## Summary
- Adds a new `/guides/getting-started/plugins` docs page with an
`AgentPluginsPanel` component
- Per-client install instructions for Claude Code, Codex, Cursor, and
Gemini CLI
- Adds the page to the navigation under AI Tools
- Removes the Claude Code plugin subsection from the AI Skills page (now
covered here)
Closes
[AI-690](https://linear.app/supabase/issue/AI-690/agent-plugins-documentation)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Interactive plugin installation panel to choose from multiple AI
coding agents with agent-specific setup instructions and quick links for
help/feedback.
* **Documentation**
* New "Supabase Agent Plugin" guide describing features, included
components, and one‑click installation UI.
* Navigation updated to include the Supabase Agent Plugin guide under
Getting Started → AI Tools.
* AI skills guide streamlined by removing a specific plugin install
snippet and clarifying agent compatibility.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Updates our documentation pages around the Data API to include
instructions on how to grant the necessary privileges across API roles
across tables and functions. Current behaviour means this is largely
unnecessary as privileges are granted by default on public schema, but
adding instructions will help cover scenarios where this isn't the case
and expose some of the underlying magic happening.
## To test:
- These updates refer to new settings that are added to the data api
that give more visibility and control over what tables and functions are
accessible via the api.
- To view these settings you'll need enable `tableEditorApiAccessToggle
` feature flag
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added a new "Data API" guide and removed the old "Hardening the Data
API" page
* Updated navigation links to surface the new Data API guide
* Expanded quickstarts, SDK install pages, and security guides with
step‑by‑step Data API exposure, default‑privileges, RLS guidance, and
SQL GRANT examples (including function EXECUTE notes)
* Updated troubleshooting references and added redirects for legacy
documentation paths
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: SaxonF <1072756+SaxonF@users.noreply.github.com>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
Implements comprehensive IdP-initiated login flow support, enabling
organizations to configure SSO without email domains and support
multiple SAML apps under the same domain (e.g., Dev/Staging/Prod
environments).
- Add "Enable SP-initiated login" toggle to SSOConfig.tsx
- IdP-initiated flow is now always available (default)
- SP-initiated flow is opt-in with domain requirement
- Clear in-UI documentation explaining both flows
- Make domains optional (only required when SP-initiated enabled)
- Add form validation: domains required only if SP-initiated is ON
- Fix org-switching bug: form now resets when switching organizations
- Add organization.slug to useEffect dependencies
- Prevent stale SSO config data from previous org being displayed
- **IdP-initiated flow**: Users start login from identity provider
dashboard
- No domain configuration required
- Enables multiple SAML apps per domain
- Recommended default for enterprises
- **SP-initiated flow**: Users start login at supabase.com (opt-in)
- Requires email domain configuration
- Maintains backward compatibility
- **Both flows**: Can be enabled simultaneously for flexible access
- Organizations can now create separate SSO providers for
Dev/Staging/Prod
- Each environment = separate SAML app in IdP
- All using same email domain (e.g., company.com)
- Users access via different IdP app tiles
- No domain conflicts or subdomain requirements
- Add 4 pages to SSO sidebar menu in NavigationMenu.constants.ts:
- Understanding Login Flows (existing, now visible)
- Choosing a Login Flow (existing, now visible)
- Multiple SSO Providers (NEW comprehensive guide)
- Testing and Best Practices (existing, now visible)
Create comprehensive guide covering:
- Multi-environment patterns (Dev/Staging/Prod with same domain)
- Team separation, migration, and acquisition scenarios
- Step-by-step setup for domainless providers
- User access management and IDP app assignment strategies
- Configuration synchronization and best practices
- Troubleshooting common multi-provider issues
Major expansion of testing-best-practices.mdx:
- Fix outdated assumptions (domains no longer always required)
- Add comprehensive login flow testing section:
- IdP-initiated testing (no domains)
- SP-initiated testing (with domains)
- Domainless provider testing (multi-environment pattern)
- Enhance auto-join testing with 8 detailed test phases:
- Idempotency testing (no duplicate memberships)
- Domainless configuration testing
- Re-enablement testing (works on every login)
- Add SSO account restrictions testing section
- Add safe provider deletion testing with 4 test scenarios
- Reorganize final checklist into 6 categorized sections
Update azure.mdx, gsuite.mdx, okta.mdx:
- Remove all "(coming soon)" references
- Add guidance recommending IdP-initiated for multi-environment setups
- Clarify domains are optional for IdP-initiated flow
- Link to new Multiple SSO Providers guide
**Domain Handling:**
- Domains now optional in SSO provider configuration
- Backend: `z.array(...).optional().default([])`
- UI: Domains only required when SP-initiated toggle is ON
- Empty array sent to API when SP-initiated disabled
**Login Flow Logic:**
- IdP-initiated: Always available, uses SAML assertion directly
- SP-initiated: Requires domain lookup, opt-in only
- Both flows can coexist with same SSO provider
**Multi-Provider Support:**
- Each provider has unique ACS URL
- No domain conflicts (IdP-initiated doesn't check domains)
- Enables unlimited providers per email domain
- **Simplifies SSO setup**: No domain configuration needed by default
- **Enables multi-environment**: Dev/Staging/Prod under same domain
- **Improves UX**: One-click login from IdP dashboard
- **Maintains compatibility**: SP-initiated still available as opt-in
- **Better documentation**: Comprehensive guides for all scenarios
## UI
### SSO Disabled
<img width="742" height="329" alt="sso-disabled"
src="https://github.com/user-attachments/assets/73387777-181c-4206-9798-36f0d0790e4e"
/>
### SSO Enabled - IdP-inititated (DEFAULT)
<img width="742" height="1059" alt="sso-enabled-idp"
src="https://github.com/user-attachments/assets/c189e08f-7642-4183-8853-dd5150b8a191"
/>
### SSO Enabled - SP-intitiated
<img width="727" height="1366" alt="sso-enabled-sp"
src="https://github.com/user-attachments/assets/be5ad6dc-4803-446b-ae02-9edcbb5f42cd"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added comprehensive guides for SSO login flow selection, testing best
practices, and configuring multiple providers
* Updated provider-specific setup documentation (Okta, Azure, Google
Workspace) with refined workflows and testing recommendations
* **New Features**
* Enhanced SSO configuration interface with SP-initiated login toggle
and improved email domain management for flexible authentication flows
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Stockton <chris.stockton@supabase.io>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
docs update
## What is the current behavior?
Some guidance on deleting objects (and data) with cascading deletes etc
## What is the new behavior?
A guide that covers deleting objects (and data) and the impact that can
have on the DB, as well as ways to mitigate it
## Additional context
Drafted as a similar question about dropping large (>10TB) tables has
been mentioned a few times
---------
Co-authored-by: Jean-Paul Argudo <jean-paul.argudo@supabase.io>
new troubleshooting doc to download complete storage
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added a "Download Objects" guide detailing: downloading from the
Dashboard UI, using the CLI to list/copy objects, connecting with
S3-compatible clients (enable S3, generate keys, use endpoint),
migration scripts for bulk downloads, note on separate file metadata
storage, and links to backup/restore and authentication references.
* **New Features**
* Added a "Download Objects" entry to the docs navigation under Storage
→ Management.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Adds an Astro auth guide
## What is the current behavior?
No such guide
## What is the new behavior?
Adds the guide
<img width="1491" height="485" alt="Screenshot 2026-04-02 at 18 30 07"
src="https://github.com/user-attachments/assets/c76f926d-02b1-4a89-9595-700cf4fcb4e7"
/>
## Additional context
N/A
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added an Astro authentication quickstart covering Supabase setup, SSR
configuration, required env vars, server-side auth flows, email
confirmation handling, and testing the dev flow; includes end-to-end
examples for sign-up, sign-in, sign-out, protected pages, and a
dashboard walkthrough
* **Navigation**
* Added Astro to the Auth "Getting Started" navigation section
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs update to include an Astro Quickstart Guide
## What is the current behavior?
No Astro quickstart guide
## What is the new behavior?
Added the Astro guide
<img width="1385" height="561" alt="Screenshot 2026-04-02 at 15 14 39"
src="https://github.com/user-attachments/assets/e86f64d3-a918-4bd4-8124-b3cb441e1217"
/>
<img width="1" height="1" alt="Screenshot 2026-04-02 at 10 44 32"
src="https://github.com/user-attachments/assets/5f1fbe87-4f4b-4e3d-a292-eca914735c38"
/>
## Additional context
N/A
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added Astro.js to the Getting Started framework list, home page
framework grid, and main navigation under Framework Quickstarts.
* **Documentation**
* Added an Astro quickstart guide: 8-step setup covering project
creation, package installation, server-side configuration, env vars,
example server-side Supabase usage, running the dev server, and links to
next steps.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Jeremias Menichelli <jmenichelli@gmail.com>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Updates verbiage throughout docs to use postgres over postgresql.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated terminology throughout documentation, guides, and resources
for consistent product naming across all user-facing materials,
including page titles, descriptions, and reference documentation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs update — Rewrite the Agent Skills documentation as a single flat
page with a skills table.
## What is the current behavior?
The Agent Skills docs have a nested structure with an index page and
individual dynamic pages for each skill (fetched from the
`supabase/agent-skills` repo). Skills also inject sub-items into the
sidebar navigation.
## What is the new behavior?
This PR replaces the nested skill pages with a single, flat Agent Skills
page that:
- Lists all skills in a **table** with name, description, and a
**copy-to-install button** (fetched dynamically from the
[supabase/agent-skills](https://github.com/supabase/agent-skills) repo)
- Includes **installation commands** for both the skills CLI (`npx
skills add`) and Claude Code plugins
- Links skill names directly to their source on GitHub instead of
rendering full skill content inline
- Removes the dynamic `[slug]` route, sidebar nav injection, and local
skill example files
### Navigation Structure
```
Start
> AI Tools
> Agent Skills (new)
> Prompts (existing)
> Supabase MCP server (existing)
```
Closes
[AI-361](https://linear.app/supabase/issue/AI-361/create-skills-documentation-page-in-ai-tooling-docs)
---------
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Add docs for the custom OAuth & OIDC providers
## Notes
- Pricing to be clarified. Until now, we allow 3 providers per project.
- Dashboard instructions will be updated after dashboard is finalized.
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
*Summary*
- reorganize the navigation menu to highlight modules, consolidate API
security content, and move guide entries (auto-generated docs, type
generation, security topics) to the intended sections
- relocate the Data API hardening and custom claims RBAC guides into the
API subtree, updating internal references and redirects, and fixing
cross-links (including adjusting the Security reference order)
- adjust data API topic references (e.g., securing guide and role
management) to point to the new paths and ensure the helper link
ordering follows the requested layout
*Testing*
- Not run (not requested)
Change 1
<img width="1286" height="576" alt="image"
src="https://github.com/user-attachments/assets/d903e9b0-bbfc-403f-bcb9-eee540e466db"
/>
Change 2
<img width="1176" height="666" alt="image"
src="https://github.com/user-attachments/assets/82b3ea4c-b8d4-4cb9-ad90-6c39c8a1a997"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Reorganized API documentation structure, consolidating REST and
GraphQL API guides under a dedicated API section.
* Moved security-related guides to API documentation paths for better
organization.
* Implemented automatic redirects for old documentation links to new
locations.
* Updated navigation menu to reflect the restructured documentation
layout.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
Adds a guide for the recently introduced recursive/nested function
rate-limits.
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Blog post on using pg_partman instead of TimescaleDB to prepare for the
upcoming deprecation
## What is the current behavior?
## What is the new behavior?
Blog post to include migration information for those using Timescale
## Additional context
Not to be merged until pg_partman is released in 15 and 17 images
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added a comprehensive pg_partman guide covering setup, time- and
integer-based partitioning, maintenance, automation, and resources.
* Added a migration guide for moving from TimescaleDB hypertables to
native PostgreSQL partitioning using pg_partman.
* Updated TimescaleDB docs with migration notes and support guidance.
* **New Features**
* Listed pg_partman in the public extensions reference and added
navigation entries linking to the pg_partman guide and migration guide.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
docs update
## What is the new behavior?
Adds PostgREST mirror codes
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added a comprehensive PostgREST Error Codes guide covering database-
and API-level errors, HTTP status mappings, JSON examples, SQL query
samples, and log-analysis/debugging tips.
* Updated REST API Guides navigation to include the new Error Codes
documentation link.
* **Style**
* Expanded spelling allow-list to include "Grantor" (case variant) and
"SQL".
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
We use the quota term for actual billing quotas, so using "Quota" as a term for configurable Realtime limits is confusing. While there are varying per-plan limits, they are not used for billing. Realtime Quotas on plans refer to Realtime Messages and Realtime Peak Connections
* chore(docs): add python type gen using CLI guide
* chore: use relative URL instead of absolute one
* chore: add python type gen to docs
* fix: change users to movies
* chore: change .ts to .py
* chore: fix syntax
* Prettier
* fix(docs): instantiate client in the example
* Update apps/docs/content/guides/api/rest/generating-python-types.mdx
---------
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
* docs: fix silent 404/build error on SSR guide (missing partial)
* Move file
* Make it possible for server-side doc to act as top level and menu toggle
* Prettier
---------
Co-authored-by: Aymeric Giraudet <neadj59@gmail.com>
* feat: Add Flask quick start
* feat: Add Flask (python) quick start to the menu
* Small changes
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
* feat: Add an Expo quick start
* feat: Add Expo quick start to the side menu
* Add new partials
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
* Delete
* Add redirect and remove menu items from the sidebar
* Remove more
* Tidy redirects
* Revert "Delete"
This reverts commit 4a2726a0a6.
* Redirect
* Reapply "Delete"
This reverts commit 9f92a111ef.
* docs: improve BYOM guide for MCP server deployment and OAuth integration
* fix rebase
* fix pnpm.lock
* docs: clarify MCP guide and example naming
* fix pnpm-lock
* docs: remove basePath from MCP tutorial and example
- Remove misleading comment about Edge Functions routing
- Remove basePath as it's not needed - Edge Functions automatically strip /functions/v1/<functionName> prefix
- Simplify code to just use const app = new Hono()
* docs: clarify --no-verify-jwt flag and authentication options
- Explain that omitting --no-verify-jwt enables JWT verification at Edge Function layer
- Clarify this provides basic protection for internal servers but not full MCP auth
- Update authentication section to be consistent
- Add tip in deployment section about omitting the flag
* fiox format
* PR feedback
* chore: restore pnpm-lock.yaml from master
* docs: improve BYOM guide for MCP server deployment and OAuth integration
* fix tutorial for simple mcp server
* remove authentication section
* fix rebase
* fix pnpm.lock
* add Zod to dictionary
* remove authentication from the beginning
* fix mcp-lite link
* change order of deno.json
* fix mcp-handler
- Move from Audit Trail naming to more explicit "Auth Audit Logs" / "Platform Audit Logs" (we were throwing in the term trails on the pricing page but using logs in dashboard and docs)
- New Platform Audit Logs docs under security
- Moved Platform Audit Logs under Security on pricing page given it is not just for dashboard (previous category), but also for API
- Added tooltips for both on pricing page
Pedro Rodrigues