## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs update
## What is the new behavior?
Adds a page to Platform > Project & Account Management subsection to
covers project pausing behavior for the Free plan.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a new “Project Pausing” guide link under **Platform → Project &
Account Management**.
* Published a new guide explaining Free Plan automatic project pausing,
the 7-day inactivity determination, the warning/confirmation email flow,
how to prevent pausing via activity, restoration within 90 days, and how
to avoid future pauses by upgrading.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
## Details of change
Re-lands DATAENG-1468 (docs page feedback to Postgres) with an
**insert-only** design that avoids the cross-project auth issue that
caused the prior revert.
- New insert-only `feedback_comments` table: anon `insert` policy only
(no select/update/delete). Columns: `page`, `vote`, `title`, `comment`,
`user_id`, `metadata`.
- The docs widget writes the free-text comment to `feedback_comments`
via the **anon key**. The votes `feedback` table is untouched (one row
per vote).
- No user token is sent to the content project anymore (that was the
cause of the previous failure): the feedback client uses the anon key
only.
- The commenter's account user id (gotrue UUID) is read client-side from
the session and stored as a plain `user_id` column for attribution
(comments are logged-in-only). Org/project association is derived
downstream in BigQuery via that id; docs pages aren't project-scoped, so
there's no project_ref/org to capture here.
- Removed the previous update-by-id approach, the per-user RLS policies,
and the obsolete unit test.
## Why the previous version was reverted
It authenticated feedback writes with the supabase.com account session
token, but the requests target the docs content project
(`xguihxuzqibwxjnimxev`), which cannot verify that token. Logged-in
users got `PGRST301 / JWSInvalidSignature`. This version removes the
user token entirely, so writes succeed for everyone.
## Verification
Insert-only RLS means a row can be written but not read/updated/deleted
by `anon`. Comments retrievable with `where comment is not null` is not
needed (separate table); just query `feedback_comments`.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* The feedback form now captures a vote rating along with an optional
title and detailed comments, saving richer context for review.
* **Refactor**
* Feedback submission has been streamlined to write directly to the
database for both vote and comment submissions.
* **Maintenance**
* Updated the feedback data typings to support the new title, comment,
user, page, and vote fields via the new feedback comments storage.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added analytics telemetry for documentation 404 recommendation clicks,
recording the clicked destination and the originating page.
* **Improvements**
* Enhanced the ButtonCard component to optionally handle click actions
via an `onClick` callback and forward it to the underlying link element.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Reverts supabase/supabase#46941
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **New Features**
* Feedback is now automatically routed to the appropriate documentation
team based on the section being viewed.
* **Improvements**
* Streamlined feedback submission process—votes and comments are now
collected more efficiently in a single submission.
* Enhanced feedback data handling and organization for better team
collaboration.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## What
- Route docs page feedback **comments** to Postgres instead of `POST
/platform/feedback/docs` (which created duplicate Linear issues); the
👍/👎 vote is unchanged
- Store the comment on the **existing `feedback` row**: add `user_id` /
`title` / `comment`; submitting a comment updates the vote row the user
just created
- Capture the real `user_id` (`default auth.uid()`) so feedback is tied
to the user
- Owner-scoped RLS — `select`/`update` for authenticated users where
`user_id = auth.uid()`; anonymous votes stay insert-only
- Linear issues still get created, now via the data pipeline instead of
directly from the UI
## Linear
[DATAENG-1468](https://linear.app/supabase/issue/DATAENG-1468)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Feedback follow-ups now support saving a detailed title and comment,
tied to the signed-in user.
* **Bug Fixes**
* Follow-up submissions are now persisted in Supabase, ensuring the vote
and later details stay consistent for logged-in users.
* **Tests**
* Added coverage for updating a feedback entry’s title and comment.
* **Chores**
* Removed the previous feedback submission endpoint/mutation flow in
favor of a Supabase update-based approach.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
## Problem
Our `<Button>` component breaks the default `button` contract by
redefining the `type` prop to set its variant (`primary`, `default`,
etc) instead of the button type (`submit`, `button`, etc).
This is confusing and forces to write more code when using it with
shadcn components that expect/inject the standard button props.
## Solution
- rename the `type` prop to `variant`
- rename the `htmlType` prop to `type`
- propagate the changes where necessary
- format code
## How to test
As this is just prop renaming, if it builds it's ok
---------
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
## What kind of change does this PR introduce?
UI fix. Resolves DOCS-1051.
## What is the current behavior?
Two unnecessary icons on docs homepage add more confusion than help.
## What is the new behavior?
Removed and tightened surrounding spacing + rhythm.
| Before | After |
| --- | --- |
| <img width="1339" height="703" alt="Supabase
Docs-5A137B99-AC36-4A59-85D9-B581307FFE6D"
src="https://github.com/user-attachments/assets/b1a1c2c7-3882-455d-93d6-799079bef209"
/> | <img width="1339" height="703" alt="Supabase
Docs-1220594B-29B1-48B0-B976-39CCFB009857"
src="https://github.com/user-attachments/assets/87a2501a-d6a4-4a1e-a73e-cf870c7170db"
/> |
| <img width="1339" height="703" alt="Supabase
Docs-23849B84-EE41-45EB-A585-BEE71AB8FFB2"
src="https://github.com/user-attachments/assets/517fe19a-8022-4276-822d-952f3c094005"
/> | <img width="1339" height="703" alt="Supabase
Docs-B5A3344F-32DD-4A49-B7DF-E5B10C8CDD13"
src="https://github.com/user-attachments/assets/045a46fe-6e8c-4268-8212-602b95868b66"
/> |
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Simplified documentation page header and section visuals by removing
icon-accented wrappers and using cleaner text-based layouts.
* **Accessibility / Content**
* Updated section heading hierarchy for improved structure (e.g.,
“Additional resources” and “Self-Hosting”) by promoting headings while
keeping existing context and styling.
* Refreshed the “Getting Started” section to be text-focused without the
prior play icon treatment.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Agent Plugin, Agent Skills, and Prompts menu items added to navigation
(now feature-gated).
* **Documentation**
* AI Prompts and Agent Skills sections are now conditionally shown in
the docs based on feature flags.
* **Chores**
* New feature flags for docs (Agent Plugin, Agent Skills, Prompts) added
and enabled in config/schema.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## What kind of change does this PR introduce?
docs update
## What is the new behavior?
Moving the new `error-codes` page to "Debugging" section.
Adding link reference to it under `status-codes` page.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **Documentation**
* Reorganized Error Codes guide navigation to the Debugging section for
improved discoverability
* Enhanced status codes guide with details on HTTP status codes and
error response headers in Edge Functions
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Towards FUNC-308
## What kind of change does this PR introduce?
Docs update
## What is the current behavior?
Missing error codes definitions for Edge Functions
## What is the new behavior?
This PR adds maps the possible error codes that Edge Functions can
return
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added a new “Error Codes” guide for Edge Functions, explaining how to
use the `sb-error-code` response header and covering error categories
(bad implementation, authentication, request, server) with causes and
solutions.
* **New Features**
* Updated site navigation to include a direct “Error Codes” link under
the functions menu for quicker access.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs update
## What is the nee current behavior?
Added new section to explain how vector buckets works locally
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added a "Local Development" guide for Vector Buckets covering
alpha-status cautions, local vs hosted behavior, steps to enable local
vector storage, declarative bucket configuration, and how to create
buckets for local testing.
* Updated site navigation to include the new Local Development guide in
the Storage → Vector docs.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Reorganized REST API documentation navigation to consolidate debugging
resources under a dedicated subsection for improved discoverability.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Consolidated API key deprecation guidance into a reusable notice for
consistent messaging across docs. Announces deprecation of legacy
anon/service_role JWT-secret keys by end of 2026, instructs switching to
sb_publishable_xxx / sb_secret_xxx, and provides steps to locate and
copy both new and legacy keys. Applied across auth, getting-started,
API, and realtime guides.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: fadymak <dev@fadymak.com>
## What
Adds a getting-started guide for migrating an existing project from the
legacy JWT-based `anon` and `service_role` keys to the new publishable
(`sb_publishable_...`) and secret (`sb_secret_...`) keys.
The guide walks through the migration step by step:
- **Before you start** — maps legacy keys to their replacements.
- **Step 1** — create the new `default` keys.
- **Step 2 / 3** — swap the publishable key in client code and the
secret key in backend code.
- **Database Webhooks and `pg_net`** — move the key from the
`Authorization: Bearer` header to the `apikey` header (the new keys
aren't JWTs and are rejected on `Authorization`), with a Vault note for
not inlining secrets.
- **Step 4** — update Edge Functions, with two options: read the new env
vars (`SUPABASE_PUBLISHABLE_KEYS` / `SUPABASE_SECRET_KEYS`) and set
`verify_jwt = false`, or adopt the `@supabase/server` SDK.
- **Step 5 / 6** — verify nothing uses the legacy keys, then deactivate
them (reversible).
- **Next steps** — clarifies that JWT signing keys are a separate,
independent migration.
## Notes
While writing this we found Studio issues to fix separately (the Invoke
Function cURL snippet and the Database Webhooks editor both put the new
keys on the `Authorization` header).
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added a comprehensive migration guide for moving from legacy JWT-based
API keys to the new publishable and secret keys with zero‑downtime
steps, verification, limitations, and next steps.
* Clarified API key behavior and recommended migration actions in the
getting‑started docs.
* Added a navigation entry linking to the new migration guide.
* **Style**
* Relaxed documentation lint rules to allow expected wording/phrases
(e.g., "backends", "Database Webhooks").
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
New guide at `/guides/api/handling-errors-in-supabase-js` that leads
with `error.hint` as the most useful field on a Postgres error. When the
database knows the fix (a `GRANT` statement to run for a `42501`, a
column name you probably meant), it puts the literal SQL in `hint`.
Logging only `error.message` hides it.
The guide covers the `PostgrestError` shape (fields ordered by
usefulness: hint first, message last), branching on `error.code`, and
parallel patterns for Auth, Storage, Edge Functions, and Realtime.
Linked from the API > Guides sidebar next to the existing PostgREST
error codes reference.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added a comprehensive guide on handling errors in supabase-js,
explaining the {data, error} pattern and recommending logging full error
objects.
* Provides a recommended error-handling pattern, guidance to branch on
error codes, and example error fields.
* Adds component-specific advice for Auth, Storage, Edge Functions, and
Realtime, plus a “Related” links section.
* Added a navigation entry so the guide appears in the API guides
submenu.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
This PR is add missing docs for the newly added wrappers:
- Cal
- Calendly
- Cloudflare D1
- DynamoDB
- Gravatar
- Hubspot
- Infura
- MySQL
- OpenApi
- Orb
- Shopify
- Slack
## What is the current behavior?
Those wrappers was added to Wrappers extension but docs links are not
updated.
## What is the new behavior?
- The missing wrappers docs are added.
- Removed the repetitive `Connecting to` title prefix in the Navigation.
- Collapse the lengthy wrappers list into a `Sources` sub navigation
item to make the UI tidy.
## Additional context
N/A
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added guides for new federated data wrappers: Cal, Calendly,
Cloudflare D1, Gravatar, Infura, MySQL, OpenAPI, Shopify, and Slack.
* Reorganized Foreign Data Wrappers navigation menu with an improved
hierarchical structure for easier discovery of available vendor
integrations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
Adds documentation for the new Logs pricing SKUs (Ingest and Query)
ahead of the July 1 launch. Part of the [O11Y Logs Pricing
RFC](https://linear.app/supabase/project/rfc-supabase-observability-product-packaging-and-pricing-77990c05a767)
rollout (PRD R6).
**This is the docs PR.** Pricing page changes (`apps/www`) and Studio
dashboard changes are separate PRs.
### New pages
- **Logs overview** (`manage-your-usage/logs.mdx`) — both SKUs at a
glance, summary pricing table, Logs vs Log Drains clarification
- **Logs Ingest detail** (`manage-your-usage/logs-ingest.mdx`) — full
billing details, invoice examples, optimization tips
- **Logs Query detail** (`manage-your-usage/logs-query.mdx`) — full
billing details, invoice examples, optimization tips
- **Pricing partials** for both SKUs (`pricing_logs_ingest.mdx`,
`pricing_logs_query.mdx`)
### Updated pages
- **Cost control** — added Logs Ingest + Logs Query to "Usage items
covered by the Spend Cap" list
- **Telemetry/logs** — added link to the new manage-usage overview page
- **Navigation sidebar** — added Logs, Logs Ingest, Logs Query entries
before Log Drains
### Notes
- Screenshots are marked as TODO placeholders — will be added once
Studio surfaces are live
- Follows the existing manage-usage page pattern (storage-size, MAU,
etc.)
- Canonical pricing: Ingest $0.50/GB over 5 GB, Query $0.002/GB over
1,000 GB (Free/Pro/Team)
## Test plan
- [x] Verify pages render at
`/docs/guides/platform/manage-your-usage/logs`, `/logs-ingest`,
`/logs-query`
- [x] Verify sidebar navigation shows new entries
- [x] Verify cost-control page lists both items under "covered by Spend
Cap"
- [x] Verify `<$Partial />` pricing tables render correctly
- [x] Verify telemetry/logs page shows new billing link
- [x] Verify no broken links
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added guides for managing Logs, Logs Ingest, and Logs Query usage with
pricing, billing scenarios, quota examples, and optimization tips
* Added Platform → Billing navigation items: Logs, Logs Ingest, Logs
Query
* Included overage pricing tables, Spend Cap coverage updates, “Coming
soon” billing caveats, clarified Logs vs. Log Drains, and linked usage
management from the Logging guide
* **Chore**
* Whitelisted "Better Stack" in spelling checks
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46095?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs update (new guides + follow-up documentation fix from review
feedback).
## What is the current behavior?
There was no consolidated docs example for resumable WebSockets with
Edge Functions, and no dedicated troubleshooting guide for worker
timeouts / WebSocket drops.
## What is the new behavior?
- Adds a resumable WebSockets guide for Edge Functions, including:
- session persistence
- event replay
- idempotency pattern and schema examples
- client/server example flow
- Adds an Edge Functions troubleshooting guide for worker timeouts and
WebSocket drops.
- Updates docs navigation to surface the new guides.
- Follow-up fix from review feedback: the browser client example now
stores `sessionId` and `lastEventId` in `sessionStorage` (instead of
`localStorage`).
## Additional context
- Branch has been updated with latest `origin/master`.
- This PR remains documentation-focused; no production runtime code
changes were introduced.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added a guide on resumable WebSockets covering session persistence,
event replay, idempotency patterns, SQL schema examples, and
client/server usage.
* Added a troubleshooting guide on Edge Functions worker timeouts and
WebSocket drops with scenarios, symptoms, and practical workarounds.
* Enhanced WebSocket docs with a production note on worker lifecycle and
keeping runtime promises open to avoid premature shutdown.
* Navigation updated to surface the new guides.
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46178?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Lakshan Perera <lakshan@supabase.io>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: CodeRabbit <noreply@coderabbit.ai>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Adds a consumer-side guide for hardening npm installs of @supabase/*
packages: lockfile hygiene, minimum-release-age quarantine across
pnpm/yarn/npm/bun, private registries, provenance verification,
lifecycle script controls, blocking exotic transitive refs, Edge
Functions specifics, and an incident-response checklist.
Lives at guides/security/ alongside platform-security and
product-security; filesystem-driven sidebar picks it up automatically.
Originally drafted in supabase/supabase-js#2382 and moved here per
review.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added an npm security hardening guide (lockfile & CI practices,
release-age quarantines, transitive/exotic dependency controls,
provenance verification, lifecycle-script hardening, package-manager
pinning, CI/lockfile hygiene, Deno/Edge guidance, incident-response
checklist).
* Added a navigation entry for the new guide.
* Note: guide frontmatter contains unresolved merge-conflict markers.
* **Chores**
* Expanded spelling allowlist to include common tech terms (e.g.,
lockfile, sigstore, postinstall).
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46384?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs update.
## What is the current behavior?
No docs for client-side trace propagation with the JS SDK. Users with
OpenTelemetry-instrumented apps had no way to find out that supabase-js
can attach W3C Trace Context headers and that `trace_id` shows up in API
Gateway and Edge Function logs.
## What is the new behavior?
New guide at `/guides/telemetry/client-side-tracing` covering
requirements, opt-in setup (`tracePropagation: true`), advanced options,
domain scoping, where `trace_id` appears in Supabase logs, and
troubleshooting. Linked from the Logging & observability nav.
Preview:
https://docs-git-docs-otel-sdk-supabase.vercel.app/docs/guides/telemetry/client-side-tracing
## Additional context
First of several planned SDK tracing guides. When the next SDK gets one
we'll restructure into a shared `tracing/` folder.
## Summary by CodeRabbit
* **Documentation**
* New comprehensive guide for client-side trace propagation with the JS
SDK: explains W3C Trace Context header behavior, requirements, setup
steps, opt-in examples, advanced configuration, domain/security notes,
and troubleshooting when trace IDs are missing.
* Added a new "Tracing with the JS SDK" entry in the Logging &
observability navigation for easy access to the guide.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* New comprehensive guide for client-side trace propagation with the JS
SDK: explains W3C Trace Context header behavior, requirements, setup
steps, opt-in examples, advanced configuration, domain/security notes,
and troubleshooting when trace IDs are missing.
* Added a "Tracing with the JS SDK" entry under Logging & observability
for quick access.
* Documentation metadata updated to reference the latest source
snapshots.
* Lint rules updated to allow "OpenTelemetry", "Zipkin", and "noop".
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46218?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
## What kind of change does this PR introduce?
Docs update. Part of DEPR-198.
## What is the current behaviour?
Auth email template examples and Studio template labels still reflect
older default copy in a few places.
## What is the new behaviour?
Updates Auth docs, local development docs, related snippets, Studio
template labels, and UI Library examples to [match the updated default
Auth email
copy](https://linear.app/supabase/document/email-template-copywriting-updates-04bba460fd2a).
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated authentication email template names and descriptions across
guides, replacing "Magic link" with "Sign-in link or code" terminology
* Revised security notification email naming from "Identity
linked/unlinked" to "Sign-in method linked/removed" and "MFA method" to
"Verification method"
* Updated email template example content with improved wording (e.g.,
"Confirm your email address" instead of "Confirm your signup")
* **UI Updates**
* Refined authentication-related UI text labels and descriptions in the
dashboard
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45706)
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
## Problem
The `_Shadcn_` suffix isn't needed anymore on `Command` components
## Solution
- Remove the `_Shadcn_` suffix
- Simplify UI package exports
- Apply prettier
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Simplified command component imports and exports across the UI library
by removing internal naming aliases and adopting direct component
references. Updated the public UI package barrel export to use wildcard
re-exports for cleaner API surface.
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46153?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs update.
## What is the current behavior?
The "Securing Edge Functions" guide (`/docs/guides/functions/auth`)
opens with two conceptual sections — "Understanding authorization
headers" and "The `verify_jwt` platform check" — followed by a "Common
auth patterns" section that re-implements the same four use cases twice:
once without an SDK using `Deno.serve` + manual `createClient` + manual
`Authorization` header forwarding, and again using `@supabase/server`.
The recommended path is buried below background reading and a
legacy-style implementation.
Linear: COM-235.
## What is the new behavior?
The guide now leads with practical how-tos built on `@supabase/server`:
- Authenticated user calls (`auth: 'user'`)
- Service-to-service calls (`auth: 'secret'`)
- Public functions (`auth: 'none'`)
- External webhooks (`auth: 'none'` + signature verification)
- Combining modes
- Custom error responses
- Environment variables
The two conceptual sections are extracted into a new sibling page at
`/docs/guides/functions/auth-headers` ("Authorization headers"), linked
from the top of the how-to page and added to the side nav between
"Securing your functions" and "Legacy JWT secret".
The legacy SDK-less examples are removed. The mode table uses the
unnamed forms (`'secret'`, `'publishable'`), and a note in the
service-to-service section introduces the `'secret:<name>'` /
`'publishable:<name>'` syntax for callers that want to scope to a
specific named key.
## Additional context
Each section preserves the "who calls this and why" framing from the
original (cron jobs, workers, and `pg_net` for service-to-service;
`supabase.functions.invoke` for authenticated user calls; signed webhook
providers for external webhooks).
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added a new guide explaining Edge Functions authentication headers,
JWT validation, and API key handling
* Redesigned core authentication guide to focus on the primary wrapper
approach with clearer examples and common scenarios
* Improved navigation and added redirects to make authentication docs
easier to find and access
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45959?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
## Problem
The `_Shadcn_` suffix isn't needed anymore on breadcrumb components
## Solution
Remove it. No other changes
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Standardized breadcrumb component exports across the codebase by
removing internal aliasing and using direct component exports. No UI,
behavior, or public API changes; end-user experience unchanged.
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45984)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
The `_Shadcn_` suffix isn't needed anymore on `Select` components
## Solution
Remove it. No other changes
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Updated internal component architecture to standardize and simplify
the codebase. These changes improve code maintainability and consistency
across the application without affecting existing functionality or user
experience.
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45988)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
The `_Shadcn_` suffix isn't needed anymore on label component
## Solution
Remove it. No other changes
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Standardized Label usage across the codebase by removing the legacy
alias and using the direct Label export from the UI package
consistently.
* **Documentation**
* Updated component examples and docs to use the standardized Label
component in usage snippets and demos.
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45986)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
We have multiple Popover components
## Solution
- [x] migrate Popover usages to Shadcn components
- Migrated JSON and text editor in the `TableEditor` (inline row
edition)
- Migrated the template popover in the logs explorer templates page
- [x] remove `_Shadcn_` suffix from Popover components (renaming +
prettier)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Unified popover implementation across the app and design system;
dropdowns, calendars, menus and tooltips now use a consistent popover
API with no visual or interaction changes.
* **Chores**
* Minor prop typing update for the logs date-picker to align with the
consolidated popover content type.
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45980)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
We have multiple `Collapsible` components.
## Solution
Reduce their number by using only the one from shadcn.
I haven't noticed any visual nor functional changes.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Migrated expandable/collapsible UI to a unified shadcn-based
implementation for more consistent expand/collapse behavior across the
app.
* **Style**
* Updated listbox check icon sizing and removed obsolete collapsible
open/close animations.
* **Chores**
* Removed deprecated collapsible variants and consolidated UI component
surface for simpler maintenance.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added an "AI Tools" guides section with landing, overview, and
troubleshooting pages; guides render from Markdown.
* **Documentation**
* New AI Tools guides: local development, Quickstart, CLI overview,
troubleshooting, and detailed overview pages.
* **Chores**
* Site navigation updated to include an AI Tools entry and renamed
subsection to "AI"; added permanent redirects from prior Getting Started
AI URLs to the new AI Tools locations.
* **Bug Fixes**
* Updated internal guide links so AI prompt pages point to the new AI
Tools paths.
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45795)
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Greg Richardson <greg.nmr@gmail.com>
## Summary
Eliminates the Google Search Console "Missing field 'item' (in
'itemListElement')" critical error on 230 `/docs/guides/*` pages. The
schema was emitting `ListItem`s without an `item` field for intermediate
category nodes that lack a URL in the docs nav. Per [Google's
spec](https://developers.google.com/search/docs/appearance/structured-data/breadcrumb),
`item` is required on every BreadcrumbList position except the last leaf
— so url-less items are filtered out instead.
Also fixes a smaller quality gap surfaced during preview verification:
the `auth` section root in `NavigationMenu.constants.ts` was missing a
`url`, so auth trails were dropping the "Auth" breadcrumb level (`Docs >
Guides > JSON Web Tokens (JWT) > Overview` instead of `Docs > Guides >
Auth > JSON Web Tokens (JWT) > Overview`). Every other section root
already has a `url`; auth was the lone outlier.
## Testing
Tested locally via vitest (`pnpm --filter docs exec vitest run
lib/json-ld.test.ts`):
- [x] All-urls chain: every `itemListElement` has string `item` and
`name`
- [x] Leaf-url-mismatch: leaf uses `pathname` even when the chain leaf
URL differs
- [x] All-url-less chain: returns `null`
- [x] Empty chain: returns `null`
Tested on the preview deploy against 7 representative GSC-flagged paths:
- [x] `/docs/guides/getting-started/ai-prompts` — 4 positions, 0 missing
- [x] `/docs/guides/getting-started/ai-skills` — 4 positions, 0 missing
- [x] `/docs/guides/auth/jwts` — 4 positions, 0 missing (after auth fix:
includes "Auth")
- [x] `/docs/guides/auth/social-login/auth-google` — 4 positions, 0
missing (after auth fix: includes "Auth")
- [x] `/docs/guides/database/postgres-js` — 4 positions, 0 missing
- [x] `/docs/guides/storage/quickstart` — 4 positions, 0 missing
- [x]
`/docs/guides/platform/migrating-within-supabase/dashboard-restore` — 5
positions, 0 missing
Post-merge:
- [ ] validator.schema.org against deployed URL: 0 errors
- [ ] GSC "Validate fix" on the breadcrumb issue (1-2 week re-crawl
window)
## Linear
- fixes GROWTH-835
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved breadcrumb validation to filter incomplete entries and avoid
broken documentation links.
* Restored root link for the Auth navigation section so the Auth menu
item now navigates to /guides/auth.
* **Tests**
* Added comprehensive tests covering breadcrumb generation and edge
cases.
* **Refactor**
* Streamlined breadcrumb JSON‑LD schema generation for clearer output
and maintainability.
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45744)
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
Renames the docs page title, sidebar label, description, and body text
from **"Supabase Agent Plugin"** to **"Supabase Plugin for AI coding
Agents"** across `plugins.mdx`, `ai-skills.mdx`, `mcp.mdx`, and the
navigation constants
More context in this [Slack
thread](https://supabase.slack.com/archives/C0254JUR2DU/p1778165488699219)
Close
[AI-710](https://linear.app/supabase/issue/AI-710/rename-supabase-agent-plugin-docs-title)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Renamed the AI tool throughout docs and navigation to "Supabase Plugin
for AI Coding Agents" (previously "Supabase Agent Plugin").
* Updated getting-started and plugin pages, installation guidance, and
sidebar labels to use the new name while preserving existing links and
instructions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Taryn King
