Commit Graph

5680 Commits

Author SHA1 Message Date
SaxonF f3369a45f5 [create-pull-request] automated change 2026-07-07 23:16:25 +00:00
Pedro Rodrigues c4c213ce3d feat(studio): switch dashboard assistant to remote MCP server (#47479)
## I have read the
[CONTRIBUTING.md](<https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md>)
file.

YES

## What kind of change does this PR introduce?

Feature / refactor.

## What is the current behavior?

The dashboard assistant runs `@supabase/mcp-server-supabase` in-process
over an in-memory transport (`lib/ai/supabase-mcp.ts`).

## What is the new behavior?

The assistant connects to the **remote MCP server** over HTTP
(`@ai-sdk/mcp`), forwarding the dashboard session token as a bearer. URL
comes from `NEXT_PUBLIC_MCP_URL` with a local-dev fallback;
platform-only, and Nimbus works via the same env var.

* **Tool model unchanged:** UI-controlled `execute_sql` (with
`needsApproval`) and `deploy_edge_function` still come from Studio; the
allowlist (`TOOL_CATEGORY_MAP`) remains the gate keeping the remote's
write tools away from the assistant (`read_only` is defense-in-depth).
* **Attribution:** sends `x-source-name: supabase-studio` (+
`x-source-version`) → logged as `source_name`/`client_name`.
* **Connection lifecycle:** the HTTP client is closed via the request's
`AbortSignal` (tools execute later during streaming); `signal` is
required on `getTools`/`getMcpTools`.
* **Resilience:** a remote-MCP failure degrades to the remaining tools
instead of failing the assistant.
* **Drift protection:** relied-upon tools are typed against `keyof
typeof supabaseMcpToolSchemas`, so a package bump that renames/removes
one fails `pnpm typecheck`; a runtime check also warns if the deployed
server returns fewer tools.
* Adds unit tests for the above.

## Additional context

* Verified end-to-end against a local remote MCP server with a dashboard
token: `initialize` 200, tools listed, a tool executed, client closed
cleanly.
* The remote MCP (mgmt-api) already accepts dashboard session tokens
(GoTrue-JWT auth path) — no backend change needed. `NEXT_PUBLIC_MCP_URL`
must point at each env's `/mcp`.
* `@supabase/mcp-server-supabase` is kept — still used by the
self-hosted `/api/mcp` routes.

Closes
[AI-137](https://linear.app/supabase/issue/AI-137/switch-dashboard-assistant-to-remote-mcp)

## Rollout

* **Rollout:** merges with `USE_REMOTE_MCP` off (in-process); flip it to
`true` per environment (staging → prod → Nimbus) once each one's
prerequisites land.
* **Rollback:** unset `USE_REMOTE_MCP` and redeploy to fall back to the
in-process client — no revert needed.

## Summary by CodeRabbit

* **Bug Fixes**
* Improved AI request handling so tool loading and generation clean up
properly when a request is cancelled or the browser connection closes.
* Added safer fallback behavior when remote tool loading fails, so AI
features can continue with available tools instead of stopping entirely.
* Updated remote tool access to use the current project reference and
preserve the correct access headers.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* AI tools now connect more reliably to remote services and stop cleanly
when requests end or are canceled.
* Tool loading is more resilient, continuing with available tools if
remote access is unavailable.

* **Bug Fixes**
* Improved cleanup to prevent lingering connections during SQL
generation and policy workflows.
  * Added safer handling for remote tool changes and invalid responses.

* **Tests**
* Expanded automated coverage for remote tool setup, cancellation, and
fallback behavior.


<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-07 19:38:21 +01:00
Danny White 5dc054ae8f feat(studio): warn in Connect sheet when Data API is disabled (#47537)
## What kind of change does this PR introduce?

Feature. Resolves DEPR-599.

## What is the current behavior?

When the Data API is disabled (PostgREST has no exposed schemas), the
Connect sheet still shows client-library setup steps for Framework and
MCP modes without indicating that database queries will fail.

## What is the new behavior?

When database access via the Connect instructions requires PostgREST, an
inline warning appears above the steps (setup instructions remain
visible):

- **Framework**: warns when Data API is off; install, env vars, and
auth/SSR setup still work
- **MCP**: warns only when Database tools apply (selected explicitly, or
by default when no feature filter is set)

The warning fails open if PostgREST config cannot be loaded, and links
to Data API settings via an "Enable Data API" CTA.

| After |
| --- |
| <img width="1664" height="718" alt="CleanShot 2026-07-02 at 21 29
16@2x"
src="https://github.com/user-attachments/assets/80d21927-c4dd-4158-8946-bf648b95e451"
/>|

## Additional context

- Gating logic lives in `ConnectStepsSection.utils.ts` with unit tests
- Out of scope: warning when Data API is on but zero tables/schemas are
exposed
- Coexists with the upcoming warehouse branch's catalog warning — that
lives in a separate `WarehouseCatalogPanel` for `catalog` mode only

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Connection setup now checks Data API enablement and conditionally
shows a “Data API disabled” warning, including an action to open Data
API settings.
* **Bug Fixes**
* Warning logic now more accurately reflects the selected connection
mode and chosen feature/tool selections.
* **Tests**
* Added a focused test suite covering the Data API configuration
decision rules and when the warning should appear.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-07 18:05:19 +00:00
Gildas Garcia 468aeb062e fix: add a skip to main content link in default layout (#47694)
## Problem

Screen reader and keyboard users have no way to skip the header and
sidepanel navbar so they have to manually tab through every items before
accessing the actual main page items.

## Solution

Add a _Skip to content_ link for them

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added a “Skip to content” link to help users jump directly to the main
page area.
* Updated the main content wrapper to a semantic `main` landmark with an
anchor target.

* **Accessibility**
* Improved keyboard and screen reader navigation by supporting better
in-page navigation and landmarks, without changing the page’s visible
content.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-07 17:33:03 +02:00
Andrey A. a6a04f24cd fix(studio): correct exposed-schema settings for the Data API (#47511) 2026-07-07 16:37:21 +02:00
Gildas Garcia a84fd10a4f chore: simplify project copy buttons labels (#47689)
## Problem

Screen reader users don't need to be told how to use a button: _Press
Enter to copy project name_

## Solution

Simplify the button labels: _Copy project name_

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Accessibility**
* Updated screen-reader text in the dropdown menu so uncopied items now
announce “Copy” more clearly, improving clarity for assistive technology
users.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-07 15:38:23 +02:00
Gildas Garcia 3324b4d598 fix: improve project URL and keys copy button accessibility (#47681)
## Problem

The _Copy_ button is difficult to understand for screen reader users:
- They don't know what it copies
- They have no clear indication about what each dropdown item does
- They have no confirmation a value has been copied to their clipboard

## Solution

- Make sure the button that triggers the popover has a clear label for
screen readers
- Make sure each item has a clear label: _Press Enter to copy ..._
- Make sure each item label changes to confirm the value has been copied

## How to test

- Activate the OS VoiceOver
- Navigate to a project home page
- Tab to the _Copy_ button. It should announce _Copy project URL and API
keys_
- Press Enter then use Arrow keys to move through the items. It should
announce _Press Enter to copy_ the item label
- Press Enter to copy an item. It should announce item label _Press
Enter to copy_

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Improved clipboard copy feedback so the “copied” state now resets when
the popover closes, making copy confirmations more consistent.
* Enhanced accessibility for copy actions by refining screen-reader text
to indicate whether an item is ready to copy (“Press Enter to copy”) or
has already been copied.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-07 14:37:57 +02:00
Saxon Fletcher 27050a69b1 Color spot fixes policy and sheet (#47682) 2026-07-07 21:40:55 +10:00
Jordi Enric bac4814123 fix(logs): color regressions from design system update (#47676)
## Summary
- Fix unreadable "Large ranges may result in memory errors" warning text
in the Logs date picker — a stray `text-warning-foreground` class (dark
ink) was winning over `text-warning` on the dark `bg-warning-300` fill.
- Fix "Search collections..." sidebar wrapper background mismatch —
`bg-background-200` now resolves to the elevated `--card` surface
instead of `--background`, so it no longer matches the sidebar's
`bg-dash-sidebar`.
- Fix the Unified Logs "Live" toggle button rendering blue text instead
of white when active — a leftover `border-info text-info` override was
fighting the `primary` variant's own text color, now that `--info`
resolves to a more distinct blue.

All three are contrast/color regressions surfaced by the recent
design-system color token changes.

## Test plan
- [ ] Open a project's Logs Explorer, pick a large date range, confirm
the warning text is readable
- [ ] Check the Logs sidebar "Search collections..." box background
matches the rest of the sidebar in both light and dark mode
- [ ] Toggle "Live" mode in Unified Logs and confirm the button text is
white/legible on the green background

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Style**
  * Updated the large-range warning banner appearance in Logs settings.
* Refined the Logs sidebar header background styling for a more
consistent look.
* Simplified the DataTable live button styling behavior by removing
conditional class composition while preserving the existing live-mode
visuals.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-07 13:37:37 +02:00
Gildas Garcia 8f69cfaaae fix: add an accessible text to the organization dashboard link (#47672)
## Problem

People using screen readers can't find how to navigate back to the
organization dashboard.

## Solution

- Add an invisible label for screen readers
- Add a tooltip for all users

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added a tooltip to the home navigation icon on hover (“Back to
organization home”).
* Enhanced app layout dropdowns to accept custom trigger content,
improving accessibility with updated labels for branches, organizations,
and projects.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-07 11:11:20 +02:00
Riccardo Busetti 34d641f50b feat(pipelines): Add clarification on region (#47641) 2026-07-07 10:36:55 +02:00
Danny White 484726a45c fix(studio): warning colours broken in light mode after colour migration (#47660)
## What kind of change does this PR introduce?

UI bug fix

## What is the current behavior?

After the colour system migration (#47288), `--warning-default` was
removed in light mode in favour of the semantic `--warning` token.
Several studio call sites still referenced
`hsl(var(--warning-default))`, which resolves to an invalid colour in
light mode.

This caused warning segments in stacked bar charts (e.g. Realtime on
project overview v2) to render black instead of amber, with missing
tooltip swatches. The colour appeared to "fix itself" on hover because
the dimmed state used `--warning-500`, which is still defined.

## What is the new behaviour?

Studio consumers that referenced the removed token now point at tokens
that still resolve in light mode. Chart warnings use new app-level
`--chart-warning` / `--chart-warning-muted` variables (stepped scale,
theme-aware) rather than the removed `--warning-default`.

We only update **Studio app consumers** that were still calling the old
token:

- `LogsBarChart` → `--chart-warning` tokens
- `apps/studio/styles/globals.css` → defines those chart tokens + fixes
`--sidebar-primary-foreground`
- A handful of chart/tooltip call sites in Studio
(`EdgeFunctionOverview`, `UnifiedLogs`, etc.)
- Table editor dirty cell text → `--warning-600` (still on the stepped
scale)

## To test

Use a hosted project that already has warnings on project home (e.g.
Realtime with a non-zero warnings count). Switch Studio to **light
mode**.

1. Open **Project home** (`newHomepageUsageDeltas` flag enabled).
2. Find a service card with warnings in **Project usage**.
3. Confirm warning bar segments are amber/orange (not black), tooltip
swatches show amber, and hover does not flip them black.
4. Quick dark mode sanity check. Should look unchanged.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Style**
* Standardized warning-series and highlight colors across charts, logs,
countdown timers, and interface indicators using the shared theme tokens
(`--chart-warning` / `--chart-warning-muted`).
* Refreshed warning-related theme wiring for both light and dark modes,
including sidebar foreground color.
* **Bug Fixes**
* Updated “dirty” table cell text color to align with the revised
warning palette.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-07 14:34:29 +10:00
Alex Hall 568a26899a fix: catch permission errors when querying integrations data (#47272)
Previously, uncaught permission errors were bubbling up and preventing
the marketplace UI from rendering at all. This is a problem because
users might have access to the integrations tab, but not permissions to
view all the connected resources on a particular integration. In that
scenario, we want to degrade gracefully and show them only those
resources they have access to.
2026-07-06 15:26:23 -04:00
Jordi Enric ceff7b99bf fix(logs): guard chart query against unparseable timestamp params (#47485)
## Problem

The per-service logs pages (e.g. `/project/[ref]/logs/auth-logs`)
crashed with `RangeError: Invalid time value` (Sentry issue 7580074952).
`calcChartStart` guarded `iso_timestamp_start` only against falsy
values, so a truthy-but-unparseable timestamp (a malformed value in the
URL query params) produced an Invalid Date, which propagated through
`.add()` and threw when `startOffset.toISOString()` was called.

The bug is on the legacy (non-OTEL) chart query path. The OTEL bucket
helper had the same unguarded pattern; it did not crash but could skew
the chart bucket size.

## Fix

Validate parsed timestamps with `dayjs().isValid()` and fall back to
now, matching the existing empty-param behavior. Applied to both
`calcChartStart` (legacy) and `otelChartTruncFn` (OTEL).

- Valid params produce identical output (existing tests unaffected)
- Empty params still fall back to now
- Malformed input no longer throws

Added regression tests to `Logs.utils.test.ts` and
`Logs.utils.otel.test.ts`.

## How to test

- Run the logs unit tests: `pnpm test:studio` (or target
`Logs.utils.test.ts` and `Logs.utils.otel.test.ts`)
- In the dashboard, open a service logs page with a malformed timestamp
in the URL, e.g. `/project/<ref>/logs/auth-logs?its=not-a-date`
- Expected result: the page renders without crashing and the chart falls
back to the default (now-based) time range

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Improved log chart time-range handling by safely resolving missing or
invalid ISO timestamps via a shared timestamp resolver.
* Updated chart bucketing and timestamp conflict logic to use the
resolved endpoints, preventing errors and ensuring correct fallback
granularity (including minute-level bucketing when needed).
* **Tests**
* Added regression coverage to confirm chart query generation (including
OTEL queries) does not throw for unparseable start/end timestamps.
* Verified fallback behavior to minute-level bucketing and non-throwing
behavior for timestamp conflict handling.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-06 17:41:30 +02:00
Alaister Young 32798c3162 [FE-3423] chore(studio): flag pages/** edits to mirror into TanStack routes (#47650)
Adds a PR-time reminder to mirror any edit to `apps/studio/pages/**`
into the corresponding `apps/studio/routes/**` file, since the Next.js
pages router and the TanStack Start route tree ship side-by-side during
the migration and can silently drift.

**Added:**
- A CodeRabbit `path_instructions` rule (`.coderabbit.yaml`) scoped to
`apps/studio/pages/**` that prompts authors to check whether a page
change needs mirroring into `routes/**`. It encodes the migration's
nuance so it isn't noise — pure body edits on re-export (Path A) pages
propagate automatically, but layout/`getLayout`, `staticData` props,
`withAuth`, redirect-path, or new-page changes must be mirrored by hand.
Framed as verify-not-block, and explicitly tells authors *not* to delete
the `pages/**` file.

**Changed:**
- `apps/studio/TANSTACK_MIGRATION.md` — documents the guardrail under
the Runtime model section, and adds a cleanup-checklist line to remove
it once `pages/**` is deleted (FE-3106).

This is temporary scaffolding — it comes out with the final `pages/**`
cleanup pass.

## To test

- This needs to land on `master` first, then open a throwaway PR that
touches a file under `apps/studio/pages/**` and confirm CodeRabbit
leaves the reminder comment.
- `path_instructions` can be flaky — if CodeRabbit doesn't fire
reliably, the fallback is a GitHub Action + sticky PR comment scoped to
`paths: ['apps/studio/pages/**']`.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Documentation**
* Added migration guidance for Studio page changes to help keep mirrored
routes in sync during the transition period.
* Clarified when page updates need to be reflected in the matching route
files, including new pages and changes to layout, access control,
titles, static data, or paths.
* Added a cleanup reminder for removing the temporary review guidance
once the migration is complete.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
2026-07-06 15:26:43 +00:00
Alaister Young 4a18670367 [FE-2417] fix(studio): update disk EBS UI copy to match new limits (#47646)
Updates the dashboard disk-management copy to match the new AWS EBS
modification limits (already reflected in the docs): from the old fixed
"4-hour cooldown / once every 4 hours" framing to "up to 4 modifications
within a rolling 24-hour window".

This is a copy-only change plus one small logic-constant alignment.
Timer/countdown behavior is unchanged — this only updates wording to
bring the dashboard in line with the docs.

**Changed:**
- `DiskSpaceBar` autoscaling tooltip, `DiskCountdownRadial` card,
`DiskSizeConfiguration` "Importing a lot of data?" alert,
`DiskSizeConfigurationModal` alert title + both countdown branches,
`DiskManagementReviewAndSubmitDialog` IOPS + disk-size row descriptions,
and two code comments — all reworded to the new "4 per rolling 24-hour
window" framing
- `DiskSizeConfigurationModal` countdown now derives from the shared
`COOLDOWN_DURATION` constant (4h) instead of a stale hardcoded `6 * 60`
(6h), so the legacy resize path matches the newer disk-attributes path

## To test

- Open a Pro AWS project → **Settings → Compute and Disk** → hover the
**Autoscaling** pill on the disk bar: tooltip should read "…limited to 4
within a rolling 24-hour window" (no "once every 4 hours")
- Change IOPS only → **Review changes** → IOPS row description shows the
new "rolling 24-hour window… as soon as the previous one completes" copy
- Change disk size → **Review changes** → Disk size row shows "You can
modify disk attributes up to 4 times within a rolling 24-hour window"
(not "For 4 hours after changes…")
- On a non-AWS Pro project → **Database → Settings → Increase disk
size**: modal title reads "Disk modifications are limited to 4 per
rolling 24-hour window"; any "resize again in ~X" countdown is bounded
by 4 hours, not 6
- Sanity: none of the old "4-hour cooldown" / "once every 4 hours"
strings appear anywhere in the disk UI

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Updated disk resizing messages across the app to reflect a rolling
24-hour limit instead of a fixed 4-hour cooldown.
* Clarified when disk size, IOPS, and throughput changes are available
again, including more accurate next-available timing.
* Improved warning copy in disk configuration and review dialogs so
limit messages are consistent and easier to understand.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
2026-07-06 23:16:00 +08:00
Han Qiao 7b02aa2f0d fix: allow pausing branch projects again (#47636)
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES

## What kind of change does this PR introduce?

Bug fix (regression).

## What is the current behavior?

#44172 replaced the old `isAwsK8s`-based check with an entitlement-based
check (`useCheckEntitlements('project_pausing', ...)`) for the pause
project button. In doing so, it also introduced an explicit `isBranch`
condition that unconditionally disables the pause button and shows
"Branch projects cannot be paused" for any branch project.

Prior to #44172, branches were exempt from the paid-plan pause
restriction entirely — the old `isPaidAndNotAwsK8s` computation
(`!isBranch && !isFreePlan && !isAwsK8s`) evaluated to `false` whenever
`isBranch` was `true`, so branch projects were never blocked by that
check. The new code changed this exemption into a hard block, which is
the regression: branches can no longer be paused at all.

## What is the new behavior?

Restore the original exemption: branch projects bypass the
`project_pausing` entitlement check (as they did the old AWS K8s check),
instead of being unconditionally blocked. The pause button and tooltip
for branches now only take into account permissions, project status, and
whether the project is active — matching pre-#44172 behavior.

```tsx
const buttonDisabled =
  (!isBranch && !projectPausingAllowedInOrg) ||
  project === undefined ||
  isPaused ||
  !canPauseProject ||
  !isProjectActive
```

## Additional context

Regression introduced in
https://github.com/supabase/supabase/pull/44172.


---
_Generated by [Claude
Code](https://claude.ai/code/session_01VdtDMaXzz8zgqQHSMbtMAA)_

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Updated project pause availability so the button now reflects the
correct conditions for branch and non-branch projects.
* Improved pause-related tooltips to show more accurate messaging based
on plan type and project status, including when pausing may not be
available on free plans.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
2026-07-06 23:08:31 +08:00
ChloeGarciaMillerand c87f673c4c Fix: improve accessibility for icon buttons (database menu) (#47531)
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES

## What kind of change does this PR introduce?

Bug fix (accessibility improvement)

## What is the current behavior?

Icon-only buttons do not have explicit accessible names for screen
readers or tooltips.

## What is the new behavior?

All icon-only buttons now have explicit accessible names using visually
hidden text (sr-only), ensuring proper screen reader support.

## Additional context

Tooltip text is preserved or added for visual users.
No visual changes were introduced.


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Tests**
* Tightened end-to-end checks for policy creation so policy names must
match exactly in the list.
* Improved validation coverage for SELECT, INSERT, UPDATE, and DELETE
policy flows, reducing the chance of false-positive test matches.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-06 16:59:40 +02:00
Gildas Garcia 623a9230bd fix: add labels to org home page view buttons (#47633)
## Problem

The buttons on the organization home page that allow to switch between
list and grid views are not accessible.

## Solution

Add screen readers only text to these buttons.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

## Summary of changes

* **Bug Fixes / Improvements**
* Improved accessibility for project view toggle controls and the
clear-search action.
  * Added an explicit accessible label to the clear button.
* Added screen-reader text and tooltips to better communicate grid vs.
list view.
* **Other**
* Improved error handling robustness when updating report snippet
visibility.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-06 16:57:02 +02:00
Ali Waseem 93f83651ee chore(studio): hide wal2json from extensions list (#47643)
## What kind of change does this PR introduce?


Adds `'wal2json'` to `HIDDEN_EXTENSIONS` so it's filtered out of the
extensions list in the Dashboard, matching how other non-user-facing
extensions (e.g. `pg_stat_monitor`, `supautils`) are already hidden.

## Summary by CodeRabbit

* **Bug Fixes**
* Updated the list of hidden database extensions so `wal2json` no longer
appears in places where hidden extensions are excluded.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-06 14:35:12 +00:00
Ali Waseem 61f71c8b1e fix: remove any from report snippet model (#47644)
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES

## What kind of change does this PR introduce?

Minor remove any to fix ratchet baseline rules 

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Improved error handling when making a report snippet public, so error
messages are only shown when a valid error message is available.
* Reduced the chance of unexpected failures from non-standard error
values during this action.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-06 14:25:23 +00:00
David_C d7ad603e40 fix(studio): fixing table editor column header background (#47585)
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES

## What kind of change does this PR introduce?

Bug fix (Fixes #47562)

## What is the current behavior?

Header and data row overlaps:
<img width="1416" height="58" alt="Screenshot 2026-07-03 at 12 39 43 PM"
src="https://github.com/user-attachments/assets/fd5ab174-f18d-4f84-9158-5824f43d5ab5"
/>

## What is the new behavior?

Now it correctly displays entry data without overlapping text:
<img width="1289" height="115" alt="Screenshot 2026-07-03 at 12 38
38 PM"
src="https://github.com/user-attachments/assets/df0d96d6-1091-4be9-be44-cad317b87847"
/>

## Additional context

Colors are consistent with surrounding for all color theme.

This issue appeared after PR #47288, I am not exactly sure about the
whole situation as 47288 is a massive PR. I drilled in a bit into the
CSS with the help of my cursor agent, it mentioned css conflicts with
react-data-grid's background-color: inherit, take it with a grain of
salt though.


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Style**
  * Updated the grid header appearance to better match the app canvas.
* Header rows now keep their existing behavior and borders, while header
cells use the canvas background for a cleaner look.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-06 13:31:54 +00:00
Gildas Garcia cabe14e5ca chore: remove _Shadcn_ suffix from ui tabs components (#47628)
## Problem

Now that we migrated all usages of the deprecated `Tabs` component, we
don't need the `_Shadcn_` suffix anymore.

## Solution

Remove `_Shadcn_` suffix from `ui` tabs components. That's all this PR
does, no visual nor functional changes

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Standardized tab components across the app so pages and dialogs now
use the same consistent tab UI.
* Improved tab-based views in design, docs, studio, learn, and website
experiences for a more uniform interface.

* **Chores**
* Updated shared UI exports to expose tab components directly,
simplifying future usage across the product.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-06 15:29:16 +02:00
Vaibhav 38669218ac fix: preserve copy (#47607)
- closes https://github.com/supabase/supabase/issues/47606

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Copying cell values now preserves `false` and `0` instead of treating
them like empty values.
* Clipboard copy behavior now only returns blank for truly empty inputs,
helping keep table data accurate when copied.
* **Tests**
* Added end-to-end coverage for copying table cells with `false`, `0`,
and `true` values.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-06 07:17:17 -06:00
Jordi Enric 27c1850a9a feat(logs): enforce a LIMIT clause in the log explorer (#47630)
## What

Enforces a `LIMIT` clause on Logs Explorer queries, replacing the
previous soft warning.

- Queries without a `LIMIT <n>` can no longer be run.
- Instead of the warning badge, the results box shows a clear "Add a
LIMIT to your query" message.
- The error clears as soon as a valid `LIMIT` is added.

## Why

Unbounded queries can scan very large amounts of data. This adds a UI
guardrail so a bounded result set is always requested.

## Notes

- New `checkForLimitClause` util detects `LIMIT <n>` outside of string
literals and comments (mirrors the existing WITH/ILIKE checks), with
unit tests.
- The missing-limit message reuses the existing error-rendering path via
a `missingLimit` reason, alongside `resourcesExceeded`.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
  * Log queries now require a `LIMIT` clause before they can run.
* A new on-screen message guides users to add a `LIMIT` when it’s
missing.

* **Bug Fixes**
* Improved log query validation to better detect valid `LIMIT` usage,
including mixed case, multiline queries, and avoidance of false matches
in comments, strings, or column names.
* Existing error messages continue to appear for other query limits and
failures.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-06 13:04:46 +02:00
Jordi Enric 6770f1a148 feat(studio): share report snippets with the team when added to homepage report FE-3800 (#47629)
## Problem

Adding a private SQL snippet ('user' visibility) as a Home / project
overview report created a broken experience for other project members,
who saw "SQL snippet not found" because they had no access to the
snippet.

## Fix

Selecting a private snippet from the report block picker now shows a
confirmation step that makes the snippet public to the project before it
is added. Already-shared snippets are added directly, and snippets
created via drag-and-drop onto the report are now shared on creation.

## How to test

- Open a project's homepage and go to the Reports section
- Create a private SQL snippet if you do not have one
- Click "Add block" and select the private snippet
- Confirm a dialog appears explaining the snippet will become visible to
the team
- Confirm, and verify the block is added to the report
- Log in as another project member and confirm the report block renders
instead of "SQL snippet not found"
- Selecting an already-shared snippet should add it without the
confirmation dialog

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added a “make snippet public” confirmation flow for user-owned report
blocks.
* Updated snippet selection to support a private-snippet share prompt
when appropriate.
* **Bug Fixes**
* Improved duplicate-block handling to prevent adding the same snippet
multiple times.
* **Refactor**
* Refactored SQL snippet upsert payload construction for more consistent
project visibility updates.
* **Tests**
  * Added unit tests covering snippet selection decision logic.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-06 13:04:36 +02:00
Alaister Young 4129c8954d feat(studio): TanStack project routes — auth/logs/settings/functions (stack 5.2/6, from #46424) (#47118)
**Stack 5.2/6** of the TanStack Start migration (#46424) — second half
of the project routes (S5 was split for CodeRabbit's 150-file cap).
Stacked on **#47117** (5.1).

> [!NOTE]
> Same shape as 5.1 — thin route wrappers over the existing pages-router
components. With this PR every route is present, so `routeTree.gen.ts`
is now **byte-identical to the migration branch**.

## What's in this PR
- **Remaining project routes:** auth, logs, settings, observability,
functions, advisors, project-level integrations.
- **Supporting edits:** hoist `EdgeFunctionsIndexPageWrapper` out of
`getLayout`, `functions/secrets`, and move `DefaultLayout` to the root
for the logs page.
- `routeTree.gen.ts` regenerated for the full set.

## Verification
On top of S1–5.1: `studio` typecheck ✓, lint (0 errors) ✓, **Next build
✓ (181/181 pages)**.


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Refactor**
* Reorganized internal routing and page structure to improve navigation
and maintainability across project settings, logs, functions,
authentication, integrations, and observability sections.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
2026-07-06 18:31:18 +08:00
supabase-supabase-autofixer[bot] f6fc6ceb59 [bot] Decrease ESLint ratchet baselines (#47611)
Automated weekly decrease of ESLint ratchet baselines.

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-07-06 12:20:41 +02:00
Alaister Young 46b31eb53a [FE-3379] feat(studio): warn when db passwords need percent-encoding (#47564)
Users who set a database password with special characters (\`@\`, \`#\`,
\`%\`, \`+\`, etc.) get no warning that it must be percent-encoded when
used in a connection URL, which leads to confusing connection failures
([FE-3379](https://linear.app/supabase/issue/FE-3379)).

<img width="700" height="200" alt="Screenshot 2026-07-03 at 6 26 43 PM"
src="https://github.com/user-attachments/assets/48608d65-8057-4abe-96fc-c0ede3550951"
/>
<img width="1002" height="395" alt="Screenshot 2026-07-03 at 6 27 14 PM"
src="https://github.com/user-attachments/assets/1366b985-7d80-4e7d-97f0-c79d5c84cefd"
/>
<img width="548" height="303" alt="Screenshot 2026-07-03 at 6 27 26 PM"
src="https://github.com/user-attachments/assets/b042101a-0e88-4730-adb8-1b490018f208"
/>

**Changed:**
- `PasswordStrengthBar` now shows a warning-colored callout (with a docs
link) whenever the entered password contains characters that need
percent-encoding — this covers project creation, reset database
password, restore-to-new-project, and the Vercel deploy-button flow
- Replaced `DATABASE_PASSWORD_REGEX` (only caught `@`, `:`, `/`) with a
`passwordNeedsPercentEncoding()` helper based on `encodeURIComponent`,
so `#`, `%`, `+`, `?`, `&`, spaces etc. are caught too
- Moved `SpecialSymbolsCallout` from `ProjectCreation/` to
`components/ui/` since it's now shared

**Added:**
- Info admonition in the Connect sheet next to connection strings that
still contain `[YOUR-PASSWORD]` (direct connection + `.env`-based file
setups; hidden for psql and .NET where percent-encoding doesn't apply,
and after a password reset since the substituted password is already
encoded)

## To test

- Project creation → type a password containing \`#\` or \`@\` → warning
callout appears above the strength bar; disappears for alphanumeric
passwords
- Database Settings → Reset database password → same behaviour
- Connect sheet → Direct connection → note shows under the connection
string for URI/JDBC types, not for psql; after resetting the password
from the sheet, the note disappears (password is substituted already
encoded)
- Connect sheet → Node.js/Python/Go/SQLAlchemy file setups show the
note; .NET does not
- \`pnpm vitest run lib/password-strength.test.ts\` passes

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

## Summary by CodeRabbit

* **New Features**
* Added a dedicated password encoding note (with documentation link) on
direct connection screens when the password is embedded in a URL.
* Added an encoding hint to the password strength area when
percent-encoding is required.
* **Bug Fixes**
* Removed regex-based “invalid password” callout and replaced it with
safer percent-encoding detection logic.
* **Tests**
  * Added test coverage for `passwordNeedsPercentEncoding`.
  * Removed obsolete Project Creation password regex tests.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
2026-07-06 17:38:03 +08:00
Saxon Fletcher 09ea558d54 Vercel install layout (#47550)
Bring the Vercel install layout up to date with other connect screens.
Resolves DEPR-615.

| Before | After |
| --- | --- |
| <img width="1600" height="1200" alt="CleanShot 2026-07-03 at 10 51
59@2x"
src="https://github.com/user-attachments/assets/6a8c2910-8c45-4c7d-8d38-8b80c5cf4c83"
/> | <img width="1150" height="1318" alt="CleanShot 2026-07-03 at 11 56
17@2x"
src="https://github.com/user-attachments/assets/3a5add5c-fea4-44f3-a368-5732257b27d9"
/> |

## Testing

- Open the deploy preview or staging URL for
`/dashboard/integrations/vercel/install` with callback params from a
real Vercel Marketplace install redirect (see _Vercel_ subheading
below).
- Confirm the install screen renders with the selected Supabase account,
organization picker, and primary install CTA.
- Remove required callback params such as `code`, `configurationId`, or
`source` to verify the "Missing Vercel installation details" warning
state.
- Clicking "Install integration" with an expired or reused `code` can
show `Creating Vercel integration failed: Failed to get Vercel access
token`; that is expected for preview UI validation. A full successful
install requires a fresh Vercel-generated code from the install flow.

To reiterate; this won’t work because the code will be invalid. But it
should show that everything is hooked up right for prod.

### Vercel

1. Go to Supabase. Open either org-level or project (settings) level
integrations.
2. Tap "[Install Vercel
Integration](https://vercel.com/integrations/supabase-local)".
3. Follow the install instructions from that Vercel page. This should
open a browser window.
4. Copy the URL of that browser window. Take the params and paste them
instead at the end of the deploy preview URL.

Example of #4:

```txt
Before:
https://supabase.com/dashboard/integrations/vercel/install?code=jDhIBDlD58zzLVtuSNjJpUSu&configurationId=icfg_v3dKllQIniSOwdVI3gypnZh3&next=https%3A%2F%2Fvercel.com%2Ftest-5706s-projects%2F~%2Fintegrations%2Ficfg_v3dKllQIniSOwdVI3gypnZh3%2Finstalled&source=marketplace&teamId=team_mPkGQZjTLBEUXh15b03iVsTg

After
https://studio-staging-git-chore-install-layout-supabase.vercel.app/dashboard/integrations/vercel/install?code=jDhIBDlD58zzLVtuSNjJpUSu&configurationId=icfg_v3dKllQIniSOwdVI3gypnZh3&next=https%3A%2F%2Fvercel.com%2Ftest-5706s-projects%2F~%2Fintegrations%2Ficfg_v3dKllQIniSOwdVI3gypnZh3%2Finstalled&source=marketplace&teamId=team_mPkGQZjTLBEUXh15b03iVsTg
```

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Updated the installation experience with a cleaner, more guided
layout.
* Added clearer organization selection during setup, including
visibility into which organizations are already installed.

* **Bug Fixes**
  * Improved loading and error handling during installation.
* Added clearer warnings for missing setup details, already-installed
integrations, and cases with no available organizations.
* Fixed routing behavior so organization selection is preserved more
reliably.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Danny White <3104761+dnywh@users.noreply.github.com>
2026-07-06 19:34:20 +10:00
Wen Bo Xie 5c3d250140 docs: clarify that creating new API keys does not disable legacy keys (#47395)
Creating publishable and secret keys adds them alongside the existing
anon and service_role keys without affecting them. Make this explicit in
two places so users don't assume their legacy keys are revoked:

- Add an Admonition note to the API keys guide explaining both key types
work simultaneously and legacy keys must be disabled in a separate step.
- Update the "Create new API keys" dialog in Studio to reassure users
that their existing anon and service_role keys remain valid.
2026-07-06 05:39:59 +00:00
Ali Waseem 61078d2617 chore(studio): add jsx-a11y ESLint ratchet rules for statically-detectable a11y issues (#47582)
## Summary
- Follow-up to the axe-core accessibility audit (FE-3781), which found
1,733 failing elements across 126 Studio surfaces deduplicating to 12
root-cause families. A subset of those (missing accessible names/labels,
invalid/redundant ARIA, empty headings/anchors) is statically detectable
— this adds ESLint coverage for it instead of relying solely on the
runtime axe-core CI gate.
- Adds 13 `jsx-a11y` rules to `apps/studio/eslint.config.cjs` at
`'warn'`: `aria-props`, `aria-proptypes`, `role-supports-aria-props`,
`anchor-has-content`, `control-has-associated-label`
(`controlComponents: ['Button', 'Switch']`),
`label-has-associated-control` (`labelComponents: ['Label']`,
`controlComponents: ['Input', 'Switch']`), `aria-role`,
`no-redundant-roles`, `no-aria-hidden-on-focusable`,
`tabindex-no-positive`, `anchor-is-valid`, `heading-has-content`,
`no-distracting-elements`.
- Wires all 13 into the existing `lint:ratchet` script and initializes
their baselines in `apps/studio/.github/eslint-rule-baselines.json`, so
any *new* violation fails `studio-lint-ratchet.yml` while the
pre-existing ones (mostly `control-has-associated-label`: 274,
`label-has-associated-control`: 37) are tracked and shrink over time via
the weekly baseline-decrease cron.

Resolves
[FE-3795](https://linear.app/supabase/issue/FE-3795/add-jsx-a11y-eslint-ratchet-rules-for-statically-detectable-a11y).

## Test plan
- [x] `pnpm --filter studio run lint:ratchet` passes (exit 0, no
regressions)
- [x] Spot-checked several flagged instances against source to confirm
true positives (e.g. an unlabeled save/cancel icon-button pair in
`AIAssistantChatSelector.tsx`, an empty `<h3>` in `PITRForm.tsx`)
- [x] CI (`studio-lint-ratchet.yml`, typecheck.yml lint step) green on
this PR

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Expanded Studio’s accessibility linting to cover additional ARIA prop
validation, label/control relationships, anchor/heading validity,
role/ARIA correctness, and focus/tab behavior (including distracting
markup).
* Updated accessibility lint baselines so tracked violations remain
accurate as rules expand.
* **New Features**
* Enhanced the Studio lint “ratchet” workflow to load ratchet rule IDs
from an external `rules-file` instead of a long inline command.
* **Tests**
* Added an integration test to verify rule IDs are read from the
`rules-file`.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-03 20:33:12 +00:00
Andrey A. 514c3aa0d0 fix(self-hosted): type generation should respect exposed schemas (#47577) 2026-07-03 17:43:20 +02:00
Gildas Garcia e144628515 fix: studio observability sticky nav background is wrong (#47574)
## Problem
Only in dark mode

<img width="1003" height="324" alt="image"
src="https://github.com/user-attachments/assets/e131fd07-1327-4a0b-bb27-eccf1f5d7f93"
/>

## Solution
<img width="943" height="230" alt="image"
src="https://github.com/user-attachments/assets/bcbee6e6-d303-45c6-b612-eb0f0423d458"
/>
2026-07-03 14:09:38 +00:00
Alaister Young 7d3f72ec7d feat(studio): TanStack project routes — data surfaces (stack 5.1/6, from #46424) (#47117)
**Stack 5.1/6** of the TanStack Start migration (#46424). The original
S5 (174 files) was over CodeRabbit's 150-file review cap, so it's split
into 5.1 + 5.2 by product. Stacked on **#47113** (S4).

> [!NOTE]
> Thin route wrappers rendering the existing pages-router components via
compat shims. Next-safe (full Next build run). The TanStack app isn't
functional end-to-end until 5.2 + the matrix flip.

## What's in this PR
- **Data-cluster project routes:** database, editor, sql, storage,
realtime, branches.
- **Top-level / onboarding routes:** `authorize`, `join`, `logout`,
`redeem`, `verify-email`, `claim-project`, aws-marketplace,
Vercel/GitHub integration entrypoints; `_app`/`_auth` layout shells;
`/org/_` + `/project/_` catch-alls.
- **Supporting edits:** hoist `BranchesPageWrapper` out of `getLayout`,
`ConnectStepsSection` `import.meta.glob`, `api/server.js`.
- `routeTree.gen.ts` regenerated for the routes present so far.

## Verification
On top of S1–S4: `studio` typecheck ✓, lint (0 errors) ✓, **Next build ✓
(181/181 pages)**.


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Refactor**
* Restructured application routing infrastructure for improved code
organization and maintainability.
* Extracted and refactored layout wrapper components for enhanced
reusability across different sections of the application.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
2026-07-03 21:22:06 +08:00
Gildas Garcia 6134e67693 fix: limit command menu height in auth observability filter (#47572)
## Problem

We don't limit command menu height by default because we usually don't
have that many options. It's an issue here as shown in the screenshot
because it hides the _Apply_ button

## Solution

Add a max height to the list of options

Before:
<img width="1331" height="1019" alt="image"
src="https://github.com/user-attachments/assets/512b26ca-c08b-44c5-8bed-c89d5ab87da3"
/>

After:
<img width="1217" height="828" alt="image"
src="https://github.com/user-attachments/assets/43a4066d-7b20-4615-81ec-cebdb8539ec1"
/>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Style**
* Adjusted the reports filter dropdown to limit its height, making long
lists easier to browse and preventing the menu from growing too large on
screen.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-03 14:53:14 +02:00
Saxon Fletcher 401a4ed042 Chart fix (#47568)
Fixes colour issue on some charts

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Style**
* Updated studio chart color styling to improve consistency in light
mode.
* Refined dark theme chart color handling so the color token is applied
correctly without directly assigning a raw variable.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-03 21:40:51 +10:00
Joshen Lim 3521ff06e1 Joshen/fe 3778 rls tester to support insert queries (#47554)
## Context

Back to working on the [RLS
Tester](https://github.com/orgs/supabase/discussions/45233), slowly
adding support for mutation queries. First part here will be to add
support for testing `INSERT` based queries (Note that there's no changes
to the sandbox stuff in this PR)

## Changes involved
- If testing an `INSERT` query, we show a big warning first that the
query will be ran on the actual DB
  - Note that we skip the warning if the sandbox is used
<img width="534" height="231" alt="image"
src="https://github.com/user-attachments/assets/ef75a0c9-61e4-49b0-9d78-458e8e5f7f4f"
/>
- If the testing as an anon user + RLS enabled
<img width="601" height="386" alt="image"
src="https://github.com/user-attachments/assets/b21f048d-bac1-4ddd-b84b-c231ae9f9e3e"
/>
- If testing as an auth-ed user + RLS enabled, but the INSERT violates
RLS (conditions don't meet)
<img width="604" height="489" alt="image"
src="https://github.com/user-attachments/assets/41c40486-48d5-4eee-b7cd-8f993edc47be"
/>
- Else if testing as an auth-ed user + RLS enabled and INSERT matches
RLS
<img width="612" height="402" alt="image"
src="https://github.com/user-attachments/assets/41854b40-b351-408b-8d23-cc5e0fa40813"
/>
- Minor cosmetic layout change here
  - Use layout horizontal
- Also added the user ID below the dropdown with click to copy action
for convenience
<img width="615" height="528" alt="image"
src="https://github.com/user-attachments/assets/b9c04395-5435-474a-b3c5-640143faa782"
/>
- Added inline guard againsts some conditions
  - Should not be able to run UPDATE or DELETE queries
<img width="622" height="319" alt="image"
src="https://github.com/user-attachments/assets/351af7c6-8f1e-47ae-8651-3b9b0b512490"
/>
  - Should not be able to run multiple queries
<img width="612" height="317" alt="image"
src="https://github.com/user-attachments/assets/603d9a1f-1d1f-40f2-806d-93aea6b6cf8e"
/>

## To test
- [ ] Verify that the RLS Tester works as expected for an insert query
  - Against actual DB
  - Against sandbox (only available on staging)
- [ ] Verify that inline guards are all working as expected
- Let me know if there's any edge cases I might have missed!





<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* RLS Tester results are now operation-aware (SELECT vs mutations), with
clearer “no rows/all rows” and policy evaluation explanations.
  * Added copy-to-clipboard for the impersonated user ID.
* Query parsing now surfaces richer context, including WHERE clause
details and statement count, and SELECT-only previews.

* **Bug Fixes**
* Improved handling of blocked mutation queries and RLS-related error
messaging.
  * Updated RLS Tester navigation to the correct policies page.
  * Refined sandbox-assisted execution flow and empty/error states.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-03 17:58:08 +08:00
Saxon Fletcher fb02182e86 Color system (#47288)
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES/NO

## What kind of change does this PR introduce?

Bug fix, feature, docs update, ...

## What is the current behavior?

Please link any relevant issues here.

## What is the new behavior?

Feel free to include screenshots if it includes visual changes.

## Additional context

Add any other context or screenshots.


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Refreshed theming across the UI to use modern color expressions and
shared theme variables (including OKLCH-based gradients), improving
consistency for charts, code blocks, overlays, icons, and decorative
backgrounds.
* **Bug Fixes**
* Improved light/dark color and gradient consistency across axis/grid
styling, reference lines, buttons/badges, sidebar accents, loaders, and
other visual components.
* **Documentation**
* Updated styling/theming guidance to align with the revised semantic
token system and the updated theme variable usage patterns.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-03 15:00:43 +10:00
Coenen Benjamin a1716edc3c refactor(replication): do not fetch secrets from APIs and enable partial update on API (#47454) 2026-07-02 21:04:12 +02:00
Charis cdc2dc4e26 refactor(studio): import SQL editor store from source, delete facade + barrel (#47533)
## What

Final PR of the SQL editor state re-layering stack. Removes the
compatibility shims left in place during the migration:

- Migrates all **23** consumers of the `@/state/sql-editor-v2` facade to
import directly from `@/state/sql-editor/sql-editor-state`, where
`useSqlEditorV2StateSnapshot`, `getSqlEditorV2StateSnapshot`,
`useSnippets`, and `useSnippetFolders` actually live.
- Deletes `state/sql-editor-v2.ts` (the facade) and
`state/sql-editor/index.ts` (the barrel). Both re-exported the same
symbols; nothing imports them after the migration.

This collapses the two-layer re-export (`sql-editor-v2` → `index` →
source) into direct source imports, matching the repo convention to
avoid barrel re-export files.

## Notes

- Pure import-path migration — no behavior change. All 23 consumers
imported only value symbols that resolve to `sql-editor-state.ts`; none
imported the `StateSnippet`/`StateSnippetFolder` types via the facade.
- Symbol names keep their `V2` suffix for now — renaming
`useSqlEditorV2StateSnapshot` etc. is a separate, larger churn best done
on its own.
- 25 files: 23 one-line import changes + 2 deletions (23 insertions / 39
deletions).

## Validation

- `pnpm --filter studio typecheck`  (confirms no dangling facade/barrel
imports anywhere)
- `pnpm exec vitest --run state/sql-editor/`  (113 passed)
- lint  (0 errors; no ratcheted-rule regressions — a path swap can't
add `any`/deps/nested-component violations, and no import-order rule is
enforced)
- grep confirms zero remaining `sql-editor-v2` references

---------

Co-authored-by: supabase-autofix-bot <noreply@supabase.com>
2026-07-02 13:15:47 -04:00
Seid Muhammed f9fc5c8020 fix: table-editor-negative-bigint-filter-precision (#47471)
Fixes: #47470

## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES

## What kind of change does this PR introduce?

Bug fix.

## What is the current behavior?

In the Table Editor, filtering a `bigint` (`int8`) column by a large
**negative** value
returns the wrong results (the matching row does not appear), while the
equivalent large
**positive** value works correctly.

`formatFilterValue` (`apps/studio/data/table-rows/utils.ts`) keeps
out-of-range bigint
filter values as strings so they reach Postgres without precision loss,
but it only guards
the upper end of the JS safe-integer range:

```ts
const numberValue = Number(filter.value)
// Supports BigInt filter values
if (Number.isNaN(numberValue) || numberValue > Number.MAX_SAFE_INTEGER) return filter.value
else return Number(filter.value)
```

`numberValue > Number.MAX_SAFE_INTEGER` is always `false` for negative
numbers, so large
negative bigints (e.g. the int8 minimum `-9223372036854775808`) fall
through and get rounded
by `Number()` (`Number('-9223372036854775808')` →
`-9223372036854776000`). The rounded value
is then sent to SQL, so the filter no longer matches the intended row.
The same helper feeds
the row count and "delete all matching" queries.

Steps to reproduce:

1. Create a table with a `bigint` column `id`.
2. Insert a row with `id = -9223372036854775808`.
3. In the Table Editor, filter `id = -9223372036854775808`.
4. The row is not returned. Filtering by `9223372036854775807` works as
expected.

## What is the new behavior?

Large negative bigints are now preserved as strings just like large
positive ones, so the
literal sent to Postgres matches what the user typed and the filter
returns the correct rows.

The fix guards the safe-integer range by magnitude:

```ts
if (Number.isNaN(numberValue) || Math.abs(numberValue) > Number.MAX_SAFE_INTEGER)
  return filter.value
else return numberValue
```

In-range values and large positive bigints are unaffected.

## Additional context

- Added unit tests in `apps/studio/data/table-rows/utils.test.ts`
covering non-numerical
passthrough, in-range coercion (positive and negative), `NaN`
passthrough, large positive
bigints (existing behavior), large negative bigints (regression), and
the exact
  safe-integer bounds.
- The negative-bigint test fails on `master` and passes with this
change.

Verify locally:

```bash
pnpm --filter studio exec vitest run data/table-rows/utils.test.ts
```

No API, schema, or infrastructure changes.


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Improved filter value formatting to keep the original input when
numeric conversion would be unsafe (invalid numbers or values outside
safe-integer bounds), including large negative inputs.

* **Tests**
* Added automated coverage for filter value formatting across
non-numeric values, valid numeric coercion, invalid numeric strings, and
bigint-like edge cases (including a large negative regression case).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Ali Waseem <waseema393@gmail.com>
2026-07-02 10:05:13 -06:00
Gildas Garcia c41e2835e3 chore: UI theme cleanup (#47519)
## Problem

- We still use/maintain the legacy theming even though we moved to
Shadcn
- We have two themes list with similar code

## Solution

- Migrate some components to `cva` and `cn` instead of `styleHandler`
- Remove redundant `themes` in favor of `singleThemes`

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Standardized theme selection across the app so theme menus
consistently offer the same light/dark/system options, including
dropdowns, navigation menus, and command menus.
* **Refactor**
* Refreshed styling for multiple shared UI components (menus, tabs, side
panels, loading indicators, icons, and modal dialogs) to improve
consistency while preserving visual behavior.
* **Chores**
* Improved the UI patterns CI “validate exports” check for clearer
failure output when exports change unexpectedly.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-02 17:03:08 +02:00
Ali Waseem 2b566175b1 fix(studio): prevent FK peek popup from extending outside viewport (#47510)
Fixes the `ReferenceRecordPeek` popup extending outside the browser
viewport when clicking the FK arrow button on lower table rows in the
Table Editor.

Closes FE-3761

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Improved popover positioning near screen edges so reference previews
stay visible in more cases.
* Constrained the reference preview table to a fixed height with clipped
overflow, keeping the preview panel compact and easier to scan.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-02 07:18:02 -06:00
Jordi Enric 0bfca221e9 feat(functions): migrate EdgeFunctionRecentErrors to logs.all.otel (#47489)
## Problem

The edge function overview page (gated by the \`edgeFunctionsOverview\`
flag) runs three log queries against the legacy BigQuery \`logs.all\`
endpoint. These need to move to the ClickHouse-backed \`logs.all.otel\`
endpoint to stay consistent with the rest of the logs migration.

## Fix

Rewrote the three SQL query builders in
\`EdgeFunctionRecentErrors.utils.ts\` from BigQuery syntax to ClickHouse
syntax targeting the \`edge_logs\` OTEL schema. Added \`{ useOtel: true
}\` to all three \`useLogsQuery\` calls to route them to the
\`logs.all.otel\` endpoint.

Key field mappings used:
- \`metadata[0].function_id\` -> \`LogAttributes['function_id']\`
- \`metadata[0].execution_id\` -> \`LogAttributes['execution_id']\`
- \`metadata[0].level\` / \`metadata[0].event_type\` -> \`SeverityText\`
/ \`LogAttributes['event_type']\`
- \`timestamp\` -> \`toUnixTimestamp64Micro(Timestamp)\` (preserves
microsecond integer format expected downstream)
- HTTP invocations filtered by \`LogAttributes['event_type'] =
'Request'\`
- Runtime logs filtered by \`LogAttributes['event_type'] = 'Log'\`

## How to test

- Enable the \`edgeFunctionsOverview\` feature flag on a project that
has an edge function with recent invocations and errors
- Navigate to the function overview page
- The "Errors since last deploy" section should load and display error
groups correctly
- Each error group should show count, last seen time, method, status
code, and execution time
- Expanding a group should show related runtime logs beneath it
- With no errors, the empty state should show the invocation count since
last deploy

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Improved Edge Function recent errors with more accurate filtering of
server-side failures.
* Expanded Edge Function runtime log coverage for clearer event
visibility.
* Refreshed Edge Function since-deploy invocation counts to better match
current log querying behavior.
* **Documentation**
* Refined “minimal, well-formed query” guidance, including requiring an
identifying comment at the start and clearer log source scoping
examples.
* **Tests**
* Updated unit tests to match the revised SQL/log filtering and
selection logic.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-07-02 13:03:29 +02:00
Jordi Enric 91d70a8c38 feat(studio): chart bar links open unified logs when enabled (#47502)
## What

When the unified logs preview is enabled, clicking a chart bar that
links to a logs view now opens **unified logs** (scoped to the service
and time bucket) instead of the legacy logs explorer.

Surfaces updated:
- Homepage project usage charts (`ProjectUsageSectionDeltas`,
`ProjectUsageSection`)
- Observability overview service health table (`ObservabilityOverview`)
— also fixes the API Gateway row and passes the time range via the
`date` param unified logs actually reads

Adds a small `buildUnifiedLogsUrl` helper so the deep-link format
(`filter=log_type:eq:<type>` + `date` epoch-ms range) lives in one
place.

When the preview is off, behavior is unchanged (legacy logs explorer).

Resolves O11Y-2133.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added unified logs navigation for project usage and observability
charts.
* Chart bar clicks now open the unified logs view with service-specific
filtering and a computed time window.
* **Bug Fixes**
* Updated observability and usage charts to generate the correct unified
logs URLs (including `log_type` filtering and optional date ranges).
* Preserved legacy log navigation behavior when unified logs are
disabled.
* **Tests**
* Added unit tests covering unified logs URL generation, query
parameters, and date handling.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-02 13:02:46 +02:00
Ivan Vasilov fae2c5b96e chore: Add org slug and project ref as tags to the Sentry data (#47442)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Enhanced telemetry to include the active project reference and
selected organization on events.
* Cleared and re-applied project and organization tags when navigating
to prevent stale tagging.
* Only applies user identification when user account details are
available.
* **Tests**
* Updated telemetry tests to cover the additional tagging behavior by
extending Sentry mocks accordingly.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-02 11:47:13 +02:00
Ali Waseem 3fcf980b0a fix(studio): batch of production Sentry crash fixes (array/null guards) (#47460)
Fixes a batch of production Studio crashes from Sentry (all caught by
the global error boundary). Most are missing array/null guards where an
endpoint typed as an array — or with a nested array field — returned a
non-array body in production; a few are one-off render crashes.

Resolves FE-3748.

## Issues fixed

| Sentry | Error | Fix |
| --- | --- | --- |
| [J7R](https://supabase.sentry.io/issues/7492997940/) | Maximum update
depth exceeded | Disable RadialBar animation in disk-cooldown countdown
|
| [JR5](https://supabase.sentry.io/issues/7548484681/) |
resourceWarnings.find is not a function | Guard in
ResourceExhaustionWarningBanner |
| [JCJ](https://supabase.sentry.io/issues/7506024989/) |
resourceWarnings.find is not a function | Guard in ProjectLayout +
normalize query |
| [K1Y](https://supabase.sentry.io/issues/7584792331/) | snippet.name on
undefined | Optional-chain SQL editor download filename |
| [B3K](https://supabase.sentry.io/issues/7141649636/) |
pagination.count on undefined | Guard pagination in projects infinite
query |
| [JVP](https://supabase.sentry.io/issues/7560437621/) | schemas.some /
extensions.find | Coerce pg-meta lists to arrays in
useInstalledIntegrations |
| [JR2](https://supabase.sentry.io/issues/7548339272/) | extensions.find
is not a function | (same fix as JVP) |
| [JQR](https://supabase.sentry.io/issues/7547163939/) | lints.filter is
not a function | Normalize project lints query |
| [JR3](https://supabase.sentry.io/issues/7548433501/) |
entitlements.find is not a function | Guard call sites + normalize
entitlements query |
| [JQS](https://supabase.sentry.io/issues/7547557098/) |
selected_addons.find is not a function | Normalize addons query arrays |


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Improved stability across several Studio screens by handling missing
or unexpected data more safely.
* Downloads now use a fallback name when a snippet name isn’t available.
* Project, entitlement, schema, addon, warning, and extension views are
less likely to break when data is missing or not in the expected format.
* Pagination and countdown visuals now behave more consistently, with
reduced chance of runtime errors or animation-related glitches.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
2026-07-02 08:38:17 +00:00
Charis 7c1ea30e43 refactor(studio): extract useSnippetEditor from MonacoEditor (#47500)
## What

PR 7 of the SQL editor state re-layering stack. Extracts the snippet
editing lifecycle out of `MonacoEditor` into a co-located
`useSnippetEditor` hook, and consolidates the edit debounce.

`useSnippetEditor` owns:
- creating the snippet in the store on first edit and routing to its URL
(replace vs push for a `?content=` deep link)
- writing changes back to the store via `setSql` (with
`wasNeverPersisted` → `shouldInvalidate`)
- seeding the editor from the `content` param
- the read-only determination (`canEditSnippet`)

`MonacoEditor` now consumes `{ snippet, disableEdit, handleEditorChange
}` and keeps only the editor shell + Monaco action wiring. It sheds the
`router`/`profile`/`project`/`params`/store/tabs hooks.

`handleEditorChange` was also flattened with an early return.

## Debounce consolidation

Previously there were **two 1s debounces in series**: `useSnippetEditor`
debounced editor changes before writing to the store, and the save
mechanism (`createSaveMechanism`) already debounces persistence. That
added latency (up to ~2s to save) and split the "when to persist" timing
policy across two layers — at odds with PR 5's design where the
scheduler/mechanism owns *when* and dirty state is meant to be
immediate.

This PR removes the editor-side debounce: edits write to the store
synchronously on every change, and the save mechanism's 1s debounce is
the sole throttle. Net effects:
- the store — and the snippet's dirty status — reflects the latest edit
immediately (correct for the future manual-save mode's Save button / nav
guard)
- save fires ~1s after the *last* keystroke instead of up to ~2s
- only the active snippet's own reactive consumers (a lightweight
sidebar item) re-render per keystroke; Monaco is uncontrolled
(`defaultValue`) so it is unaffected

Note: the double-debounce was legacy (the pre-refactor god store had the
same `useDebounce(value, 1000)` in MonacoEditor plus a debounced
module-load subscribe).

## Notes

- Behavior-preserving in outcome — autosave still lands ~1s after typing
stops, just with lower latency and immediate store consistency.

## Validation

- `pnpm --filter studio typecheck` 
- `pnpm exec vitest --run state/sql-editor/`  (110 passed)
- lint  (0 errors; no ratcheted-rule regressions)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* SQL editor changes now apply immediately, with unsaved status
reflected as soon as you edit.
* The editor now keeps the latest snippet details available for saving,
improving reliability when using “Save Query.”

* **Bug Fixes**
* Improved handling for creating and opening snippets from shared links
or prefilled content.
* Fixed status updates so saved snippets correctly switch to unsaved
after edits.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-01 15:59:15 -04:00
Charis c8edb48638 fix: warning for resizes that touch < large (#47509)
Add a warning that resizes may take additional time if they touch an
instance size < large.

Resolves FE-3746

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Added an additional warning in the disk management review dialog when
a resize may require extra downtime.
* The dialog now highlights higher-risk resize changes before
submission, helping users make more informed decisions.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-01 18:51:06 +00:00