https://github.com/user-attachments/assets/fba86c42-a122-4eb5-8531-db663d022100
Makes a few style and content changes focused on our quickstarts,
starting with
- docs/guides/getting-started/quickstarts/reactjs
- docs/guides/getting-started/quickstarts/nextjs.
Changes
- Reduced container size and increased x padding for more breathing room
- Adjusted header padding and spacing
- Stripped non critical content from guides
- Merged steps where possible e.g. one sql blocks to run instead of
multiple
- Moved shadcn/supabase ui components into a next step
- Introduced a step for installing agent skills (in future can be
plugin)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated multiple quickstarts to add an **“Open Connect panel”**
primary action for environment-variable setup.
* Removed extra UI CTA partials from several “Query” sections.
* Added **Next steps** links to drop-in UI components and extended the
database flow with an optional **agent skills** step.
* **UI / Guide Layout**
* Refreshed guide spacing/typography (breadcrumb spacing, header
margins, and removed subtitle divider).
* Adjusted guide/table-of-contents sizing and tightened step/details and
code section alignment.
* Updated main layout width and padding for docs pages.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Creating publishable and secret keys adds them alongside the existing
anon and service_role keys without affecting them. Make this explicit in
two places so users don't assume their legacy keys are revoked:
- Add an Admonition note to the API keys guide explaining both key types
work simultaneously and legacy keys must be disabled in a separate step.
- Update the "Create new API keys" dialog in Studio to reassure users
that their existing anon and service_role keys remain valid.
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Summary
- **Documentation**
- Reworked API settings content to recommend client libraries for
auto-generated Data API endpoints, refreshed authentication/URL
guidance, and streamlined API keys messaging.
- Updated shared setup partials and restructured the database quickstart
with clearer dashboard/management API steps and expanded SQL/RLS
snippets.
- Updated multiple framework quickstarts to use consistent section-based
layouts and refreshed environment-variable instructions across guides.
- **Chores**
- Expanded MDX heading-case lint allowlist for common framework names
(Astro, Flask, Node, Rails, TanStack Start).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## How to test
Run the docs site locally:
```bash
pnpm install
pnpm dev:docs # serves on http://localhost:3001
```
Then start with the **Next.js quickstart**, which exercises every change
in this PR:
👉http://localhost:3001/docs/guides/getting-started/quickstarts/nextjs
Verify on that page:
- [ ] **"Get API details"** section now renders **before** the "Declare
environment variables" step, and shows the live **Project URL** +
**publishable key** helper widgets (moved into the shared
`api_settings.mdx` partial).
- [ ] The shadcn/ui **"Explore Components"** CTA appears in the **"Query
data"** section (not up top in the create-app step).
- [ ] The API keys deprecation notice still renders, and there are no
broken/empty partial includes.
### Where to find the rest
All other framework quickstarts got the same treatment and live in the
same folder — just swap the framework slug in the URL:
`http://localhost:3001/docs/guides/getting-started/quickstarts/<framework>`
`reactjs`, `vue`, `nuxtjs`, `astrojs`, `tanstack`, `solidjs`,
`sveltekit`, `expo-react-native`, `flutter`, `kotlin`, `ios-swiftui`,
`flask`, `hono`, `refine`, `redwoodjs`, `ruby-on-rails`
Things that vary by framework (worth a quick spot-check across a
couple):
- **UI CTA** kept only on React-DOM frameworks (Next.js, React,
TanStack, Astro); removed from non-React / React Native (Vue, Nuxt,
SolidJS, SvelteKit, Expo).
- **Mobile guides** (Flutter, Kotlin, iOS SwiftUI): the "Get API
details" partial renders *after* the client-init code block, so the key
helper widgets show below the snippet rather than beside it.
- **Redwood, Hono, Refine, Laravel** Are quite different from the other
quickstarts, so I didn't touch them as much and they need some further
thought.
Because the edited `api_settings.mdx` partial is shared, these
non-quickstart pages also render it and are worth a glance:
- Auth quickstarts:
`/docs/guides/auth/quickstarts/{nextjs,react,react-native,astrojs}`
- `/docs/guides/auth/server-side/creating-a-client`
- `/docs/guides/realtime/getting_started`
- Getting-started setup guides that pull in `project_setup.mdx` /
`kotlin_project_setup.mdx`
---------
Co-authored-by: awaseem <8704380+awaseem@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Miranda Limonczenko <miranda.limonczenko@supabase.io>
Co-authored-by: Jeremias Menichelli <jmenichelli@gmail.com>
Closes DOCS-1057
Contributes to DOCS-1052
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## Problem
We have hundreds of MDX lint warnings in our docs going against style
best practices.
## Solution
Remove and replace in context the following:
- PostgreSQL. There was only one. There was concern about exceptions,
but I found none.
- Just
- Quickly
- Actually
### What changed
Edits follow the [Google developer documentation style
guide](https://developers.google.com/style): concise, direct, active
voice. The flagged words were removed when the sentence still read well,
or replaced when meaning needed to be preserved.
### Common patterns
| Flagged word | Approach | Example |
|---|---|---|
| **just** (filler) | Removed | "you just installed" → "you installed" |
| **just** (limiting) | **only** | "just one row" → "only one row" |
| **just like** | **like** / **the same as** | "function just like
regular users" → "function like regular users" |
| **not just** | **not only** | "not just errors" → "not only errors" |
| **quickly** (performance) | **efficiently** or removed | "find rows
quickly" → "find rows efficiently" |
| **quickly** (time) | **soon** / **rapidly** / removed | "expires too
quickly" → "expires too soon" |
| **actually** (filler) | Removed | "actually execute" → "execute"; "is
actually the most common" → "is the most common" |
## Tophatting
1. See the diff.
2. See that content continues to make sense in context.
3. Locally, `cd apps/docs` and run `pnpm run lint:mdx`.
4. Search for "just," "actually," "quickly", and "PostgreSQL" and see
there are 0 warnings.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated wording across quickstarts, guides, and troubleshooting
articles for grammar, clarity, and consistent step-by-step phrasing.
* Clarified key concepts including Row Level Security policy evaluation
across Supabase products, deferred foreign key constraint behavior, and
when `EXPLAIN ANALYZE` executes queries (and related side effects).
* Refined several troubleshooting instructions and added guidance to cap
log payload size to reduce billed Logs Ingest volume.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Nik Richers <nrichers@gmail.com>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
## I have read the CONTRIBUTING.md file.
YES
## What kind of change does this PR introduce?
Bug fix, docs update
Closes DOCS-353.
## What is the current behavior?
- Linear item: Overhaul Ionic Vue tutorial
- Debug email shown on login page after submit
- Login redirect / route guard issues
- Email missing on account page
- HTML5 `type="url"` blocks profile update for `example.com`
- Tutorial `.env` used `VUE_APP_SUPABASE_KEY` but app expects
`VUE_APP_SUPABASE_PUBLISHABLE_KEY`
## What is the new behavior?
- Removed debug `<p>{{ email }}</p>` from Login.vue
- Route guards in `router/index.ts`; simplified App.vue user sync
- Account email from `getClaims()`; website `type="text"`;
`useIonRouter` for logout
- Store typed as `User | null`
- Tutorial MDX env var fixed
- Audit skills moved to
[supabase/docs-agent-skills](https://github.com/supabase/docs-agent-skills):
[`audit-ionic-vue-tutorial`](https://github.com/supabase/docs-agent-skills/blob/main/.claude/skills/audit-ionic-vue-tutorial/SKILL.md),
[`audit-docs-tutorials`](https://github.com/supabase/docs-agent-skills/blob/main/.claude/skills/audit-docs-tutorials/SKILL.md)
— both require **live Supabase platform** E2E (not just build/lint)
**Tutorial preview:** [Build a User Management App with Ionic
Vue](https://supabase.com/docs/guides/getting-started/tutorials/with-ionic-vue)
## Additional context
- Verification (author): `npm install && npm run build` — **pass**
(warnings only)
- E2E: profiles migration applied to project `moijyfpvgnmgoxvwcikq`; add
`.env` from `.env.example` with publishable key for full auth flow test
### Test plan
- [ ] `cd examples/user-management/ionic-vue-user-management && npm
install && npm run build`
- [ ] Confirm tutorial MDX `.env` uses
`VUE_APP_SUPABASE_PUBLISHABLE_KEY`
- [ ] Copy Project URL + publishable key into `.env`
- [ ] `npm run dev` — login page shows no email after magic-link submit
- [ ] Magic link redirects to `/account`
- [ ] Email displays on account page
- [ ] Update profile with `example.com` and `https://example.com` — both
save
- [ ] Logout returns to `/`; `/account` blocked without auth
- [ ] Install audit skills from
[docs-agent-skills](https://github.com/supabase/docs-agent-skills) (`ln
-sf
~/GitHub/supabase/docs-agent-skills/.claude/skills/audit-ionic-vue-tutorial
~/.claude/skills/audit-ionic-vue-tutorial` and same for
`audit-docs-tutorials`), then run
[audit-ionic-vue-tutorial](https://github.com/supabase/docs-agent-skills/blob/main/.claude/skills/audit-ionic-vue-tutorial/SKILL.md)
platform E2E (magic link, profile update verified via SQL)
- [ ] Run
[audit-docs-tutorials](https://github.com/supabase/docs-agent-skills/blob/main/.claude/skills/audit-docs-tutorials/SKILL.md)
— confirm platform E2E column is filled for with-ionic-vue
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Improved authentication handling in the Ionic Vue user-management
example, with smoother sign-in/sign-out redirects and account access
checks.
* Updated account details to display the user’s email more reliably.
* **Bug Fixes**
* Adjusted navigation so authenticated users are routed to the account
page and unauthenticated users are sent back to the home page.
* **Documentation**
* Updated setup instructions and example environment variables for the
Supabase integration.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Nik Richers <nik@validmind.ai>
Contributes to DOCS-1052
Contributes to DOCS-1057
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Resolves linting warning for "let's" and adds an exception for product
name.
## Tophatting
1. Read the diff and see if changes make sense in context.
2. Run `pnpm lint:mdx`, search for "let's" and see no instances.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated instructional copy across multiple AI, authentication,
database, functions, realtime, storage, and troubleshooting guides to
improve clarity and consistency.
* Replaced conversational phrasing (for example, “Let’s…/Let’s see…”)
with direct imperatives, tightened example lead-ins, and adjusted a few
step explanations for readability.
* Refreshed some tutorial text and code-sample presentation in guides
(no behavioral changes).
* Added/adjusted minor MDX lint guidance in a couple of documents.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Nik Richers <nrichers@gmail.com>
Resolves four docs gaps surfaced in #40985.
The Nuxt SSR example in `creating-a-client.mdx` now uses `getClaims()`
instead of `getUser()`, matching the file's own guidance at `:253`. The
SvelteKit tutorial drops a stale `event.locals.safeGetSession` reference
whose linked `app.d.ts` no longer declares one. The Nuxt and SolidJS
tutorials each gain a new server-route section using `@supabase/server`
(h3 adapter for Nuxt, `createSupabaseContext` for SolidStart),
addressing the original complaint that those tutorials had no server
setup at all.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Enhanced Nuxt 3 getting-started tutorial with new guidance on adding
server routes, validating auth sessions, and using Supabase middleware
for protected (and optional public) endpoints.
* Updated the Nuxt Server route Supabase SSR example to validate
authentication using token claims during server-side refresh.
* Added a SolidJS → SolidStart SSR/API migration section, including an
example protected profile route and how to make it public.
* Refined SvelteKit tutorial wording around TypeScript-related session
handling and updated terminology.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Contributes to DOCS-1052
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Resolves MDX linting errors related to "simple" where it applies.
There was a couple cases that did not apply. For example, a product with
"Simple" in the name.
These changes are made in context, either by removing or using a more
descriptive synonym like "minimal" or "basic".
## Tophatting
1. Read each of the diffs.
2. See that the text still makes sense in context.
For extra due diligence, you can run `pnpm lint:mdx` locally and see the
'simple' errors that remain and whether they are worth addressing.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Summary by CodeRabbit
* **Documentation**
* Updated many guide, tutorial, and troubleshooting pages with clearer
“basic”/“minimal” wording across setup steps, local testing
instructions, security cautions, and RLS guidance.
* Refined headings, example descriptions, and inline comments for
consistency (including deployment, MCP, metrics API, and search/function
phrasing).
* Improved readability with small snippet formatting tweaks (whitespace
plus import/comment ordering) and added a self-hosting debugging note
for Envoy admin endpoints via a short-lived `curl` container.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: Nik Richers <nrichers@gmail.com>
A handful of code samples in the guides either don't run or contradict
the surrounding text. I found these reading through the docs.
- `database/debugging-performance`: `insert into books` targets a table
that's never created. The table made just above is `instruments`.
- `database/drizzle`: the `db.ts` snippet references an undefined
`host`. The variable in scope is `connectionString`.
- `database/postgres/column-level-security`: the `create table` is
missing a comma after `created_at ... now()`, so it won't parse.
- `database/postgres/first-row-in-group`: `distinct on (team)` with
`order by id, ...` is rejected by Postgres (the DISTINCT ON column has
to lead the ORDER BY). Ordered by `team, points desc` so it returns one
row per team.
- `database/postgres/data-deletion`: reversed markdown link
`(text)[url]`, plus "parititioning" misspelled.
- `database/extensions/pg_plan_filter`: prose says
`statement_cost_filter`, but the real parameter (used everywhere else in
the file) is `statement_cost_limit`.
- `auth/auth-hooks/mfa-verification-hook`: the insert and on-conflict
update use `last_refreshed_at`, but the table column is
`last_failed_at`.
- `telemetry/advanced-log-filtering`: the "ends with" example writes
`'$port=12345'`. The `$` anchor needs to come after the literal:
`'port=12345$'`.
- `ai/examples/headless-vector-search`: uses `${projectURL}` but the
const is `projectUrl`.
- `getting-started/quickstarts/redwoodjs`: prose says
`scripts/seeds.ts`, but the code block and Redwood use
`scripts/seed.ts`.
- `getting-started/tutorials/with-flutter`: two code-fence headers have
a stray trailing `"`.
- `local-development/cli/testing-and-linting`: stray backtick in "Edge`
Functions".
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Corrected code examples across multiple guides including vector
search, authentication hooks, database guides, and quickstarts
* Fixed SQL syntax errors, variable names, and table references in
example snippets
* Resolved typos, broken links, and formatting inconsistencies in guide
text
* Clarified parameter names and script references in documentation
* Updated code fence syntax in tutorials for proper rendering
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES/
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Documentation
* Updated project variables guidance to include publishable and secret
keys alongside existing options.
* Updated code examples across multiple frameworks to use publishable
keys instead of anon keys.
* Updated tool descriptions to reflect publishable key terminology.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Consolidated API key deprecation guidance into a reusable notice for
consistent messaging across docs. Announces deprecation of legacy
anon/service_role JWT-secret keys by end of 2026, instructs switching to
sb_publishable_xxx / sb_secret_xxx, and provides steps to locate and
copy both new and legacy keys. Applied across auth, getting-started,
API, and realtime guides.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: fadymak <dev@fadymak.com>
## What
Adds a getting-started guide for migrating an existing project from the
legacy JWT-based `anon` and `service_role` keys to the new publishable
(`sb_publishable_...`) and secret (`sb_secret_...`) keys.
The guide walks through the migration step by step:
- **Before you start** — maps legacy keys to their replacements.
- **Step 1** — create the new `default` keys.
- **Step 2 / 3** — swap the publishable key in client code and the
secret key in backend code.
- **Database Webhooks and `pg_net`** — move the key from the
`Authorization: Bearer` header to the `apikey` header (the new keys
aren't JWTs and are rejected on `Authorization`), with a Vault note for
not inlining secrets.
- **Step 4** — update Edge Functions, with two options: read the new env
vars (`SUPABASE_PUBLISHABLE_KEYS` / `SUPABASE_SECRET_KEYS`) and set
`verify_jwt = false`, or adopt the `@supabase/server` SDK.
- **Step 5 / 6** — verify nothing uses the legacy keys, then deactivate
them (reversible).
- **Next steps** — clarifies that JWT signing keys are a separate,
independent migration.
## Notes
While writing this we found Studio issues to fix separately (the Invoke
Function cURL snippet and the Database Webhooks editor both put the new
keys on the `Authorization` header).
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added a comprehensive migration guide for moving from legacy JWT-based
API keys to the new publishable and secret keys with zero‑downtime
steps, verification, limitations, and next steps.
* Clarified API key behavior and recommended migration actions in the
getting‑started docs.
* Added a navigation entry linking to the new migration guide.
* **Style**
* Relaxed documentation lint rules to allow expected wording/phrases
(e.g., "backends", "Database Webhooks").
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
## What kind of change does this PR introduce?
Feature / abuse-prevention update. Resolves DEPR-198.
## What is the current behaviour?
Free projects using Supabase's built-in email service can edit raw Auth
email template subjects and HTML in Studio. That is the risky cohort
this project is trying to constrain.
## What is the new behaviour?
### Template editing restrictions
For free projects using Supabase's built-in email service, Studio keeps
Auth email templates viewable and previewable but disables subject/body
editing and saving. Editing is unlocked by setting up Custom SMTP,
configuring a send-email hook, or upgrading to a paid plan.
**Grandfathering:** projects created before `2026-06-01T00:00:00Z` (the
platform enforcement cutoff) are exempt; their editing UI stays
unlocked. This mirrors `FREE_TIER_TEMPLATE_BLOCK_CUTOFF_DATE` in the
platform PR exactly.
| After |
| --- |
| <img width="1024" height="759" alt="Emails Authentication Fizz Test
Supabase-173BB09B-0FB9-4133-8202-9E310DDB347A"
src="https://github.com/user-attachments/assets/c966212d-ed0c-443b-8197-440cc2937ef6"
/> |
| <img width="1024" height="759" alt="Emails Authentication Fizz Test
Supabase-CD5845EB-0E45-4779-8989-44E775B2411A"
src="https://github.com/user-attachments/assets/055a64d6-b5e8-4d37-a261-6e280f04536a"
/> |
### Warning dialogs on transitions that reset templates
Two flows now surface a warning before the user commits to a state
change that resets their custom email templates to defaults:
1. **Disabling custom SMTP** (SMTP settings page): a confirmation dialog
warns that templates will be reset to defaults and the email rate limit
reduced to 2 per hour. On confirm, Studio resets all 13 templates via
the existing per-template reset endpoint (`Promise.allSettled`). The
"won't be able to edit" sentence is shown only for post-cutoff projects;
grandfathered projects skip it. The corresponding server-side
enforcement is in the Platform PR:
https://github.com/supabase/platform/pull/33129
2. **Downgrading to the Free plan** (billing settings): an admonition in
the existing downgrade confirmation modal warns that custom templates
will be reset to defaults and won't be editable without custom SMTP. The
admonition is shown only when the org has at least one post-cutoff
project; orgs whose projects are all grandfathered skip it.
| Custom SMTP | Downgrading |
| --- | --- |
| <img width="862" height="586" alt="66764"
src="https://github.com/user-attachments/assets/6470c8a6-2f79-40a5-ad3b-bfe5b0ba9c54"
/> | <img width="1268" height="1552" alt="CleanShot 2026-05-22 at 17 28
37@2x-FEB1901E-38E6-42DF-8C27-0A036D8A1B94"
src="https://github.com/user-attachments/assets/e8caa9e6-c3ed-4787-b771-af77a43eb854"
/> |
### Informational admonition when enabling SMTP
When a user enables custom SMTP for the first time, a sandwiched
admonition above the save footer informs them that the email rate limit
will be increased to 30 per hour and can be adjusted.
_This is just a minor cosmetic change, unrelated to the email template
disabling. Sorry._
| Before | After |
| --- | --- |
| <img width="1024" height="759" alt="Emails Authentication Chisel
Toolshed Supabase-54317D18-803C-4A58-8211-2359355D083B"
src="https://github.com/user-attachments/assets/29eff649-02dc-40f3-a379-0b4d484a76c7"
/> | <img width="1024" height="759" alt="Emails Authentication Chisel
Toolshed Supabase-9E12399E-E9FB-4F9A-B029-A08008EA4B50"
src="https://github.com/user-attachments/assets/e542ed86-4da6-407e-8293-0f4c0f071e18"
/> |
## How to test
All existing projects pre-date the enforcement cutoff
(`2026-06-01T00:00:00Z`) and are grandfathered, so the restriction UI
won't appear by default. To force the restricted state locally,
back-date the cutoff in one file:
In
`apps/studio/components/interfaces/Auth/EmailTemplates/EmailTemplates.utils.ts`,
temporarily change:
```ts
export const FREE_TIER_TEMPLATE_BLOCK_CUTOFF_DATE = '2026-06-01T00:00:00Z'
```
to:
```ts
export const FREE_TIER_TEMPLATE_BLOCK_CUTOFF_DATE = '2025-01-01T00:00:00Z'
```
Revert before committing. With the cutoff back-dated, use a free-plan
project and:
- **Template restriction + admonition:** navigate to Authentication >
Emails with no custom SMTP configured. Subject/body fields should be
read-only and the "Set up SMTP" admonition should appear, with its
dropdown offering upgrade and send-email hook options.
- **SMTP disable warning:** enable custom SMTP on a project, then
disable it via Authentication > SMTP Settings. The confirmation dialog
should warn that templates will reset to defaults and that editing will
be restricted after disabling.
- **Downgrade warning:** in billing settings, initiate a downgrade to
the Free plan. The downgrade modal should include an admonition warning
about template reset and restricted editing (only if the org has at
least one post-cutoff project).
## Additional context
The default Auth email template copy was also improved across docs,
examples, and UI library snippets (separate prior commits).
The per-template reset button (`ResetTemplateDialog`) was migrated to
the async `AlertDialogAction` pattern introduced in #45960; the dialog
stays open and shows a loading state while the reset is in-flight,
closes on success, and stays open on error.
Closes PRODSEC-183
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Co-authored-by: Stephen Morgan <stephen@doublethink.co.nz>
## What kind of change does this PR introduce?
Docs update. Related to DEPR-551.
## What is the current behavior?
Docs MDX still uses the legacy `label` prop for Admonitions, even though
#45618 added `title` and kept `label` only as a backwards-compatible
alias after #45302 was reverted in #45535.
## What is the new behavior?
Migrates Docs-owned Admonitions from `label=` to `title=` without
changing rendered copy, component APIs, Studio callsites, design-system
examples, or the legacy `label` alias.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Standardized admonition headings across the docs by switching how
admonition headings are provided (preserving all visible guidance and
examples). Content and instructions remain unchanged; this ensures
consistent rendering of callouts and improves uniformity across guides
and reference pages.
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46053?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added an "AI Tools" guides section with landing, overview, and
troubleshooting pages; guides render from Markdown.
* **Documentation**
* New AI Tools guides: local development, Quickstart, CLI overview,
troubleshooting, and detailed overview pages.
* **Chores**
* Site navigation updated to include an AI Tools entry and renamed
subsection to "AI"; added permanent redirects from prior Getting Started
AI URLs to the new AI Tools locations.
* **Bug Fixes**
* Updated internal guide links so AI prompt pages point to the new AI
Tools paths.
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45795)
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Greg Richardson <greg.nmr@gmail.com>
## Summary
Renames the docs page title, sidebar label, description, and body text
from **"Supabase Agent Plugin"** to **"Supabase Plugin for AI coding
Agents"** across `plugins.mdx`, `ai-skills.mdx`, `mcp.mdx`, and the
navigation constants
More context in this [Slack
thread](https://supabase.slack.com/archives/C0254JUR2DU/p1778165488699219)
Close
[AI-710](https://linear.app/supabase/issue/AI-710/rename-supabase-agent-plugin-docs-title)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Renamed the AI tool throughout docs and navigation to "Supabase Plugin
for AI Coding Agents" (previously "Supabase Agent Plugin").
* Updated getting-started and plugin pages, installation guidance, and
sidebar labels to use the new name while preserving existing links and
instructions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
## I have read the CONTRIBUTING.md file.
YES
## What kind of change does this PR introduce?
Docs update
## What is the current behavior?
- The React quickstart example does not handle errors when fetching
data.
- The local development guide uses inconsistent capitalization for
"docker".
## What is the new behavior?
- Adds basic error handling (`error` check) in the React quickstart
example to improve reliability.
- Fixes capitalization from "docker" → "Docker" for consistency with
official naming.
## Additional context
These are small improvements to enhance clarity and developer experience
in the docs.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Enhanced React quickstart guide with error handling for database
queries to prevent invalid data processing
* Corrected capitalization in local development guide
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
- Adds a note explaining that skills install at **project scope by
default** (committed to git, shared with team and cloud agents) and that
`--global` installs across all projects
- Mentions `--all` for users who work across multiple AI agents
- Cross-links the [Supabase agent
plugin](/docs/guides/getting-started/plugins) from both the agent skills
and MCP docs for users who want the MCP server and skills in a single
install
Closes
[AI-672](https://linear.app/supabase/issue/AI-672/add-other-plugins-to-docs-with-clearer-project-vs-global-level)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated AI skills installation guide with detailed instructions for
project-scoped, global, and multi-agent installation options
* Enhanced MCP setup guide with recommendation to install the Supabase
agent plugin for streamlined configuration
* Added direct link to the skills npm package for improved resource
accessibility
* Refined compatibility information in AI skills guide
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Jeremias Menichelli <jmenichelli@gmail.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Clarified API key changes (new publishable/secret scheme, where to
obtain each, legacy keys valid through end of 2026) and updated many
getting-started tutorials with clearer setup, flow, and auth guidance.
* **New Features**
* Added/expanded profile photo/avatar upload and account integration
steps across multiple tutorials.
* **Guides**
* Added guidance on auth helper methods and when to use them.
* **Examples**
* Example app updated to use token claims for auth state.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Katerina Skroumpelou <mandarini@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
## Summary
- Adds a new `/guides/getting-started/plugins` docs page with an
`AgentPluginsPanel` component
- Per-client install instructions for Claude Code, Codex, Cursor, and
Gemini CLI
- Adds the page to the navigation under AI Tools
- Removes the Claude Code plugin subsection from the AI Skills page (now
covered here)
Closes
[AI-690](https://linear.app/supabase/issue/AI-690/agent-plugins-documentation)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Interactive plugin installation panel to choose from multiple AI
coding agents with agent-specific setup instructions and quick links for
help/feedback.
* **Documentation**
* New "Supabase Agent Plugin" guide describing features, included
components, and one‑click installation UI.
* Navigation updated to include the Supabase Agent Plugin guide under
Getting Started → AI Tools.
* AI skills guide streamlined by removing a specific plugin install
snippet and clarifying agent compatibility.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This PR migrates the whole monorepo to use Tailwind v4:
- Removed `@tailwindcss/container-queries` plugin since it's included by
default in v4,
- Bump all instances of Tailwind to v4. Made minimal changes to the
shared config to remove non-supported features (`alpha` mentions),
- Migrate all apps to be compatible with v4 configs,
- Fix the `typography.css` import in 3 apps,
- Add missing rules which were included by default in v3,
- Run `pnpm dlx @tailwindcss/upgrade` on all apps, which renames a lot
of classes
- Rename all misnamed classes according to
https://tailwindcss.com/docs/upgrade-guide#renamed-utilities in all
apps.
---------
Co-authored-by: Jordi Enric <jordi.err@gmail.com>
Fixes the same duplicate-word typo ("support support") in two quickstart
guides:
- `apps/docs/content/guides/auth/quickstarts/react.mdx`
- `apps/docs/content/guides/getting-started/tutorials/with-nextjs.mdx`
Both occurrences are in the "Customize email template" / "Email
template" sections:
> Before proceeding, change the email template to support ~~support~~ a
server-side authentication flow that sends a token hash:
Pure docs typo fix — no functional changes.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Corrected typographical errors in authentication guides to improve
clarity and readability.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs - [React Native Expo user management
guide](https://supabase.com/docs/guides/getting-started/tutorials/with-expo-react-native)
## What is the new behavior?
Guide has been updated to be in line with #42269
- Removing `@rneui/themed` package and using native components.
- Update guide screenshot.
- Main stylesheet for the example.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Documentation
- Updated Expo React Native tutorial with modernized component approach
using React Native primitives and centralized styling patterns.
- Simplified codebase examples with consistent formatting and improved
maintainability.
- Core functionality preserved with updated implementation patterns.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs update, fix the link to example prompts directory
## What is the current behavior?
It redirected to a non existent url:
https://supabase.com/guides/getting-started/ai-prompts
## What is the new behavior?
Redirects to the prompt directory.
## Additional context
N/A
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Fixed the "AI Prompts" link in the MCP getting-started guide to point
to the correct documentation resources page.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs update to include an Astro Quickstart Guide
## What is the current behavior?
No Astro quickstart guide
## What is the new behavior?
Added the Astro guide
<img width="1385" height="561" alt="Screenshot 2026-04-02 at 15 14 39"
src="https://github.com/user-attachments/assets/e86f64d3-a918-4bd4-8124-b3cb441e1217"
/>
<img width="1" height="1" alt="Screenshot 2026-04-02 at 10 44 32"
src="https://github.com/user-attachments/assets/5f1fbe87-4f4b-4e3d-a292-eca914735c38"
/>
## Additional context
N/A
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added Astro.js to the Getting Started framework list, home page
framework grid, and main navigation under Framework Quickstarts.
* **Documentation**
* Added an Astro quickstart guide: 8-step setup covering project
creation, package installation, server-side configuration, env vars,
example server-side Supabase usage, running the dev server, and links to
next steps.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Jeremias Menichelli <jmenichelli@gmail.com>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Updates verbiage throughout docs to use postgres over postgresql.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated terminology throughout documentation, guides, and resources
for consistent product naming across all user-facing materials,
including page titles, descriptions, and reference documentation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated all quickstart guides and tutorials to reference publishable
keys instead of anon keys for Supabase client initialization.
* Simplified environment variable setup instructions across multiple
framework guides by removing anon key configuration requirements.
* Clarified usage of publishable keys in step-by-step setup
documentation for various frameworks and platforms.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: fadymak <dev@fadymak.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs update — Rewrite the Agent Skills documentation as a single flat
page with a skills table.
## What is the current behavior?
The Agent Skills docs have a nested structure with an index page and
individual dynamic pages for each skill (fetched from the
`supabase/agent-skills` repo). Skills also inject sub-items into the
sidebar navigation.
## What is the new behavior?
This PR replaces the nested skill pages with a single, flat Agent Skills
page that:
- Lists all skills in a **table** with name, description, and a
**copy-to-install button** (fetched dynamically from the
[supabase/agent-skills](https://github.com/supabase/agent-skills) repo)
- Includes **installation commands** for both the skills CLI (`npx
skills add`) and Claude Code plugins
- Links skill names directly to their source on GitHub instead of
rendering full skill content inline
- Removes the dynamic `[slug]` route, sidebar nav injection, and local
skill example files
### Navigation Structure
```
Start
> AI Tools
> Agent Skills (new)
> Prompts (existing)
> Supabase MCP server (existing)
```
Closes
[AI-361](https://linear.app/supabase/issue/AI-361/create-skills-documentation-page-in-ai-tooling-docs)
---------
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
A content/data fix: correcting stale feature metadata on the marketing
features page and docs feature status table.
## What is the current behavior?
Several features in features.tsx (supabase.com/features) have incorrect
stage or self-hosted availability values that are out of sync with docs.
## What is the new behavior?
branching
- stage updated to Beta
vault
- stage updated to Public Alpha
jwt-signing-keys
- availableOnSelfHosted set to true
persistent-storage
- docs URL corrected to /guides/functions/ephemeral-storage
- env var names corrected to S3FS_ACCESS_KEY_ID, S3FS_SECRET_ACCESS_KEY,
S3FS_REGION, S3FS_ENDPOINT_URL
features.mdx
- PrivateLink row added to the Platform section (beta, N/A for
self-hosted)
mcp-server
- removed "upcoming" from OAuth benefit (OAuth is now live), updated PAT
FAQ (OAuth is now default, PAT only needed for CI/CD), updated
self-hosted FAQ (self-hosted is supported via
/guides/self-hosting/enable-mcp)
## Additional context
N/A
---------
Co-authored-by: Ana Mogul <ana1337x@users.noreply.github.com>
## What kind of change does this PR introduce?
Documentation update
## What is the current behavior?
The Refine tutorial uses `supabaseClient.auth.getSession()` in the
`authProvider.check` method to verify authentication. `getSession` is
deprecated and not recommended for auth verification.
## What is the new behavior?
Replaced `getSession()` with `getClaims()` which reads claims from the
locally cached JWT. This is the recommended approach as mentioned in the
issue.
## Files changed
- `apps/docs/content/guides/getting-started/tutorials/with-refine.mdx` —
Updated `check` method in the authProvider code example
-
`examples/user-management/refine-user-management/src/providers/auth-provider.ts`
— Updated the corresponding example code to match
Closes#42193
---------
Co-authored-by: gorillaworkout <bayudarmawan215@gmail.com>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
I modified previous webinars to include the following:
- A YouTube embed of the recording
- New "Watch the Recording" CTA buttons
- New slug for the go page `/vibe-coding-done-right-webinar`
---------
Co-authored-by: Alan Daniel <stylesshjs@gmail.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Fixes#42192
Replaces the deprecated `getSession` call with `getClaims` in the
SolidJS tutorial documentation (`with-solidjs.mdx`).
Changes:
- `supabase.auth.getSession()` → `supabase.auth.getClaims()`
- `data.session` → `data.claims`
This follows the recommended migration pattern per the Supabase auth
docs, and is consistent with the same fix applied to the Refine tutorial
in #43006.
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
New Go landing page for the upcoming Bolt webinar. This is where we will
direct customers who want to learn more to go to request a meeting.
---------
Co-authored-by: Alan Daniel <stylesshjs@gmail.com>
Adds more MCP docs on which tools, features, options, etc are available
on the Supabase MCP server. Currently these only live in the [repo
README](https://github.com/supabase-community/supabase-mcp), so this
adds them to the official docs which many folks land on first.
### Preview
https://docs-git-docs-mcp-tools-and-options-supabase.vercel.app/docs/guides/getting-started/mcp
Resolves AI-357
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added an "Available tools" section documenting MCP tool groups and
their available commands
* Updated internal documentation anchors to improve navigation between
related configuration topics
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Simplified React getting-started tutorial: concise, action-oriented
steps, inline code replaced by external sample references, removed the
Bonus: Profile photos section, and expanded README guidance and setup
steps.
* **Examples**
* User-management example converted to a user-focused auth flow with
safer unmount handling, adjusted profile/account interactions, and
updated sample references.
* **Chores**
* Upgraded example dependencies and tooling to align with newer React
and ecosystem versions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Clarified React Native and Angular auth guides with improved
environment setup and JWT validation guidance.
* **New Features**
* Added a React Native environment template for quickstart.
* Example app now uses JWT claims for user state and display.
* **Chores**
* Replaced UI library components with native React Native components for
compatibility.
* Updated package configuration and dependency versions.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->