## Details of change
Re-lands DATAENG-1468 (docs page feedback to Postgres) with an
**insert-only** design that avoids the cross-project auth issue that
caused the prior revert.
- New insert-only `feedback_comments` table: anon `insert` policy only
(no select/update/delete). Columns: `page`, `vote`, `title`, `comment`,
`user_id`, `metadata`.
- The docs widget writes the free-text comment to `feedback_comments`
via the **anon key**. The votes `feedback` table is untouched (one row
per vote).
- No user token is sent to the content project anymore (that was the
cause of the previous failure): the feedback client uses the anon key
only.
- The commenter's account user id (gotrue UUID) is read client-side from
the session and stored as a plain `user_id` column for attribution
(comments are logged-in-only). Org/project association is derived
downstream in BigQuery via that id; docs pages aren't project-scoped, so
there's no project_ref/org to capture here.
- Removed the previous update-by-id approach, the per-user RLS policies,
and the obsolete unit test.
## Why the previous version was reverted
It authenticated feedback writes with the supabase.com account session
token, but the requests target the docs content project
(`xguihxuzqibwxjnimxev`), which cannot verify that token. Logged-in
users got `PGRST301 / JWSInvalidSignature`. This version removes the
user token entirely, so writes succeed for everyone.
## Verification
Insert-only RLS means a row can be written but not read/updated/deleted
by `anon`. Comments retrievable with `where comment is not null` is not
needed (separate table); just query `feedback_comments`.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* The feedback form now captures a vote rating along with an optional
title and detailed comments, saving richer context for review.
* **Refactor**
* Feedback submission has been streamlined to write directly to the
database for both vote and comment submissions.
* **Maintenance**
* Updated the feedback data typings to support the new title, comment,
user, page, and vote fields via the new feedback comments storage.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Reverts supabase/supabase#46941
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **New Features**
* Feedback is now automatically routed to the appropriate documentation
team based on the section being viewed.
* **Improvements**
* Streamlined feedback submission process—votes and comments are now
collected more efficiently in a single submission.
* Enhanced feedback data handling and organization for better team
collaboration.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## What
- Route docs page feedback **comments** to Postgres instead of `POST
/platform/feedback/docs` (which created duplicate Linear issues); the
👍/👎 vote is unchanged
- Store the comment on the **existing `feedback` row**: add `user_id` /
`title` / `comment`; submitting a comment updates the vote row the user
just created
- Capture the real `user_id` (`default auth.uid()`) so feedback is tied
to the user
- Owner-scoped RLS — `select`/`update` for authenticated users where
`user_id = auth.uid()`; anonymous votes stay insert-only
- Linear issues still get created, now via the data pipeline instead of
directly from the UI
## Linear
[DATAENG-1468](https://linear.app/supabase/issue/DATAENG-1468)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Feedback follow-ups now support saving a detailed title and comment,
tied to the signed-in user.
* **Bug Fixes**
* Follow-up submissions are now persisted in Supabase, ensuring the vote
and later details stay consistent for logged-in users.
* **Tests**
* Added coverage for updating a feedback entry’s title and comment.
* **Chores**
* Removed the previous feedback submission endpoint/mutation flow in
favor of a Supabase update-based approach.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* feat(docs): fetch conn string
Add option to ProjectConfigVariables to fetch the Supavisor session mode connection string, for setting up MCP server
* docs(mcp): reminder to replace password placeholder in connection string
* fix: display helpful message if project paused
---------
Co-authored-by: Greg Richardson <greg.nmr@gmail.com>
* fix: response error codes
* upgrade docs
* remove request url modification middleware
* move api routes for self-hosted to platform folder
* remove some lib/common/fetch usage
* docs: use middleware for openapi-fetch (#30600)
Get rid of the unauthedAllowedPost function (I don't think there's any harm in letting any requests that require authentication to just 403, they should be disabled at the React Query level and if not they will fail gracefully enough...)
* fix local count query
* add default values for clone mutation
* fix ts and codegen
* add missing lodash dep to playwright tests
* Fix the playwright tests to match the new folder structure for selfhosted variant.
* remove unused import
* Remove unused state
* remove unused sql debug mutation
* remove unused export
* fix notifications query
* fix jwt updating status
* fix typescript
* save sql snippet after renaming
* update codegen & fix ts error
* override array querySerializer
---------
Co-authored-by: Charis <26616127+charislam@users.noreply.github.com>
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
* Update telemetry calls for docs to support PH
* Update telemetry calls for www to support PH
* Add ts ignore
* Remove use of useRouter for docs
* Add credentials include for www and docs for telemetry calls
* Update TELEMETRY_CONSENT in common for www and docs to reset telemetry opt in preference
* Update common telemetry to use new endpoint and payload, and trigger reset request when opting out of telemetry from ui patterns PrigacySettings
* Fix
* Fix
* Fix
* Fix build issue in docs
* Fix build issue in docs
* I hope this fixes the build issues
* once more...
* Fix
* Add credentials include
* Fix
The endpoint may successfully return data that isn't valid as a project API endpoint/anon key. I added a check to make sure the endpoint exists and the anon key isn't a known error string before displaying it.
Add a docs feedback widget to allow upvoting and downvoting pages.
Votes (completely anonymized, barely more than a counter) go to a database in the main supabase-com project. If the user has accepted telemetry, the votes also go to Logflare with a bit more info. Post-vote, logged-in users can leave a comment, which goes to the `platform/feedback/send` endpoint. There is a warning in the feedback modal that the feedback is not anonymous.
**feat:** adds a component to display API endpoints and anon keys in docs if user is authenticated
makes the getting started UX smoother so users don't have to jump back and forth between docs and trying to find their keys in dashboard
**out of scope:** it would be very cool to display these directly in the code blocks. I looked into it and it would require quite a bit of work forking and modifying code-hike, so out of scope for now
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
Taha Le Bras