Splits the Edge Function secrets page into two sections so reserved
Supabase env vars are always visible, even on new projects without any
user secrets created.
<img width="1605" height="1006" alt="Screenshot 2026-04-29 at 12 20
43 PM"
src="https://github.com/user-attachments/assets/fc74f10e-557d-45bb-b0f0-66a706a9facb"
/>
**Added:**
- `DefaultEdgeFunctionSecrets` component — a read-only reference list
(Name + Description) of every `SUPABASE_*`, `SB_*`, and `DENO_*` env var
available in every project, sourced from [the
docs](https://supabase.com/docs/guides/functions/secrets#default-secrets)
- `isInternalEdgeFunctionSecret` helper used to filter the custom
secrets table
**Changed:**
- The custom secrets section now renders first (more actionable), with
the educational default secrets section below it
- Custom secrets table now filters out anything matching `SUPABASE_*` or
any of the hardcoded default names
**Removed:**
- `isReservedSecret` regex check + its tooltip branches in
`EdgeFunctionSecret.tsx` — dead code now that the custom table never
receives an internal secret
Addresses
[FE-3096](https://linear.app/supabase/issue/FE-3096/split-edge-function-secrets-into-internal-and-user-defined-views).
## To test
- Open `/project/_/functions/secrets` on a fresh project (no custom
secrets)
- "Default secrets" section is visible and lists all 9 env vars with
descriptions
- "Custom secrets" section shows the empty state
- Create a custom secret — appears in the Custom section, not the
Default section
- Edit/delete dropdown still works on custom secrets
- Search input only filters the custom secrets table
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a "Default secrets" section showing built-in edge-function
secrets with names, descriptions, and a "Deprecated" badge where
applicable.
* Secret names are clickable to copy to clipboard with a success
notification; secret names/values use inline code styling.
* UI now separates "Custom secrets" and "Default secrets" with distinct
empty states.
* **Bug Fixes**
* Edit/Delete controls reflect actual permission state (no longer
disabled for default/reserved secrets).
* **Tests**
* Added tests for default-secret detection and visibility rules.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
This PR fixes some prettier issues:
- Bump and unify all prettier versions to 3.7.3 across teh whole repo
- Bump the SQL prettier plugin
- When running `test:prettier`, check `mdx` files also
- Run the new prettier format on all files
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
## What kind of change does this PR introduce?
feature
## What is the current behavior?
Empty secrets page doesn't mention default `SUPABASE_*` envs.
<details>
<img width="2888" height="1418" alt="image"
src="https://github.com/user-attachments/assets/20a5ab71-9bb5-44c9-8dc4-0069f7605fcb"
/>
</details>
## What is the new behavior?
Add mentions to available default secrets as well useful doc link
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Improvements**
* Clarified the Edge Functions "No secrets created" state to note that
SUPABASE_* default environment variables are available.
* Enhanced empty-state content with an explicit SUPABASE_* code example,
lighter text styling for readability, and an inline link to the
documentation for default secrets.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Kalleby Santos <kallebysantos@Kallebys-MacBook-Pro.local>
Co-authored-by: Danny White <3104761+dnywh@users.noreply.github.com>
## Context
Addresses a small footgun where copying and paste a single value with
new lines and hitting save in the edge function secrets page will also
save the new lines in the secret name.
Fix is just adding a trim
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Internal code organization and refactoring improvements to enhance
codebase maintainability and consistency across the Functions module.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
* Refactor to remove usage of useQueryStateWithSelect in auth policies and vector bucket
* Refactor to remove usage of useQueryStateWithSelect in edge functionn secrets
* Add shimmering-loader CSS to ui-patterns.
* Import the shimmering-loader classes from the ui-patterns component.
* Remove ShimmeringLoader from studio.
* Migrate studio to use ui-patterns/ShimmeringLoader.
* Migrate away from using default import for ShimmeringLoader.
* Fix the css imports in docs and studio.
* Bump the deps, refactor deprecated code.
* Migrate keepPreviousData usage.
* Migrate all uses of InfiniteQuery.
* Fix refetchInterval in queries.
* Migrate all use of isLoading to isPending in mutations.
* Fix accessing location in claim-project.
* Fix a bug in duplicate query keys.
* Migrate all queries to use isPending.
* Revert "Fix accessing location in claim-project."
This reverts commit 2a07df64b5.
* Revert the rss.xml file to master.
According to our API permissions model, the read-only role can also read
secrets metadata (the actual secret itself is not viewable by anybdoy).
Updating the frontend UI to match.
* Update perms checking in audit logs
* Deprecate useCheckPermissions, useIsPermissionsLoaded and useCheckProjectPermissions as they're no longer used
* Rename useAsyncCheckProjectPermissions to useAsyncCheckPermissions
* Fix TS
* improve some studio mobile layouts
* improve some studio mobile layouts
* improve settings
* assistant mobile
* assistant mobile
* assistant mobile
* responsive formlayout and new project layout
* improve dashboard pages headers
* improve dashboard auth pages
* mobile org settings
* mobile billing fixes
* adjust paused project container height
* remove comments
* triggers
* leftovers
* ai assistant
* fix errors
* remove 16px input size
* fix test
* merge access tokens settings page conflicsts
* smol integrations here and there
* Add lucide-react to docs (to make the autocomplete work).
* Migrate the docs app icons.
* Migrate the ui-patterns.
* Remove the old icons from ui package.
* Migrate the www app from react-feather icons.
* Migrate all of studio icons.
* Migrate the only component in design-system.
* Fix an old import in ui package. Revert an import in docs app.
* Fix some pages in www.
* Remove unneeded files used in generation of icons.
* Fix a prettier error.
* Fix more issues in www.
* Fix an issue in Log Date picker.
* Replace all string sizes with number sizes because the icons grew in some cases.
* Fix more imports in security page.
* Fix an extra import.
* Remove the size prop from all icons if they're in a button and they match the button size.
* Minor fixes for docs and www.
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* Update the design of the sonner toasts. Add the close button by default.
* Migrate studio and www apps to use the SonnerToaster.
* Migrate all toasts from studio.
* Migrate all leftover toasts in studio.
* Add a new toast component with progress. Use it in studio.
* Migrate the design-system app.
* Refactor the consent toast to use sonner.
* Switch docs to use the new sonner toasts.
* Remove toast examples from the design-system app.
* Remove all toast-related components and old code.
* Fix the progress bar in the toast progress component. Also make the bottom components vertically centered.
* Fix the width of the toast progress.
* Use text-foreground-lighter instead of muted for ToastProgress text
* Rename ToastProgress to SonnerProgress.
* Shorten the text in sonner progress.
* Use the correct classes for the close button. Add a const var for the default toast duration. Remove the custom width class from sonner.
* Set the position for all progress toasts to bottom right. Set the duration for all toasts to the default (when reusing a toast id from loading/progress toast, the duration is set to infinity).
* Fix the playwright tests.
* Refactor imports to use ui instead of @ui.
* Change all imports of react-hot-toast with sonner. These components were merged since the last commit to this branch.
* Remove react-hot-toast lib.
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
Co-authored-by: Jonathan Summers-Muir <MildTomato@users.noreply.github.com>
* fix: update Permission params
* fix: upgrade check permission hook to support project level role
* fix: usePermissionsLoaded
* fix: Permission params can be undefined
* Scaffold new access management UI
* Add validation
* Update roles view
* Add tooltip
* Add button to apply role to all projects
* Update UI to select projects first instead of roles
* Merge master update UI
* Midway trying to implementation project level perms API
* First pass implementating updating project level permissions
* Add client side validation for assigning/removing roles
* Midway implementing new invites
* Integrate most of the project level permissions functionality
* fix: filter out org-level permissions before checking
* Add relevant UI guards in org level pages for project role POV
* Minor refactors
* Small refactors
* More fixes
* Moar refactors
* More fixes
* More fixes
* Refactor update role logic and smack some test cases on it
* Fixes
* Fix type issue
* Fix type
* more fixes, refactors, adding checks...
* MORE fixes
* Add perms checking for replicas
* Add ButtonTooltip component and use them to prevent repetition of pointer events auto for buttons with tooltips
* Convert all buttons with tooltips to use ButtonTooltip
* refactor
* PRettier
* Small fix
* Remove commented out code in organization-invitation-accept-mutation
* fix: switch to use the platform oauth authorizations routes
* Add perms checking for org audit logs and org oauth apps
* PRettier
* Fix incorrect URL for oauth app flow
* Fix incorrect URL for oauth app flow
* Fix
* Add perms checking for warehouse related UI
* Update roles helper icon
* remove unused lib
* Update package lock... again
* Update package lock... again
* Smalllll update
* Update some checks
* Add gate for project level permissions
* Last fix
* update codegen
* Update warehouse endpoint routes
* Fix
---------
Co-authored-by: phamhieu <phamhieu1998@gmail.com>
Co-authored-by: Alaister Young <a@alaisteryoung.com>
* Move all studio files from /studio to /apps/studio.
* Move studio specific prettier ignores.
* Fix the ui references from studio.
* Fix the css imports.
* Fix all package.json issues.
* Fix the prettier setup for the studio app.
* Add .turbo folder to prettierignore.
* Fix the github workflows.
Alaister Young