Mark provenance of SQL via the branded types SafeSqlFragment and
UntrustedSqlFragment. Only SafeSqlFragment should be executed;
UntrustedSqlFragments require some kind of implicit user approval (show
on screen + user has to click something) before they are promoted to
SafeSqlFragment.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Editor and RLS tester show loading states for inferred/generated SQL
and include a dedicated user SQL editor for safer edits.
* **Refactor**
* Platform-wide SQL handling tightened: snippets and AI-generated SQL
are treated as untrusted/display-only until promoted, improving safety
and consistency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR migrates the whole monorepo to use Tailwind v4:
- Removed `@tailwindcss/container-queries` plugin since it's included by
default in v4,
- Bump all instances of Tailwind to v4. Made minimal changes to the
shared config to remove non-supported features (`alpha` mentions),
- Migrate all apps to be compatible with v4 configs,
- Fix the `typography.css` import in 3 apps,
- Add missing rules which were included by default in v3,
- Run `pnpm dlx @tailwindcss/upgrade` on all apps, which renames a lot
of classes
- Rename all misnamed classes according to
https://tailwindcss.com/docs/upgrade-guide#renamed-utilities in all
apps.
---------
Co-authored-by: Jordi Enric <jordi.err@gmail.com>
## Problem
On self-hosted Supabase instances where the `pg_stat_statements`
extension is not installed, the Observability Overview page
automatically queries the extension on every page load. This produces
"relation pg_stat_statements does not exist" errors in Postgres logs for
all projects without the extension. Additionally, if a user navigated to
the Query Performance page, they received a generic error with no
actionable guidance. A secondary issue allowed malformed sort URL params
(e.g. `?sort=created_at:asc&order=asc`) to be interpolated directly into
SQL ORDER BY clauses.
## Fix
- Wrapped the `useSlowQueriesCount` SQL in a `CASE WHEN EXISTS (SELECT 1
FROM pg_extension WHERE extname = 'pg_stat_statements')` guard. The
query now returns 0 silently instead of erroring when the extension is
absent.
- Added a `VALID_SORT_COLUMNS` whitelist in
`generateQueryPerformanceSql`. Invalid column names from URL params are
rejected and the query falls back to the preset default ORDER BY.
- When the Query Performance page fails because `pg_stat_statements`
does not exist, a `warning` admonition now appears with "Enable it in
Database -> Extensions" guidance instead of a generic destructive error.
The Sentry capture is skipped for this expected configuration state.
- Extracted `buildSlowQueriesCountSql` as a testable function and added
unit tests for both fixes.
## How to test
**Extension not installed (self-hosted):**
1. Run a self-hosted Supabase instance without the `pg_stat_statements`
extension enabled.
2. Navigate to the Observability Overview page.
3. Check Postgres logs -- no "relation pg_stat_statements does not
exist" errors should appear.
4. Navigate to the Query Performance page.
5. Expected: a yellow warning admonition appears saying the extension is
not enabled, with a link to Database -> Extensions. No red error.
**Extension installed (normal flow):**
1. With `pg_stat_statements` installed, navigate to Observability
Overview.
2. Expected: slow queries count loads as normal.
3. Navigate to Query Performance -- data loads as normal.
**Invalid sort URL param:**
1. Navigate to
`/project/<ref>/observability/query-performance?sort=created_at:asc&order=asc`.
2. Expected: the page loads and falls back to the default sort order
(total time descending). No SQL error in logs.
**Unit tests:**
```
node apps/studio/node_modules/vitest/dist/cli.js run --no-coverage \
apps/studio/components/interfaces/Observability/useSlowQueriesCount.test.ts \
apps/studio/components/interfaces/QueryPerformance/useQueryPerformanceQuery.test.ts
```
All 28 tests should pass.
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
## Problem
The Query Performance page loaded all results in a single query with a
fixed limit of 20 rows, giving users no way to browse beyond the first
page. There was also no way to control how many rows were shown at once.
## Fix
adds pagination
## How to test
- Navigate to `/observability/query-performance` in Studio
- scroll to bottom
- should automatically load more results
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
## Context
Adds a source filter for the query performance advisor so you can filter
out queries from the dashboard, or not from the dashboard
<img width="309" height="217" alt="image"
src="https://github.com/user-attachments/assets/c1fab9af-e57e-482f-afdb-d77a6600edb3"
/>
For transparency how this works:
- Queries fired via the dashboard through the /query endpoint get
enriched with metadata from the API to include a comment like `--
source: dashboard`
- That's mainly how this filter works atm, to check if this comment
exists if the source "Dashboard" is selected, and the inverse if the
source "Non dashboard" is selected
Add a Query Performance page implementation powered by
[supamonitor](https://github.com/supabase/supamonitor).
[Context](https://linear.app/supabase/project/build-extension-for-supabase-query-insights-df4fb145352c/overview)
This looks largely the same as the pg_stat_monitor implementation:
<img width="2556" height="960" alt="Screenshot 2026-02-12 at 7 35 47 PM"
src="https://github.com/user-attachments/assets/bf37466e-f7af-41f2-b4f2-cf8eb6a8c76f"
/>
Only available on projects on custom AMI - existing users are unaffected
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Supamonitor-based query performance view: charts, aggregated metrics,
date-range controls, and export/download.
* Added "Application" column for per-application tracking.
* Interactive Supamonitor grid: sorting, filtering, keyboard navigation,
selection, retry/error handling.
* Automatic per-project Supamonitor detection with toggleable UI
integration.
* **Bug Fixes**
* Chart latency calculation prefers histogram data for more accurate
p95.
* **Documentation**
* Minor blog formatting fix.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: kemal <hello@kemal.earth>
Co-authored-by: Ali Waseem <waseema393@gmail.com>
* feat: more generic observability banner on db report
* feat: try popup in corner
* feat: tidy up and fix up event as well
* feat: add event for dismiss as well
* feat: add supplementary link at bottom of reports
* fix: sizing of fonts
* feat: banner stack approach
* fix: isIndexAdvisorAvailable dep
* chore: remove unused import for old banner
* feat: remove unused isDismissed
* chore: remove unused cn
* chore: change prio on query perf page
* chore: remove unused sendEvent
* chore: better useEffect cleanup
* chore: remove unused index advisor notice
* fix: priority of banner stack
* fix: first time loader flickering
* chore: lowercase the word Free
* feat: add IS_PLATFORM to make sure metrics api banner is scoped to platform
* chore: another copy update for observability link
* fix: telemetry keys to match styleguide
* fix: use the correct way to apply events
* feat: add events for index advisor banner too
* chore: delete unused old banner
* fix: dismiss buttons not working
* feat: add extra event to enable index advisor
* feat: change the check to show index advisor tab at all times
* fix: hide add to log drains on export menu in query perf
* fix: small fallback for pathname check
* fix: query perf header block responsiveness
* feat: admonition for index advisor
* fix: add aria-describedby to query perf sheet
* feat: proper way to do sheet description
* chore: better title spacing in panel
* fix: indexes in use empty state
* fix: key in observability menu
* feat: better highlighting of index advisor issues
* feat: add docs button to empty indexes tab
* feat: remove unused code
* feat: use button tooltips for reset and refresh to gain space
* feat: add dismiss to index advisor banner
* feat: add warnings filter to query perf
* feat: filter all queries for warnings
* fix: selected state for warning rows
* fix: fallback for isLogs check
* fix: other instance of download button
---------
Co-authored-by: Ali Waseem <waseema393@gmail.com>
* feat: setup chart area and tabs
This sets up the area where we can expect the insights chart as well as the tabs mechanism.
* feat: parse pg_stat_monitor logs as json
* feat: create query perf chart utils and move transfrom function
Created a utils file for our QueryPerformanceChart component. This moves the logs to JSON transform function there.
* feat: add timerange to chart
* feat: add date selector to query perf overview
This adds the selector to the top right of the page allowing the user to switch between last hour, 3 hours and 24 hours
* feat: modify chart component to accomodate hiding bits
* feat: add metrics to each tab
* chore: update to 60 min by default and some css
* feat: centralise data parsing for logs
* feat: clean up filters bar
This rewires the export to give you the aggregate pg_stat_monitor data. Also removes unused buttons and filters.
* feat: percentiles for query latency chart
* feat: filter out non evenets from pg_stat_monitor logs
* feat: utils for cache misses and hits
* feat: add selected query to chart on click
* feat: add click through to query panel
* chore: tidy up files
* chore: distinction between selected and open panel
* feat: move query performance fully into reports area
* fix: preserve query params on reports link
* fix: remove right icon syntax in report menu
* chore: remove cache misses from cache chart
* refactor: backwards compatibility for statements if right db version isnt available
* chore: delete randomly generated empty file
* chore: tidy up unused imports and vars
* chore: remove console logs
* chore: remove isMounted from query perf
* fix: cmd k query perf path
* feat: simplify query latency only p50 and p95
This seems to give us a more accurate reading as we can calculate these two
* fix: cache hit rate not showing inside query details
* chore: chart bg colour adjust
So it contrasts a little better on light mode.
* feat: show selected query on other verticals
* feat: bring back symlink in advisors
Charis