deleteTask: DeleteTask<{ id: string }, Task> = async (
args,
context,
) => {
if (!context.user) throw new HttpError(401);
const taskRecord = await context.entities.Task.findUnique({
where: { id: args.id },
});
if (!taskRecord) {
throw new HttpError(404, "Task not found");
}
if (taskRecord.userId !== context.user.id) {
throw new HttpError(403, "Not authorized to delete this task");
}
const deletedTask = await context.entities.Task.delete({
where: { id: args.id },
});
return deletedTask;
};
4. Use in Client Code
Location: app/src/{feature}/components/*.tsx
Required imports:
import {
useQuery,
createTask,
updateTask,
deleteTask,
} from "wasp/client/operations";
Query usage (useQuery hook):
function TasksPage() {
const {
data: tasks,
isLoading,
error
} = useQuery(getTasks, { status: 'TODO' })
if (isLoading) return <div>Loading...</div>
if (error) return <div>Error: {error.message}</div>
if (!tasks || tasks.length === 0) return <div>No tasks</div>
return (
<div>
{tasks.map((task) => (
<TaskItem key={task.id} task={task} />
))}
</div>
)
}
Action usage (direct async/await - DEFAULT):
function TaskForm() {
const handleCreate = async (description: string) => {
try {
await createTask({ description, status: "TODO" });
toast.success("Task created");
} catch (err) {
toast.error(err instanceof Error ? err.message : "Failed to create task");
}
};
const handleUpdate = async (id: string, data: any) => {
try {
await updateTask({ id, data });
toast.success("Task updated");
} catch (err) {
toast.error(err instanceof Error ? err.message : "Failed to update task");
}
};
const handleDelete = async (id: string) => {
try {
await deleteTask({ id });
toast.success("Task deleted");
} catch (err) {
toast.error(err instanceof Error ? err.message : "Failed to delete task");
}
};
}
CRITICAL: DO NOT use useAction by default!
const createTaskFn = useAction(createTask);
await createTaskFn(data);
await createTask(data);
ONLY use useAction for optimistic UI updates (advanced):
const deleteTaskFn = useAction(deleteTask, {
optimisticUpdates: [
{
getQuerySpecifier: () => [getTasks],
updateQuery: (oldTasks, { id }) => {
return oldTasks.filter((task) => task.id !== id);
},
},
],
});
const handleOptimisticDelete = async (id: string) => {
try {
await deleteTaskFn({ id });
toast.success("Task deleted");
} catch (err) {
toast.error("Failed to delete task");
}
};
When to use optimistic updates:
- Critical user experience (perceived speed)
- Action highly likely to succeed
- Complex UI state needs immediate feedback
5. Restart Wasp (MANDATORY)
After adding/modifying operations in main.wasp:
../scripts/safe-start.sh
Why restart is needed:
- Type definitions regenerate only on restart
- New operation types won't be available until restart
- Changes to entities list require restart
Common error if you forget:
Cannot find module 'wasp/server/operations'
or
Property 'Task' does not exist on type 'Context'
Fix: Stop wasp (Ctrl+C) and run ../scripts/safe-start.sh (multi-worktree safe)
Advanced Patterns
Pattern: Complex Permission Check
async function canAccessTask(
userId: string,
taskId: string,
context: any,
): Promise<boolean> {
const taskRecord = await context.entities.Task.findUnique({
where: { id: taskId },
include: {
project: {
include: {
members: true,
},
},
},
});
if (!taskRecord) return false;
if (taskRecord.userId === userId) return true;
if (taskRecord.project?.members.some((m: any) => m.userId === userId)) {
return true;
}
const userRole = await getUserOrgRole(userId, task.organizationId, context);
if (["OWNER", "ADMIN"].includes(userRole)) return true;
return false;
}
export const getTask: GetTask<{ id: string }, Task> = async (args, context) => {
if (!context.user) throw new HttpError(401);
const hasAccess = await canAccessTask(context.user.id, args.id, context);
if (!hasAccess) throw new HttpError(403, "Not authorized");
return context.entities.Task.findUnique({ where: { id: args.id } });
};
Pattern: Input Validation with Zod
import { z } from "zod";
const CreateTaskSchema = z.object({
description: z.string().min(1, "Description required").max(500, "Too long"),
status: z.enum(["TODO", "IN_PROGRESS", "DONE"]).optional(),
dueDate: z.string().datetime().optional(),
});
export const createTask: CreateTask = async (args, context) => {
if (!context.user) throw new HttpError(401);
try {
const validated = CreateTaskSchema.parse(args);
return await context.entities.Task.create({
data: { ...validated, userId: context.user.id },
});
} catch (error) {
if (error instanceof z.ZodError) {
const messages = error.errors.map(
(e) => `${e.path.join(".")}: ${e.message}`,
);
throw new HttpError(400, messages.join(", "));
}
throw error;
}
};
Benefits:
- Type-safe validation
- Clear error messages
- Reusable schemas
- Complex validation rules
Pattern: Pagination
export const getTasks: GetTasks<
{ page?: number; pageSize?: number },
{ tasks: Task[]; total: number; hasMore: boolean }
> = async (args, context) => {
if (!context.user) throw new HttpError(401);
const page = args.page || 0;
const pageSize = args.pageSize || 20;
const [tasks, total] = await Promise.all([
context.entities.Task.findMany({
where: { userId: context.user.id },
skip: page * pageSize,
take: pageSize,
orderBy: { createdAt: "desc" },
}),
context.entities.Task.count({
where: { userId: context.user.id },
}),
]);
return {
tasks,
total,
hasMore: (page + 1) * pageSize < total,
};
};
Key points:
- Use
skip and take for pagination
- Run count query in parallel with Promise.all
- Return metadata (total, hasMore) for UI
Pattern: Bulk Operations
export const deleteMultipleTasks: DeleteMultipleTasks<
{ ids: string[] },
{ count: number }
> = async (args, context) => {
if (!context.user) throw new HttpError(401);
const tasks = await context.entities.Task.findMany({
where: { id: { in: args.ids } },
});
const unauthorized = tasks.filter((task) => task.userId !== context.user.id);
if (unauthorized.length > 0) {
throw new HttpError(403, "Not authorized to delete some tasks");
}
const result = await context.entities.Task.deleteMany({
where: {
id: { in: args.ids },
userId: context.user.id,
},
});
return { count: result.count };
};
Security note:
- ALWAYS verify permissions for ALL items
- Use
deleteMany only after permission check
- Return count for UI feedback
Common Errors & Solutions
Error: "Cannot find module 'wasp/...'"
Cause: Using wrong import prefix or forgot to restart
Solutions:
- Use
wasp/... NOT @wasp/...
- Restart wasp:
../scripts/safe-start.sh (multi-worktree safe)
- Verify entity declared in main.wasp
import { Task } from "@wasp/entities";
import { Task } from "wasp/entities";
Error: "Property 'Task' does not exist on type 'Context'"
Cause: Missing type annotation or entity not listed in main.wasp
Solutions:
- Add type annotation:
GetTasks<Args, Return>
- Add entity to main.wasp:
entities: [Task]
- Restart wasp
export const getTasks = async (args, context) => {
return context.entities.Task.findMany();
};
export const getTasks: GetTasks<void, Task[]> = async (args, context) => {
return context.entities.Task.findMany();
};
Error: Operation not auto-invalidating
Cause: Query and action have different entities lists
Solution: Use same entities in both
// ❌ WRONG - Different entities
query getTasks {
entities: [Task]
}
action createTask {
entities: [Task, User] // Extra entities prevent auto-invalidation
}
// ✅ CORRECT - Same entities
query getTasks {
entities: [Task]
}
action createTask {
entities: [Task] // Matches query → auto-invalidation works!
}
Error: "Not authorized" but user is logged in
Cause: Using wrong helper to access auth fields
Solution: Use Wasp helpers for email/username
if (context.user.email === 'admin@example.com') { ... }
import { getEmail } from 'wasp/auth'
const email = getEmail(context.user)
if (email === 'admin@example.com') { ... }
Critical Rules Checklist
✅ MUST DO:
-
Add type annotations
GetQuery<Args, Return>
CreateAction<Args, Return>
- Without types: context.entities is undefined!
-
Check auth FIRST
if (!context.user) throw new HttpError(401)
- First line of every operation
- Security requirement
-
List entities in main.wasp
- Required for context.entities access
- Enables auto-invalidation between queries/actions
- Add ALL entities accessed
-
Use direct await for actions (default)
await createTask(data) (simple, enables auto-invalidation)
- NOT
useAction(createTask) (only for optimistic UI)
-
Restart after main.wasp changes
- Stop wasp (Ctrl+C)
- Run
../scripts/safe-start.sh (multi-worktree safe)
- Types only regenerate on restart
-
Follow error sequence
- 401: Not authenticated
- 404: Resource not found
- 403: Not authorized
- 400: Bad request
-
Avoid N+1 queries
- Use Prisma
include for relations
- Fetch related data in single query
-
Validate input
- Check required fields
- Check length constraints
- Use Zod for complex validation
❌ NEVER DO:
-
Skip type annotations
- Result: context.entities undefined
- Error: Cannot access entities
-
Skip auth check
- Result: Security vulnerability
- Anyone can access operations
-
Use useAction by default
- Result: Blocks auto-invalidation
- Adds unnecessary complexity
-
Forget to restart
- Result: Types not updated
- Imports fail
-
Use @wasp/ prefix
- Correct:
wasp/entities
- Wrong:
@wasp/entities
-
Use @src/ in .ts/.tsx files
- Correct:
../../utils/helper
- Wrong:
@src/utils/helper
-
Access user.email directly
- Correct:
getEmail(user)
- Wrong:
user.email (undefined!)
-
Mix up enum imports
- Types:
import type { UserRole } from 'wasp/entities'
- Values:
import { UserRole } from '@prisma/client'
Complete Examples Reference
See .claude/templates/operations-patterns.ts for copy-paste ready examples:
- Lines 1-150: Query patterns (get all, get single, filtered queries)
- Lines 151-300: Action patterns (create, update, delete)
- Lines 301-450: Client-side usage (useQuery, direct calls, optimistic UI)
- Lines 451-594: Advanced patterns (permissions, validation, pagination, bulk ops)
Quick Decision Tree
Need to fetch data from server?
├─ YES → Create QUERY
│ 1. Add query block to main.wasp
│ 2. Implement with GetQuery<Args, Return> type
│ 3. Use useQuery hook in client
│
└─ NO → Need to modify data?
└─ YES → Create ACTION
1. Add action block to main.wasp
2. Implement with CreateAction<Args, Return> type
3. Use direct await in client (NOT useAction)
Summary
This skill provides complete Wasp operations implementation guidance.
Key takeaways:
- Type annotations are CRITICAL (enables context.entities)
- Auth check is MANDATORY first line (security)
- Use direct await for actions (NOT useAction by default)
- Same entities in query + action = auto-invalidation
- Restart after main.wasp changes (types regenerate)
When stuck:
- Check if type annotation added
- Verify entities listed in main.wasp
- Confirm
../scripts/safe-start.sh restarted after changes (multi-worktree safe)
- Review error sequence (401 → 404 → 403 → 400)
- Use helpers for auth fields (getEmail, getUsername)
For complete examples: See .claude/templates/operations-patterns.ts