mirror of
https://github.com/supabase/supabase.git
synced 2026-05-08 01:40:13 -04:00
create-pull-request/patch
784 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
 Saxon Fletcher
|
4452e0ac2e |
Support form sidebar (#45203)
Refactors our help sidebar within Studio to include the actual support form itself when contact is selected. This PR also cleans up the initial state of the sidebar and the options within. ## To test: - Open an org and click the help icon top right - Click contact support - Submit a support ticket - Click done to return to support sidebar state <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Support form V3 and support sidebar with status button; direct-email helper and URL prefill * Success screen supports onFinish callback and customizable finish label * AI Assistant and Help options accept optional click callbacks; resource items gain keyboard/accessibility support * **Refactor** * Help panel split into home/support views with back navigation * Support components accept flexible align/className props and layout/styling tweaks * Initial URL params loader added for support form * **Tests** * New/updated tests for support flows, success screen, and help options interactions <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Gildas Garcia <1122076+djhi@users.noreply.github.com> |
||
|
Danny White
|
f32977f04d |
chore(studio): show active shortcuts in reference sheet (#45614)
## What kind of change does this PR introduce? UI chore. ## What is the current behavior? The Keyboard shortcuts sheet renders shortcut definitions from the static registry, so contextual Database navigation shortcuts appear in the sheet even when `DatabaseLayout` is not active. This makes the Navigation section noisy as more product-specific navigation shortcuts are added. ## What is the new behavior? The shortcuts sheet now reads the mounted, enabled shortcut set at runtime. Global navigation remains under Navigation when it is the only navigation scope, and splits into _**Global** Navigation_ plus _**Database** Navigation_ when contextual database shortcuts are active. This also replaces the one-off `DatabaseNavShortcuts` component with a reusable `ProductMenuShortcuts` registrar so future product layouts can register scoped navigation shortcuts from their product menu model. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added keyboard shortcut support for product menu navigation items with router integration * **Improvements** * Keyboard shortcuts are now organized into logical groups (Global Navigation and Database Navigation) * Shortcut reference dynamically displays only active shortcuts instead of static definitions <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Ali Waseem <waseema393@gmail.com> |
||
|
Jordi Enric
|
bef828ae48 |
feat(studio): apply timezone picker to observability/reports charts (#45667)
## Problem The dashboard's timezone picker (#45517) propagates to log timestamps and the shared TimestampInfo component, but observability and reports charts still render their X-axis labels, range labels, and tooltip headers in the browser's local timezone. The result is jarring once a user picks a non-local timezone: hover a chart and you get one tz, hover a log row and you get another. ## Fix Routes all display-side timestamp formatting in the chart layer through the existing picker-aware helpers (\`useFormatDateTime\` / \`formatDateTime\`) so chart UI matches the rest of the dashboard. - **ComposedChart.utils** \`CustomTooltip\` (the hotspot — drives every observability dashboard tooltip): reads the active timezone via \`useTimezone\` for both the header label and the formatted timestamp. - **AreaChart** / **BarChart**: introduce a \`formatChartDate\` helper that honours each component's existing \`displayDateInUtc\` prop, otherwise routes through the picker. - **ChartBlock**: the two recharts \`labelFormatter\` arrows now close over \`useFormatDateTime\`. - **ChartHighlightActions**: range labels in the zoom dropdown migrated to the same hook. Intentionally untouched (must stay UTC): - \`ChartHandler\` / \`ChartBlock\` \`startDate\`/\`endDate\` (API range params, day boundary). - \`ChartBlock.tsx:166\` explicit \`.utc()\` data-key normalisation. - \`useFillTimeseriesSorted\` and friends (range math, no display). ## How to test - Sign in. Open the avatar dropdown, pick a timezone different from your browser local (e.g. Asia/Tokyo). - Visit any project, then \`/project/<ref>/reports/database\` (or any \`/observability/...\` page). - Hover any chart series — the tooltip header should display the chosen IANA name and times in that timezone. - Click-drag a range on a chart to open the zoom dropdown — start/end labels in the menu should also be in the chosen timezone. - Switch back to "Auto detect" and confirm everything reverts to browser-local. - For an AreaChart/BarChart that uses \`displayDateInUtc\` (e.g. some legacy reports), confirm those still render in UTC regardless of picker. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Standardized date/time formatting across charts, tooltips, axis labels, header/footer labels, and highlight range labels in Reports and chart components. * Switched to a shared, timezone-aware formatter that respects UTC display mode or the selected picker/timezone, ensuring consistent, human-readable timestamps throughout the UI. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
kemal.earth
|
3864f25336 |
fix(studio): unified logs ui quriks (#45648)
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Spotted a couple of Tailwind 4 migration UI quirks. This PR should fix them. #### 1. Outline around table body | Before | After | |--------|--------| | <img width="1036" height="240" alt="Screenshot 2026-05-06 at 16 37 17" src="https://github.com/user-attachments/assets/fc16a530-8457-4b4e-892c-19f5027e4d58" /> | <img width="976" height="270" alt="Screenshot 2026-05-06 at 16 54 11" src="https://github.com/user-attachments/assets/72d8eddc-6b3f-40ba-a211-e8939a104c36" /> | #### 2. Gap between header buttons | Before | After | |--------|--------| | <img width="236" height="81" alt="Screenshot 2026-05-06 at 16 47 34" src="https://github.com/user-attachments/assets/5daaef6e-c7f1-46e7-81e1-3e1fd3290825" /> | <img width="187" height="51" alt="Screenshot 2026-05-06 at 16 54 15" src="https://github.com/user-attachments/assets/017f8399-4f5d-4ae6-b2ff-7ffbdbee3f8b" /> | <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Style** * Refined spacing in action controls layout for improved visual hierarchy * Updated focus outline styling to enhance keyboard navigation accessibility <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Ivan Vasilov
|
ea0523ce02 |
Fix the Connect button to show the text. (#45646)
The connect button was missing its text Before: <img width="833" height="244" alt="Screenshot 2026-05-06 at 17 46 23" src="https://github.com/user-attachments/assets/c03e972f-bef6-4bd7-8819-dd51509c58eb" /> After: <img width="678" height="208" alt="Screenshot 2026-05-06 at 17 46 58" src="https://github.com/user-attachments/assets/5b020017-133e-47c3-8138-925c27299665" /> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved screen reader accessibility in the Connect button by refining how text visibility is handled based on button display mode. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
kemal.earth
|
b2e5476146 |
feat(studio): tidy up bottom tray in logs interface (#45371)
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Tidying up the bottom panel in unified logs. Taking care of some visual quirks etc. Also preparing this area to house some other future concepts via tabs. | Before | After | |--------|--------| | <img width="828" height="384" alt="Screenshot 2026-04-30 at 11 24 09" src="https://github.com/user-attachments/assets/804bdf1c-7cdb-4dd8-bf1e-31c434ef1436" /> | <img width="830" height="407" alt="Screenshot 2026-04-30 at 11 22 53" src="https://github.com/user-attachments/assets/28555efe-f893-4bae-bcb0-284e6db733e6" /> | <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Redesigned service flow panel with Overview and Raw JSON tabs * Added Previous/Next navigation controls with Arrow Up/Down keyboard support * New detail components and section headers with icons for clearer organization * Improved Postgres detail view and message/session display * **Bug Fixes / Changes** * Removed legacy header UI and related controls * **UI / Style** * Enhanced copy-to-clipboard feedback animation * Updated "Load more" button styling * Adjusted panel sizing for improved resizing behavior <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Ali Waseem <waseema393@gmail.com> |
||
|
Charis
|
465121894d | studio: add sql provenance tracking to ai assistant + reports (#45608) | ||
|
Jordi Enric
|
d859176eac |
fix(studio): restore readable warning banner and toast close button after Tailwind v4 (#45585)
## Problem Two visual regressions surfaced after the Tailwind v4 migration (#45318): 1. The Postgres upgrade-failed banner used the deprecated `Alert` component, whose `warning` variant relies on custom `amber-1100` / `amber-1200` color tokens that no longer resolve. The title rendered as near-white on the yellow background. 2. The sonner toast close button forced `bg-transparent! hover:bg-transparent!`, letting the library's default translucent circle bleed through against the toast's overlay background on hover. ## Fix - Migrate `ProjectUpgradeFailedBanner` to `Admonition` (the recommended replacement per the deprecation note on `Alert`), which uses semantic `warning-*` tokens defined in the theme. - Drop the transparent-bg overrides on the sonner close button and give it a proper `hover:bg-surface-200` with a fixed `size-6` hit area so the X has a clean hover target. ## Before <img width="2940" height="338" alt="image" src="https://github.com/user-attachments/assets/2cf2cf52-cdf2-429d-b50c-5dc4e5b9c84b" /> ## After <img width="1642" height="506" alt="CleanShot 2026-05-06 at 11 14 03@2x" src="https://github.com/user-attachments/assets/b6c9b3e2-9d3e-437d-92a6-95d12730e842" /> ## Testing - [ ] Trigger a failed Postgres upgrade state and confirm the banner title/description/actions are all readable on the amber background. - [ ] Fire a toast and hover the close button — the hover should show a subtle square background, not a translucent circle. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fix** * Project upgrade failure banner now only appears when an upgrade has failed and no longer supports dismissing. * **Style** * Replaced the warning banner UI with a streamlined admonition that shows only a “Contact support” action. * Improved toast close-button styling for clearer sizing, color, and interaction states. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Danny White
|
000d0c73bd |
fix(studio): align child sidebar hover states (#45613)
## What kind of change does this PR introduce? UI polish. ## What is the current behavior? - A few product sidebar areas render menu rows outside the shared ProductMenu/Menu.Item styling path, so their hover and selected states differ from the rest of Studio. - Database product menu shortcut tooltips are also scoped to the text label instead of the full hoverable row. ## What is the new behavior? - Integrations Explore/Installed, Observability, and Reports sidebar rows now use the shared ProductMenu or Menu.Item pill styling. - Observability spacing is tightened after the ProductMenu conversion. - Product menu shortcut tooltips now wrap the full row trigger, so the entire Database sidebar row opens the tooltip. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Enhanced navigation menu components with improved loading and error state handling across the dashboard. * Streamlined menu structure and styling consistency for integrations, reports, and observability sections. * Added enhanced tooltip support for navigation items. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Joshen Lim
|
f7ea722b35 |
Consolidate grid header actions in table editor into a single row (#45504)
## Consolidate Table Editor grid header actions into a single row https://github.com/user-attachments/assets/1020c385-8fa9-4ef1-b5e7-03983111508b ## Changes involved - Index advisor, Realtime, and API docs are now behind a dropdown menu button (Treated as secondary actions) - Grid header actions shifted into the same row as filter bar (more space for data grid) - Header actions will hide while filter bar is in focus (remove distractions, more space for filter bar) ## Changes to filter bar - Filter bar will refocus when deleting a filter - Clicking on the search icon will focus on the free form input of the filter bar <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added a “More” dropdown in grid actions to access Realtime, API docs, and Index Advisor. * New dialogs for enabling Index Advisor and toggling Realtime are now consistently managed. * **Improvements** * Improved filter focus handling with auto-refocus when conditions change and responsive header behavior. * Adjusted popover alignment, separator visuals, header/footer/pagination layout and sizing. * Filter bar now supports programmatic focus; Connect button supports icon-only mode. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Gildas Garcia <1122076+djhi@users.noreply.github.com> |
||
|
Ali Waseem
|
2e904abebf |
feat(studio): add D + letter shortcuts for Database sub-pages (#45546)
## Summary Adds a contextual `D + <letter>` chord pattern for jumping between Database sub-pages, mounted only while `DatabaseLayout` is active. Establishes the pattern we can repeat for other sections (Auth, Storage, Functions, etc.). Linear: [FE-3140](https://linear.app/supabase/issue/FE-3140/define-subnavigation-pattern-for-database-management-page) ## Pattern - Chords are 2-key sequences (`D`, `<letter>`) — no global leader, no `G` prefix. - Registration is contextual: `<DatabaseNavShortcuts />` lives inside `DatabaseLayout`, so the leading `D` is only "owned" while the user is under `/project/<ref>/database/*`. Doesn't burn a global key. - Hover tooltips on each sub-menu item show the chord, anchored to the label text (Linear-style). Powered by `<ShortcutTooltip>` already used in the main nav. - Items hidden by feature flags (Roles, Column Privileges, Replication) auto-disable the chord — no muscle-memory navigating to a 404. ## Shortcuts added | Sub-page | Chord | Notes | |---|---|---| | Tables | `D T` | | | Functions | `D F` | | | Triggers | `D R` | t**R**iggers — `T` taken by Tables | | Indexes | `D I` | | | Extensions | `D X` | e**X**tensions | | Schema Visualizer | `D V` | | | Enumerated Types | `D E` | | | Publications | `D U` | p**U**blications — avoids collision with Schema Visualizer's `D P` (Download as PNG) | | Column Privileges | `D C` | flag-gated | | Settings | `D ,` | mirrors global `G ,` for project settings — avoids collision with Schema Visualizer's `D S` (Download as SVG) | | Replication | `D L` | rep**L**ication — flag-gated | | Roles | `D O` | r**O**les — flag-gated | | Backups | `D B` | platform-only | | Migrations | `D M` | | External-link sub-menu items (Policies, Wrappers, Webhooks, Security Advisor, Performance Advisor, Query Performance) are intentionally not chorded — they route out of `/database/*` and don't belong to the section's namespace. ## Collision audit Other shortcuts active on database pages (table-list, schema-visualizer) were checked against the new chords: - **Schema Visualizer** (`/database/schemas`): `D P` (Download PNG), `D S` (Download SVG), `O A`, `O S`. Publications and Settings were remapped to `D U` and `D ,` to avoid the `D P` / `D S` clashes. - **List pages** (`/database/tables`, etc.): `Shift+F`, `Shift+N`, `O S`, `F C` — no overlap with `D + <letter>`. ## Files - `state/shortcuts/registry/database-nav.ts` — new registry module with the 14 chord definitions. - `state/shortcuts/registry.ts` — spreads the new IDs/definitions into the canonical registry. - `components/interfaces/DatabaseNavShortcuts.tsx` — null-rendering hook component that wires `useShortcut` for each chord, keyed off `useGenerateDatabaseMenu` so URLs and feature gating stay in sync with the sidebar. - `components/layouts/DatabaseLayout/DatabaseLayout.tsx` — mounts the component. - `components/layouts/DatabaseLayout/DatabaseMenu.utils.tsx` — tags each menu item with its `shortcutId`. - `components/ui/ProductMenu/ProductMenu.types.ts` — adds optional `shortcutId?: ShortcutId` field. - `components/ui/ProductMenu/ProductMenuItem.tsx` — renders the hover tooltip when an item has a `shortcutId`, anchored to the label span. ## Test plan - [ ] On `/project/<ref>/database/tables`, press `D F` — navigates to `/database/functions`. - [ ] On `/project/<ref>/database/schemas`, press `D P` — downloads the PNG (Schema Visualizer wins, no nav conflict). - [ ] On `/project/<ref>/database/schemas`, press `D U` — navigates to `/database/publications`. - [ ] On `/project/<ref>/database/tables`, press `D ,` — navigates to `/database/settings`. - [ ] Hover any sub-menu item with a chord — pill appears next to the label after ~1s. - [ ] On a project with the Replication flag off — `D L` does nothing. - [ ] Navigate to `/auth` — pressing `D F` does nothing (chord unmounts with the layout). - [ ] Type `D` then `F` slowly inside an input — does not navigate (input-focus guard). |
||
|
Charis
|
0433eeb5f5 |
feat(studio): mark sql provenance for safety (#45336)
Mark provenance of SQL via the branded types SafeSqlFragment and UntrustedSqlFragment. Only SafeSqlFragment should be executed; UntrustedSqlFragments require some kind of implicit user approval (show on screen + user has to click something) before they are promoted to SafeSqlFragment. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Editor and RLS tester show loading states for inferred/generated SQL and include a dedicated user SQL editor for safer edits. * **Refactor** * Platform-wide SQL handling tightened: snippets and AI-generated SQL are treated as untrusted/display-only until promoted, improving safety and consistency. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Ali Waseem
|
618c902e1a |
feat(studio): add keyboard shortcuts to Database listing pages (#45467)
## Summary Adds the `O→S` / `Shift+F` / `Shift+N` / `F→C` shortcut set across every Database listing page, on top of the schema-visualizer pattern from #45386. Fixes [FE-3131](https://linear.app/supabase/issue/FE-3131). A shared `list-page.*` registry replaces what would have been a per-page registry file for each route, and `useShortcut`/`Shortcut` gain a `label` override so a single ID renders contextually in Cmd+K and hover tooltips. ## Pages and shortcuts | Page | `O→S` | `Shift+F` | `Shift+N` | `F→C` | | --- | --- | --- | --- | --- | | Tables | Open schema selector | Search tables | Create new table | Clears search + entity-type filter | | Functions | Open schema selector | Search functions | Create new function | Clears search + Return Type + Security | | Triggers — data | Open schema selector | Search triggers | Create new trigger | Clears search + Table filter | | Triggers — event | — | Search event triggers | Create new event trigger | Clears search + Owner filter | | Enumerated Types | Open schema selector | Search enumerated types | Create new enumerated type | Clears search | | Indexes | Open schema selector | Search indexes | Create new index | Clears search | | Roles | — | Search roles | Add new role | Clears search + filter type → 'all' | | Publications | — | Search publications | — | Clears search | | Extensions | — | Search extensions | — | Clears search | `Shift+N` only fires when the page-specific gate allows it (permission + unlocked schema + any other prerequisite like `hasTables` for triggers). ## Test plan - [ ] On each of the 9 pages, all four shortcuts behave as listed in the table above - [ ] Hover the wrapped controls — tooltip shows the page-specific label and the right keybind badge - [ ] Open the schema selector via `O→S` — the hover tooltip is suppressed while the popover is open - [ ] `Shift+N` is a no-op on locked schemas / when permission is missing / when a prereq fails (e.g. no tables on Triggers data) - [ ] `Shift+F` focuses the search input; while focused, Escape clears (with text) → Escape blurs (when empty) - [ ] `Cmd+K` shows the page-specific shortcut name while on each page; the entry goes away on navigation - [ ] `Mod+/` reference sheet shows one "List pages" group with 4 generic entries - [ ] No regression to existing schema-visualizer / table-editor / SQL-editor shortcut behavior <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added a dedicated list-page shortcut group in the shortcuts reference. * **Improvements** * Keyboard shortcuts across database list pages: focus & select search, reset filters, and create-new-item shortcuts. * Escape now clears/searches or blurs inputs to avoid accidental popover closes. * Create/new buttons respond to shortcuts when allowed; disabled actions keep permission tooltips for clarity. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Jordi Enric
|
6391246fe9 |
fix(studio): name the 5 MB/s throttle floor in disk IO banner (#45514)
## Problem The disk IO exhaustion banner currently warns that the project "may become unresponsive". That phrasing is vague and non-actionable. The actual behaviour when EBS burst credits hit zero is deterministic: sustained throughput is throttled to 5 MB/s until the budget resets. Users either ignore the warning or wait too long because they cannot picture what is about to happen. Reported in [Linear DEBUG-62](https://linear.app/supabase/issue/DEBUG-62). ## Fix Rewrite the `disk_io_exhaustion` banner copy in [ResourceExhaustionWarningBanner.constants.ts](apps/studio/components/ui/ResourceExhaustionWarningBanner/ResourceExhaustionWarningBanner.constants.ts) to name the throttle floor explicitly: - **Warning** (about to deplete): "Once exhausted, disk throughput will be throttled to 5 MB/s until the budget resets." - **Critical** (depleted): title now reads "Disk throughput is throttled to 5 MB/s"; description explains the throttle stays until the budget resets and that upgrading restores full performance. Card copy on the project list (the compact summary) is unchanged so the home page does not get noisy. The banner already renders an "Upgrade compute" primary CTA (via `correctionUrlVariants.disk_io`), so no button changes are needed. ## Test plan - [ ] Mock or trigger a `disk_io` warning at the warning level; confirm new copy renders correctly. - [ ] Same at critical level; confirm both title and description are updated. - [ ] Verify the project list card on the home page still shows the existing short summary. 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Updates** * Improved disk I/O exhaustion warning messages to clearly communicate that disk throughput will be throttled to 5 MB/s and explain when throttling will be lifted. Guidance on upgrading compute or optimizing disk-intensive queries remains available. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com> |
||
|
Ali Waseem
|
e6f779ea30 |
feat(studio): add keyboard shortcuts to the schema visualizer (#45386)
## Summary Adds the first batch of keyboard shortcuts for the Database → Schema Visualizer page, following the registry pattern established for the SQL editor and table editor. Fixes [FE-3115](https://linear.app/supabase/issue/FE-3115). ## Shortcuts | Shortcut | Action | | --- | --- | | `Mod+Shift+C` | Copy schema as SQL | | `Mod+Shift+M` | Copy schema as Markdown | | `D` then `P` | Download schema as PNG | | `D` then `S` | Download schema as SVG | | `O` then `A` | Open the auto-layout confirmation dialog | | `O` then `S` | Open the schema selector | All six entries appear in the Cmd+K command menu under "Shortcuts" and in the global shortcuts sheet (`Mod+/`) under a new "Schema Visualizer" group while the page is mounted. None are surfaced in Account → Preferences yet (`showInSettings: false`), matching how the SQL/table editor batches shipped. The schema selector and auto-layout button are wrapped in the unified `Shortcut` component so the keybind is shown on hover (Linear-style). The dropdown items for copy/download don't get hover hints since tooltips on dropdown items don't make sense — they're discoverable via Cmd+K instead. ## Toasts Each user-visible action now confirms via a sonner toast: - `Successfully copied as SQL` — fires on Copy as SQL (button or `Mod+Shift+C`). - `Successfully copied as Markdown` — fires on Copy as Markdown (dropdown or `Mod+Shift+M`). - `Successfully downloaded as PNG` / `Successfully downloaded as SVG` — already present in `useExportSchemaToImage`; fires on click or `D → P` / `D → S`. - `Failed to download current view: …` — error toast on download failure (also pre-existing). ## Notes - `Mod+Shift+C` and `Mod+Shift+M` collide with the SQL editor's `results.copy-csv` / `results.copy-markdown` shortcuts. They coexist cleanly because `useShortcut` only fires while the hook is mounted, and the two pages live on different routes. Both labels appear in the global shortcuts sheet honestly scoped per surface. - `SchemaSelector` was promoted to a `forwardRef` component that spreads extra props onto its outer `<div>`. This was needed for `<TooltipTrigger asChild>` to attach event handlers and the ref properly — previously they were silently dropped and the hover tooltip didn't render. - `SchemaSelector` and the auto-layout `AlertDialog` accept controlled `open` props now so the shortcuts can drive them and the tooltip can be suppressed while the popover/dialog is open (`Shortcut` gained a `tooltipOpen` passthrough for this). - Auto-layout still pops the existing confirmation dialog rather than running directly — destructive enough to keep the guardrail. ## Test plan - [x] On the Schema Visualizer page, each of the six shortcuts fires the corresponding action. - [x] Hover the schema selector and the Auto layout button — tooltip shows the action label and keybind badge. - [x] Open the schema selector popover (click or `O → S`) — hover tooltip is suppressed while open. - [x] Open the auto-layout confirm dialog (click or `O → A`) — hover tooltip is suppressed while open. - [x] Cmd+K shows all six entries under "Shortcuts" while on the page; navigating away unregisters them. - [x] `Mod+/` shortcuts sheet has a "Schema Visualizer" group listing all six. - [x] Copy as SQL / Markdown each fire a confirmation toast; PNG / SVG downloads each fire a confirmation toast. - [x] On the SQL editor results page, `Mod+Shift+M` / `Mod+Shift+C` still copy results (no regression from the duplicate keybinds). - [x] The download dropdown items still work via click; PNG/SVG downloads succeed. - [x] All other consumers of `SchemaSelector` (~15 callsites) render unchanged after the `forwardRef` promotion. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Keyboard shortcuts for schema visualizer: copy as SQL/Markdown, download PNG/SVG, auto-layout, and focus selector * Success toasts when copying content to clipboard * **Improvements** * Schema selector and auto-layout dialog can be opened/closed via keyboard and programmatically * Shortcut tooltips can be suppressed when related overlays/dialogs are open * Schema Visualizer added to the shortcuts reference sheet * **Tests** * E2E tests dismiss transient toasts to avoid UI interference <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Joshen Lim
|
7f8ae81d64 |
Clean up table editor header (#45452)
## Context Resolves FE-3126 Just cleaning up the table editor header with a bit of refactors (pre-req to investigating collapsing filter bar and table editor header actions into a single row) ## Non-visual changes involved - Break down components within `GridHeaderActions` into smaller ones - `IndexAdvisorPopover` - `SecurityDefinerViewPopover` - `RealtimeToggle` - Deprecate use of `useUrlState` in `GridHeaderActions` to use `useQueryState` instead - Improve types for `TwoOptionToggle` ## Visual changes involved - Collapse realtime button toggle into a button icon, with no text (just tooltip) - Adjust layout of buttons a little ### Before <img width="796" height="118" alt="image" src="https://github.com/user-attachments/assets/436bca94-4d91-471a-a184-487c6f78dc04" /> ### After <img width="731" height="132" alt="image" src="https://github.com/user-attachments/assets/5fd30982-a1fc-4f92-a590-146d1e69d52a" /> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Index Advisor popover with recommendations. * Realtime toggle to manage realtime table publication. * Security Definer view popover with optional autofix. * Insert menu for adding rows/columns and CSV import. * **Bug Fixes** * Adjusted filter bar input sizing for improved readability. * **Refactor** * Header layout updated and insert/import actions moved into dedicated components. * **Tests** * Updated end-to-end selectors for the Insert row menu item. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Joshen Lim
|
09be492bbf |
Shift auto enable rls to a minimisable banner instead (#45410)
## Context Continuing off from this PR: https://github.com/supabase/supabase/pull/45407 Shifting the "Auto enable RLS" toast into a banner that's dismissible, only can be minimised until action is taken Given that this is a security measure that we highly advise - otherwise there's no way for users to revisit this after dismissing We'll use the existing local storage key so it doesn't affect the behaviour for users who already dismissed the banner Starting state: (Not dismissed / not minimised) <img width="1450" height="424" alt="1" src="https://github.com/user-attachments/assets/de419812-69f5-4370-a553-88a83f27a6f7" /> If dismissed already / minimised: Shift CTA into a button tooltip <img width="1449" height="402" alt="2" src="https://github.com/user-attachments/assets/c404f39d-021f-43ba-b855-f83aea858162" /> Button will disappear entirely once the trigger is created Also added this to the database tables page <img width="1913" height="534" alt="image" src="https://github.com/user-attachments/assets/a0c65986-6e23-4795-8720-a33ec6eec3c1" /> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Redesigned the Row Level Security (RLS) notice with a new card-based layout and minimize button to reduce visual clutter while keeping the feature accessible. * Added a compact icon-only mode for the RLS notice in page headers, with tooltip descriptions for clarity. * RLS notice minimization state is now persisted locally per project, improving user experience across page navigation. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Danny White
|
61c6c51b81 |
feat(studio): improve keyboard shortcuts reference (#45352)
## What kind of change does this PR introduce? Feature improvement to the Studio keyboard shortcuts reference and command palette behaviour. ## What is the current behavior? The keyboard shortcuts sheet does not support filtering, some shortcut labels are harder to scan at a glance, and the command palette shows "Show all keyboard shortcuts" before the more contextual shortcuts in the `Shortcuts` section. ## What is the new behavior? Adds live filtering to the keyboard shortcuts sheet, keeps the sheet width stable on small breakpoints, renders arrow-based shortcuts more compactly, and moves "Show all keyboard shortcuts" to the end of the `Shortcuts` section so contextual actions appear first. https://github.com/user-attachments/assets/315a1a36-0cfb-4a0d-b6de-ef3c86aa9a05 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added search for keyboard shortcuts with live filtering, group-aware results, clear-search action, and empty-state handling * Added arrow key symbols for clearer shortcut visuals * **Improvements** * Updated shortcut visuals and typography for a tighter, pill-style presentation * Improved command menu ordering so shortcut-related entries appear in a logical sequence * **Tests** * Added tests covering shortcut search behavior, display formatting, and platform-specific key rendering <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Joshen Lim
|
66a99dce81 |
Auto enable RLS trigger shift into confirmation dialog (#45407)
## Context Shifts the "auto enable RLS" banner in the auth policies page into a dialog for transparency on what SQL will be run as a result of creating the `ensure_rls` database trigger <img width="320" height="239" alt="image" src="https://github.com/user-attachments/assets/9d1dd071-697d-4b40-aaa3-63f4147899b3" /> <img width="606" height="536" alt="image" src="https://github.com/user-attachments/assets/68765278-b2f2-489b-89a7-2383d37ffe9f" /> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Improvements** * Redesigned RLS trigger creation with a dialog-driven flow for better user guidance * Added permission-based access controls with informational tooltips when unavailable * Display of trigger SQL code for transparency * Enhanced success notifications on completion <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Joshen Lim
|
50eea124e7 |
Small tweaks to feature preview badge (#45409)
## Context Small improvements from this PR: https://github.com/supabase/supabase/pull/45373 - Fix feature preview badge alignment - Before: <img width="341" height="75" alt="image" src="https://github.com/user-attachments/assets/e6e2f727-fc75-4f70-b9cd-94d67aed8c5d" /> - After: <img width="365" height="64" alt="image" src="https://github.com/user-attachments/assets/3d6e5e5d-c285-48f4-8f8f-251c23101e41" /> - Shift feature preview badge for policies into tester side panel <img width="640" height="93" alt="image" src="https://github.com/user-attachments/assets/3efb73a7-f7f5-4ae0-8560-d1e0ba989626" /> - Realised that advisor settings wasn't set up to be behind the feature preview - Fixing that in this PR <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added preview badge indicator to the RLS Tester feature * **Style** * Improved spacing and layout alignment across authentication, database access, webhook, logging, and advisor interface components * Enhanced badge component styling for better vertical alignment <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Ali Waseem
|
2f5f6ffa79 |
chore: help users navigate graphql lints for anon and authenticated roles (#45295)
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Bug fix, feature, docs update, ... - Hide lints when exposed within local storage - Revoke on roles <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added a GraphQL-exposure action in linter items that shows a confirmation modal with the exact SQL, lets you revoke GraphQL access, executes the operation, shows success/error toasts, and refreshes lint results. * Added an informational callout linking to database integration settings when GraphQL exposure is detected. * Lint actions now close the side panel and return the UI to the list after completion. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Joshen Lim <joshenlimek@gmail.com> |
||
|
Ali Waseem
|
9cd688528f |
feat(studio): change SQL editor assistant shortcut to Cmd+Shift+K (#45380)
## Summary Closes [FE-3109](https://linear.app/supabase/issue/FE-3109/change-sql-editor-assistant-shortcut-to-cmdshiftk). The SQL editor's "Generate SQL" Monaco action was bound to `Cmd+K`, which conflicted with the global command menu shortcut while the editor was focused. This PR moves the assistant shortcut to `Cmd+Shift+K` and makes `Cmd+K` open the global command menu from inside the editor. ## Changes - `MonacoEditor.tsx` — rebind `generate-sql` to `Cmd+Shift+K`. Add an `editor.addCommand` for `Cmd+K` that opens the global command menu (gated on the user's `COMMAND_MENU_OPEN` shortcut preference). Without this, Monaco swallows `Cmd+K` as a chord prefix and the global hotkey never fires inside the editor. - `SQLEditor.tsx` — update the empty-editor placeholder text from `CMD+K` to `CMD+SHIFT+K`. ## Notes - Monaco's standalone defaults bind `Cmd+Shift+K` to "Delete Line"; registering an `editor.addAction` with the same keybinding overrides it. - The same `Cmd+K` binding still exists in `apps/studio/components/ui/AIEditor/index.tsx` (used by the inline editor panel and edge functions). Out of scope for FE-3109 — happy to file a follow-up. ## Test plan - [x] Focus the SQL editor, press `Cmd+K` → global command menu opens. - [x] Focus the SQL editor, press `Cmd+Shift+K` → Generate SQL widget opens (or "Make an edit" if a diff is already visible). - [x] Disable the command menu shortcut in Account → Preferences → Keyboard shortcuts and confirm `Cmd+K` no longer opens the menu from inside the editor. - [x] Empty SQL snippet placeholder reads "Hit CMD+SHIFT+K to generate query…". <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Improvements** * Reorganized SQL editor keyboard shortcuts for clearer access * "Generate SQL" shortcut changed to Ctrl/Cmd + Shift + K (was Ctrl/Cmd + K) * Command menu can now be opened with Ctrl/Cmd + K when enabled * Editor UI shortcut hints updated to reflect the new bindings <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Joshen Lim <joshenlimek@gmail.com> |
||
|
Ivan Vasilov
|
56de26fe22 |
chore: Migrate the monorepo to use Tailwind v4 (#45318)
This PR migrates the whole monorepo to use Tailwind v4: - Removed `@tailwindcss/container-queries` plugin since it's included by default in v4, - Bump all instances of Tailwind to v4. Made minimal changes to the shared config to remove non-supported features (`alpha` mentions), - Migrate all apps to be compatible with v4 configs, - Fix the `typography.css` import in 3 apps, - Add missing rules which were included by default in v3, - Run `pnpm dlx @tailwindcss/upgrade` on all apps, which renames a lot of classes - Rename all misnamed classes according to https://tailwindcss.com/docs/upgrade-guide#renamed-utilities in all apps. --------- Co-authored-by: Jordi Enric <jordi.err@gmail.com> |
||
|
Monica Khoury
|
49ff97af06 |
feat: add global feature preview badge for enabled preview features (#45373)
## What kind of change does this PR introduce? Fixes FE-2526. Adds a global Feature Preview badge to pages enabled via Feature Previews, improving visibility and making it clearer to users that the feature can be managed (or disabled) from the Feature Previews settings. ## Why Previously, once a feature preview was enabled, there was no clear indication within the UI that: - the feature was still in preview, or - where to go to disable it This lead to confusion and made the feature feel “permanent”. ## What’s included New FeaturePreviewBadge UI component <img width="417" height="80" alt="CleanShot 2026-04-29 at 17 20 10" src="https://github.com/user-attachments/assets/6fbc96e3-35ef-46d1-893a-2188c4d237a3" /> </br> Added badge across pages enabled via Feature Previews: - Webhooks - Unified Logs - JIT DB Access - Column Privileges - Policies - Merge page - Advisor Rules Consistent placement and styling. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Feature preview badges now appear across the platform on preview features, including Platform Webhooks, Database functionality, Unified Logs, Advisor Rules, and other features, providing quick identification and access to manage preview settings. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Ali Waseem
|
fa8f49b261 |
feat(studio): add keyboard shortcuts to the SQL editor (#45335)
## Summary Adds the first batch of keyboard shortcuts for the SQL editor, following the registry pattern established for the table editor. ## Shortcuts | Shortcut | Action | Notes | | --- | --- | --- | | `Esc` | Blur the SQL editor | Registered as a Monaco command with a context-key precondition so inline widgets keep owning `Esc` (suggest, find, parameter hints, snippet/rename mode, accessibility help, inline suggestions, and selection cancellation). | | `Shift+E` | Focus the SQL editor | Pairs with `Esc` for mouse-free round-trip. | | `Alt+Shift+F` | Prettify SQL | Now wired through the registry; the tooltip and dropdown badge in `UtilityActions` read the keybind from the same source of truth. Works from inside the editor (Monaco action) and from anywhere on the page (`useShortcut`). | | `Mod+Shift+Enter` | Run EXPLAIN ANALYZE | Routes results into the Explain tab. Surfaces in the Monaco context menu next to "Run Query". | | `Shift+N` | Open a new SQL snippet | Navigates to `/sql/new?skip=true` to avoid the redirect-to-last-visited effect that fires on plain `/sql/new`. | All entries appear in the command menu (`Mod+P`) under "Shortcuts" while their host components are mounted. None are surfaced in Account → Preferences → Keyboard shortcuts yet (`showInSettings: false`), matching how the table editor shortcuts shipped. ## Notes - The blur shortcut intentionally lives on the Monaco instance rather than the document-level hotkey listener — the document listener can't preempt Monaco's own `Esc` handling. Other shortcuts that need to fire while the editor has focus (run, save, format, explain) are registered as Monaco actions; everything else uses `useShortcut`. - Format and explain are double-registered (Monaco action + `useShortcut`) so they fire whether the editor is focused or not. The Monaco actions don't read the user's enable/disable preference yet — same asymmetry as the existing run/save actions. - `Shift+N` is scoped to the SQL editor route. To make it work globally we'd register it at a higher layout level. ## Test plan - [x] Inside editor: `Esc` blurs; suggest/find/parameter hints still close on `Esc`; multi-cursor selection collapses on first `Esc`, blurs on second. - [x] Outside editor: `Shift+E` returns focus to the editor. - [x] `Alt+Shift+F` formats from inside and outside the editor; tooltip + dropdown badge show the correct keybind. - [x] `Mod+Shift+Enter` runs EXPLAIN ANALYZE and switches to the Explain tab. - [x] `Shift+N` opens a fresh snippet without bouncing back to the previous one. - [x] All five shortcuts appear in `Mod+P` with the right badges. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Keyboard shortcuts for SQL editor: format SQL, run EXPLAIN ANALYZE, focus/blur editor, and open a new SQL snippet. * Added "Prettify SQL" and "Run EXPLAIN ANALYZE" actions to the editor context menu with shortcuts. * Centralized registration of SQL editor shortcuts so they appear across the app. * **UX Improvements** * Escape key blurs editor focus when appropriate to allow easy exit without disrupting editor widgets. * **Style** * Adjusted success toast capitalization for copied Markdown. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Danny White <3104761+dnywh@users.noreply.github.com> |
||
|
Saxon Fletcher
|
3b756e4d9f |
Chore/project secure (#45108)
<img width="2652" height="830" alt="image" src="https://github.com/user-attachments/assets/3c3921e7-c255-4e59-a9c3-c5f97da87788" /> Adds a full screen alert behind a feature flag `projectNeedsSecuring` that prompts for fixing RLS issues. Adjusts a few other small styles to add more prominence to critical advisor issues. To test: - Enable the flag - Make sure you have a table with RLS disabled - Open project home and note the fade in of full page review - Click "copy prompt" or "fix" and note the prompt - Click skip to home and refresh the page, note it doesn't appear anymore <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Project-level security gate on project home with AI assistant prompts, table details, per-project dismissible notice, and a new telemetry event for CTA interactions. * **Improvements** * Stronger visual treatment for critical advisor items and advisor CTA when critical issues exist. * Assistant dropdown supports a copy-prompt callback; added local-storage key and utilities/types to support project security workflows. * **Tests** * Added tests covering gate behavior, navigation, and dismissal logic. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Joshen Lim <joshenlimek@gmail.com> |
||
|
Ali Waseem
|
6fe0ad442b |
fix(studio): drive compute card cores/memory from infra_compute_size (#45334)
## Summary Fixes [FE-3095](https://linear.app/supabase/issue/FE-3095/compute-size-hover-card-shows-badge-and-cpumemory-from-out-of-sync). The compute size hover card on the project home dashboard was sourcing its badge and its CPU/memory rows from two different cached responses, which can disagree: | Field shown | Previous source | |---|---| | Badge ("XLARGE") | `project.infra_compute_size` (project-detail query) | | Cores / memory | `selected_addons[compute_instance].variant.meta` (project-addons query) | A customer reported seeing an **XLARGE** badge next to **2-core ARM (Shared) / 1 GB** — the micro-tier specs — and asked whether their upgrade had actually been applied. The upgrade was applied; only the rendered card was contradictory. ## Fix Source both the badge and the CPU/memory rows from the same logical fact: look up the variant in `available_addons` whose identifier matches `ci_${infra_compute_size}` and read its `meta`. `available_addons` is essentially a static catalog of variant specs, so once it's loaded the card cannot show specs that disagree with the badge. This also collapses the special-cased `INSTANCE_MICRO_SPECS` fallback into the existing `getAvailableComputeOptions` helper (which already provides micro/nano fallbacks). The nano UX text ("Shared / Up to 0.5 GB") is preserved by switching that JSX branch to key on `computeSize === 'nano'`. ## Out of scope - `useProjectAddonUpdateMutation` does not invalidate `projectKeys.detail`. That's hygiene worth doing later, but project-detail has a 30s `staleTime` and the resize already drives 5s polling via the `RESIZING` status path, so the badge refreshes naturally and this fix doesn't depend on it. ## Test plan - [ ] Hover the compute badge on a project at each compute size (nano, micro, small, ..., 16xlarge) and confirm CPU and memory rows match the badge. - [ ] Resize a project from micro → large; on completion, confirm the hover card shows large specs (no transient micro values). - [ ] Open the dashboard for a free-tier project on micro that has no `compute_instance` entry in `selected_addons` and confirm the card still shows micro specs (i.e. `getAvailableComputeOptions` micro fallback is engaged). - [ ] Confirm the "Unlock more compute" CTA still appears for non-highest sizes and disappears at the highest size. |
||
|
Ali Waseem
|
e7c33bf580 |
feat(studio): add insert, filter, sort, refresh shortcuts to the table editor (#45191)
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Feature — a second batch of table editor shortcuts, stacked on top of #45178. ## What is the current behavior? Inserts / filters / sort / refresh are all mouse-only. No keyboard access, and no affordance for discovering what keybinds might exist. ## What is the new behavior? ### New shortcuts | Keybind | Action | Surface | |---|---|---| | `I` then `R` | Insert row | hotkey + Cmd+K + inline keybind in Insert dropdown | | `I` then `C` | Insert column | hotkey + Cmd+K + inline keybind in Insert dropdown | | `I` then `U` | Import data from CSV | hotkey + Cmd+K + inline keybind in Insert dropdown | | `Shift+F` | Focus filters | hotkey + Cmd+K — focuses the new filter bar's freeform input | | `F` then `C` | Clear filters | hotkey + Cmd+K — gated on `filters.length > 0` | | `S` then `C` | Clear sort | hotkey + Cmd+K — gated on `sorts.length > 0` | | `Shift+R` | Refresh table | hotkey + Cmd+K + hover tooltip on the Refresh button | All are `ignoreInputs: true` so they don't fire while typing. The insert / clear-filters / clear-sort shortcuts use two-step chords so they don't clobber single-letter keys users might reach for elsewhere; Focus filters and Refresh keep their Shift-prefixed single-step bindings. ### Infrastructure - **New `<ShortcutBadge>`** (`components/ui/ShortcutBadge.tsx`) — inline keybind display. Reads the sequence straight from the registry, so the ID is the single source of truth. Renders multi-step chords with a "then" separator between steps. Defaults to `variant="inline"` (the flat `text-foreground/40` style used across the app in `RunButton`, `ActionBar`, `OperationQueueSidePanel`, etc.) with `variant="pill"` available if someone needs the boxed style. - **Insert dropdown restyled** — each `DropdownMenuItem` in `HeaderNew`'s Insert menu now shows its keybind inline on the right (centered vertically, with `pr-4` + `shrink-0` so long table names in the description never crowd the badge). - **`RefreshButton`** swapped from `ButtonTooltip` to `<Shortcut>` so the keybind tooltip renders automatically from the registry. - **`FilterPopoverPrimitive` untouched** — the old filter bar is being deleted, so Shift+F is scoped to the new filter bar only. The handler focuses `[data-testid="filter-bar-freeform-input"]` (the existing freeform input in the ui-patterns `FilterBar` → `FilterGroup`). ## Additional context Stacked on #45178 (FE-3057 — initial table editor shortcuts). Rebase after that one merges. ### Test plan - [x] Open a table → Insert dropdown shows keybind to the right of each item, no wrap encroachment even with long table names - [x] `I` then `R` opens the Row editor; `I` then `C` opens the Column editor; `I` then `U` opens the CSV import flow - [x] `Shift+F` focuses the new filter bar's freeform input - [x] Add a filter → `F` then `C` clears it; shortcut disabled in Cmd+K when no filters are applied - [x] Sort a column → `S` then `C` clears sort; shortcut disabled when no sorts - [x] `Shift+R` refreshes the table (spinner shows on the Refresh button); hover the button → keybind tooltip - [x] All seven new entries show up in Cmd+K when their gates are satisfied <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added keyboard shortcuts for table actions: insert row, insert column, import CSV, refresh, focus filters, clear filters, and clear sorts. * Shortcuts are available in the command menu and show visual keyboard hints. * **UI** * Menu entries now display shortcut badges. * Refined dropdown spacing/layout and updated the refresh control to surface its shortcut. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
kemal.earth
|
65365213af |
feat(studio): logs header improvements (#45275)
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? A little bit of tidy up here so the header area of unified logs isn't so dominant. Moved actions to the same line as search bar and made other parts a little more subtle, so the focus reamains on the logs themselves. | Before | After | |--------|--------| | <img width="980" height="213" alt="Screenshot 2026-04-27 at 11 47 37" src="https://github.com/user-attachments/assets/ae22e7dd-272f-4433-a270-67b550a00536" /> | <img width="893" height="153" alt="Screenshot 2026-04-27 at 12 27 17" src="https://github.com/user-attachments/assets/87b8cfc9-66a4-4634-a3c6-c45e4b8fc486" /> | <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Keyboard shortcut to toggle filter visibility in logs. * Consolidated top bar with refresh, view options, download, and live controls—desktop and mobile optimized. * **Style** * More compact, organized header with tooltips showing live status and shortcut hints. * Reduced filter input typography and streamlined mobile filter trigger. * **Other** * Side panel sizing and logs area layout refined for clearer visuals and consistent header/body styling. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Ivan Vasilov
|
308cd791a2 |
chore: Prep work for migrating to Tailwind v4 (#45285)
This PR preps the monorepo for a migration to Tailwind v4: - Bump all Tailwind dependencies and libraries to the latest possible version, while still compatible with Tailwind 3. - Cleans up obsolete Tailwind 3 specific options and configs. - Cleans up unused CSS files and fixes the CSS imports. - Migrates all `important` uses in `@apply` lines to using the `!` prefix. - Move `typography.css` to the `config` package and import it from the apps. - Migrated all occurrences of `flex-grow`, `flex-shrink`, `overflow-clip` and `overflow-ellipsis` since they're deprecated and will be removed in Tailwind 4. - Make the default theme object typesafe in the `ui` package. - Migrate all `bg-opacity`, `border-opacity`, `ring-opacity` and `divider-opacity` to the new format where they're declared as part of the property color. - Bump and unify all imports of `postcss` dependency. |
||
|
Joshen Lim
|
dab1512fe9 |
Add callout for feature preview rls tester (#45307)
## Context Adds a banner on the auth policies page for the new RLS tester feature preview <img width="307" height="310" alt="image" src="https://github.com/user-attachments/assets/6864c2cb-c3b8-4c1f-8dce-57411425e17d" /> Also adds a Give feedback button in the RLS Tester sheet footer <img width="616" height="73" alt="image" src="https://github.com/user-attachments/assets/64755f56-4e27-4b54-92b2-a894badc0b88" /> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * RLS Tester preview banner added to the policies page with animated content and a locally persisted dismissed state. * Enabling the RLS Tester via the preview also dismisses and records the banner dismissal. * New feedback link added to the RLS Tester UI that opens in a new tab. * **Layout/Providers** * Banner stack context moved so banner state is available more broadly across the app. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Joshen Lim
|
5f867e5f6c |
Feature Preview: RLS Tester (#45121)
## Context Resolves FE-3077 Related discussion: https://github.com/orgs/supabase/discussions/45233 Verifying the correctness of your RLS policies set up has always been a gap, as highlighted by a number of GitHub discussions like [here](https://github.com/orgs/supabase/discussions/12269) and [here](https://github.com/orgs/supabase/discussions/14401). As such, we're piloting a dedicated UI for RLS testing (using role impersonation as the base), in which you'll be able to - Run a SQL query as a user (not logged in / logged in - this is the role impersonation part) - See which RLS policies are being evaluated as part of the query - And hopefully be able to debug which policies are not set up correctly Changes are currently set as a feature preview - and we'll iterate as we get feedback from everyone 🙂 🙏 <img width="613" height="957" alt="image" src="https://github.com/user-attachments/assets/83c37f8a-28fc-43b3-b0ff-e28571d8710c" /> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * RLS Tester: run queries as anon or authenticated users, view inferred SQL, per-table policy summaries, and data previews of accessible rows. * UI preview: new RLS Tester preview card and modal with opt-in toggle; RLS Tester sheet with role/user selector and query editor. * SQLEditor: “Explain” tab is always visible. * **Chores** * Added supporting API endpoints, background checks for table RLS status, and a local-storage flag to persist the preview opt-in. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Danny White
|
9e3a10d557 |
feat(studio): payment method states for Stripe Projects orgs (#44965)
## What kind of change does this PR introduce? UI changes for Stripe-managed billing surfaces. - Resolves DEPR-537 - Related to DEPR-538 ## What is the current behaviour? Stripe-connected organisations still look too self-serve in Studio. - Payment Methods still reads mostly like ordinary Supabase card management, even though billing is handled through a Shared Payment Token via Stripe Projects - invoice messaging still implies support is the path to changing payment methods, even for Stripe-managed orgs - the Subscription Plan flow still needs Stripe-specific guardrails so users are redirected to the correct upgrade path rather than trying to self-serve everything in Studio - the base branch now correctly separates `integration_source` from `billing_partner`, but this stacked work still needs to carry that split through the Stripe billing-token surfaces ## What is the new behaviour? This PR makes the Stripe-managed billing surfaces behave like Stripe-managed billing surfaces, while leaving AWS and Vercel on the existing `billing_partner` path. - Payment Methods now keeps the familiar saved-card row, but augments Stripe-managed rows with Shared Payment Token context, token status, and Stripe Projects affordances - Stripe-managed invoice messaging now points users to Stripe Projects rather than to support for payment-method changes - the Subscription Plan flow keeps the existing managed-billing shape, with Stripe-specific guardrails layered in where plan changes should be handled outside Studio - AWS and Vercel continue to use the existing partner-managed alerts and CTAs driven by `billing_partner` / `billing_via_partner` | Subscription plan sheet | | --- | | <img width="1780" height="448" alt="CleanShot 2026-04-24 at 17 21 43@2x" src="https://github.com/user-attachments/assets/34c0f3ba-fc42-4d07-97a2-0e4f4cefc55e" /> | | _Upgrade instructions_ | | <img width="1786" height="460" alt="CleanShot 2026-04-24 at 17 20 12@2x" src="https://github.com/user-attachments/assets/bb67c835-b9b2-4648-b0e1-9c2f8d2317d3" /> | | _Downgrade instructions_ | > [!NOTE] > The below screenshots are outdated. The _Shared Payment Token_ terminology has been removed in favour of more generic copy such as _Stripe Projects token_. | Stripe payment method states | | --- | | <img width="1436" height="234" alt="CleanShot 2026-04-23 at 19 03 49@2x" src="https://github.com/user-attachments/assets/52ed7a00-dfba-4b66-9a07-a6346692d3c8" /> | | _Healthy_ | | <img width="1434" height="224" alt="CleanShot 2026-04-23 at 19 04 50@2x" src="https://github.com/user-attachments/assets/94efd943-b7bf-4da2-9e1b-1828aae97126" /> | | _Card expiring soon_ | | <img width="1436" height="236" alt="CleanShot 2026-04-23 at 19 06 51@2x" src="https://github.com/user-attachments/assets/272cb707-c724-4629-890e-853972e53a18" /> | | _Card expired_ | | <img width="1308" height="238" alt="CleanShot 2026-04-23 at 19 07 21@2x" src="https://github.com/user-attachments/assets/3eadd2a9-def3-4f43-850e-7d82adfb0b57" /> | | _Token expired_ | ## Dependencies This PR is stacked on: - #44328 It also depends on the private platform work that exposes Stripe project connection state and SPT details: - https://github.com/supabase/platform/pull/31874 - https://github.com/supabase/platform/pull/31940 ## Platform dependency status Most of the remaining platform work for this stack is now covered by the private dependency below: - https://github.com/supabase/platform/pull/31940 That PR is expected to provide the SPT details and paid-flow fixes this Studio work depends on. In practice, the main caveat here is less “Studio still needs a bunch of new platform work” and more “do not merge this until `platform#31940` has landed and the end-to-end Stripe-managed flow has been rechecked”. ## Local testing Use the same local Stripe setup as the base branch, with `integration_source: 'stripe_projects'` returned consistently for: - `/platform/organizations` - `/platform/organizations/:slug/projects` - `/platform/projects/:ref` For payment method demos, the temporary local mock currently lives in private `platform` on: - `/platform/organizations/:slug/payments` That mock can be flipped between: - healthy token + healthy underlying card - healthy token + card expiring soon - healthy token + expired card - expired token Then verify: - the org and project connection affordances from #44328 still render correctly - Payment Methods shows Stripe-managed token context rather than implying ordinary self-serve card management - regression test ordinary non-Stripe payment methods too, to confirm the standard saved-card row still renders with the existing `Expires:` copy and no Shared Payment Token affordances - invoice messaging points Stripe-managed orgs to Stripe Projects rather than support - Subscription Plan keeps the managed-billing guardrails for Stripe - AWS and Vercel orgs still show the existing partner-managed messaging rather than the Stripe-specific notices <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Stripe-managed organizations show Stripe Projects billing guidance, replace in-app payment management with Stripe links, and adjust billing copy. * Payment methods support Shared Payment Tokens (SPTs): token expiry/status badges with tooltips, “Handled via Stripe Projects” indicator, token last4/expiry display, and disabled local update/delete actions for SPTs. * **API** * Payments response now includes optional shared payment token details for payment methods. * **Documentation** * Added links to Stripe Projects billing docs in relevant flows. * **Tests** * Updated and added tests covering Stripe-managed and SPT behaviors. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Raúl Barroso <code@raulb.dev> |
||
|
Ali Waseem
|
32071e75e1 |
fix(studio): unblock advisor panel loading state on self-hosted (#45283)
## Summary Fixes [FE-3080](https://linear.app/supabase/issue/FE-3080/self-hosted-studio-advisors-toolbar-shows-blank-panel). On self-hosted Studio, opening the Advisors panel rendered an infinite skeleton with no network traffic. ## Root cause `useBannedIPsQuery` is gated by `IS_PLATFORM`. On self-hosted that disables the query — and a disabled React Query v5 query keeps `isPending: true` forever (only `isFetching` / `isLoading` go false). `useAdvisorSignals` re-exports that `isPending`, and `AdvisorPanel` folded it into its `isLoading` aggregate, pinning the panel into the skeleton state in `AdvisorPanelBody`. The other consumers were already designed around this — `AdvisorSection` on the home page explicitly does not wait on signals, and `AdvisorButton` only reads `data`. Only `AdvisorPanel` had the regression, introduced in #44372. ## Fix Drop `isSignalsActuallyLoading` from the panel's `isLoading` aggregate, mirroring the existing `[Joshen]` "ignore signal errors" exclusion two lines below and matching the home-page pattern. ## Test plan - [x] Existing unit + integration tests pass (`AdvisorPanel.utils`, `useAdvisorSignals`, `AdvisorSignals.integration` — 6/6) - [x] Verify on self-hosted Studio: open the Advisors sidebar and confirm lints render (or "no issues" empty state appears) instead of an infinite skeleton - [x] Verify on hosted Studio: lints, banned-IP signals, and notifications still render together; loading skeleton still appears while lints/notifications are in flight <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved loading state behavior in the Advisor Panel by excluding signal queries from blocking the panel's display. The loading indicator now only appears when actively fetching lints or notifications, allowing faster visibility of available content. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Joshen Lim
|
7f5865872a |
Enforce noUnusedLocals and noUnusedParameters in tsconfig.json + fix all related issues (#45264)
## Context Enforce `noUnusedLocals` and `noUnusedParameters` in tsconfig.json + fix all related issues |
||
|
Gildas Garcia
|
416210d666 |
chore: remove _Shadcn_ suffix for Checkbox and Radio components (#45263)
## Problem With #45211 and #45218 merged, we don't need the `_Shadcn_` suffix anymore ## Solution - [x] Remove the `_Shadcn_` suffix - [x] Update exports and imports <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Standardized UI component exports by removing legacy naming conventions and providing direct imports for checkbox and radio group components throughout the design system. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Gildas Garcia
|
7f4b02f2a7 |
chore: update radix (#45111)
## Problem In order to update to react 19, we need to update several dependencies ## Solution - migrate to the `radix` umbrella package to ease upgrade - update some dependencies <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Consolidated Radix UI usage to a single unified package across apps and packages, updated package manifests and workspace catalog entries. No user-facing behavior, visuals, or public APIs changed. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com> |
||
|
samrose
|
4afbe9c2b2 |
feat: lint integration for pg_graphql introspection + SECURITY DEFINER functions (#45260)
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Feature — wires up three new advisor lints landed in splinter, and updates the self-hosted SQL bundle for the existing `pg_graphql_anon_table_exposed` lint to track splinter's correctness fixes. Companion to `supabase/splinter` #160 (already merged) and #162 (test fix in flight). ## What is the current behavior? Splinter's `main` now exposes four lints in the pg_graphql / SECURITY DEFINER family: - `pg_graphql_anon_table_exposed` (0026, existing) — wired into Studio in #45253; SQL in `packages/pg-meta` is the original version that uses `has_table_privilege` and the relkind set `('r','p','v','m')`. - `pg_graphql_authenticated_table_exposed` (0027, new) — paired check against the `authenticated` role. Studio renders any new finding without a `lintInfoMap` entry as a row with no icon, no title mapping, and no "Fix" CTA. Self-hosted users do not see the lint at all because `packages/pg-meta` does not include it. - `anon_security_definer_function_executable` (0028, new) — `SECURITY DEFINER` function executable by `anon`. Same Studio + self-hosted gaps as 0027. - `authenticated_security_definer_function_executable` (0029, new) — same against `authenticated`. Splinter has also updated 0026 itself (PR #160) in two ways that need to flow into the self-hosted SQL bundle: 1. **`relkind` filter:** `('r','p','v','m')` → `('r','v','m','f')`. Drops partitioned table roots (pg_graphql does not expose them; their leaf partitions are still covered as `'r'`) and adds foreign tables, which pg_graphql does expose. 2. **Privilege predicate:** `has_table_privilege(role, oid, 'SELECT')` → `EXISTS` over `pg_attribute` calling `has_column_privilege`. Catches column-level grants such as `GRANT SELECT (col) ON t TO anon`, which pg_graphql's introspection exposes but `has_table_privilege` missed. Cloud projects auto-fetch `splinter.sql` via the platform mgmt-api's `getLintSql` (1-hour cache TTL), so they pick up #160's lint and SQL changes independently of this PR. This PR is about the Studio display mapping and the self-hosted SQL bundle. ## What is the new behavior? Two minimal additions, mirroring the integration shape of #45253. ### `apps/studio/components/interfaces/Linter/Linter.utils.tsx` Three new entries appended to `lintInfoMap`: - `pg_graphql_authenticated_table_exposed` — `Eye` icon (paired with the existing `pg_graphql_anon_table_exposed` entry); link points to the Table Editor scoped to `metadata.schema` + `metadata.name`; `linkText: 'View object'`; `category: 'security'`. - `anon_security_definer_function_executable` — `Unlock` icon (signals "this thing is callable when it shouldn't be"); link points to the Database Functions browser scoped to `metadata.schema` + `metadata.name`; `linkText: 'View function'`; `category: 'security'`. - `authenticated_security_definer_function_executable` — same as 0028 against `authenticated`. Each entry's `docsLink` points at the splinter-hosted lint doc. ### `packages/pg-meta/src/sql/studio/advisor/lints.ts` The existing `pg_graphql_anon_table_exposed` SQL block is updated in place to match the new splinter version: new `relkind` set, `case` statement for `'f'`, and the `EXISTS` over `pg_attribute` privilege check. Three new `union all` blocks are appended for 0027/0028/0029. The function lints (0028/0029) include the `pgrst.db_schemas` filter (mirroring lint `0023_sensitive_columns_exposed`) so findings are scoped to schemas PostgREST actually exposes; the self-hosted query wrapper already sets the GUC when `exposedSchemas` is passed (`enrichLintsQuery`). ## Coverage of the four exposure paths | Role | Tables/views/MVs/foreign tables | SECURITY DEFINER functions | |------|---------|----------| | `anon` | 0026 (existing, updated) | 0028 (new) | | `authenticated` | 0027 (new) | 0029 (new) | The 0026/0027 pair covers `pg_graphql` introspection visibility; the 0028/0029 pair covers RLS bypass via privileged function execution through `/rest/v1/rpc` (and `/graphql/v1` for compatible return types). Each lint's doc cross-references its sibling so an operator hitting one is steered toward the others. ## Verification - `cd packages/pg-meta && npx tsc --noEmit` — clean. - `cd apps/studio && npx tsc --noEmit` — clean for the changed file. (Other unrelated TS errors exist in the working tree but are pre-existing and not introduced by this PR.) - `cd apps/studio && npx eslint components/interfaces/Linter/Linter.utils.tsx` — clean. ## Files - `apps/studio/components/interfaces/Linter/Linter.utils.tsx` — adds three `lintInfoMap` entries (0027, 0028, 0029). - `packages/pg-meta/src/sql/studio/advisor/lints.ts` — updates the 0026 SQL block to match splinter's correctness fixes, appends 0027/0028/0029 SQL blocks. ## Related - supabase/splinter#160 — adds 0027/0028/0029 and rewrites 0026 (merged). - supabase/splinter#162 — fixes test setup for 0028/0029 (in flight; does not affect the SQL shipped here). - supabase/supabase#45253 — original 0026 Studio integration. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added security linting to detect authenticated-table exposure and executable SECURITY DEFINER functions. * Added signed-in visibility checks alongside anonymous checks. * **Bug Fixes / Improvements** * Improved relation type handling for accurate table/foreign/partition classification. * Switched to column-level privilege analysis for visibility. * Improved entity naming shown in lints (includes function argument display). <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Danny White <3104761+dnywh@users.noreply.github.com> |
||
|
Danny White
|
ec7233b33c |
feat(studio): add keyboard shortcuts reference (#45197)
## What kind of change does this PR introduce? Feature. ## What is the current behaviour? Keyboard shortcuts can be discovered piecemeal through command palette entries, tooltips, and preferences, but there is no universal shortcut reference surface. ## What is the new behaviour? Adds a global `Mod+/` shortcut and command palette action to open a keyboard shortcuts reference sheet. The sheet renders registered shortcuts grouped from general dashboard actions through navigation and more specific surfaces. | Preview | | --- | | <img width="820" height="928" alt="CleanShot 2026-04-24 at 11 27 51@2x" src="https://github.com/user-attachments/assets/8ceb4a35-7adc-474b-8702-5c08a4219d25" /> | <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added a comprehensive keyboard shortcuts reference sheet that displays all available shortcuts organized into logical categories. * New keyboard shortcut Mod+/ (Cmd+/ on Mac) opens the reference sheet instantly from anywhere within the application. * Shortcuts are displayed with their formatted keyboard combinations, with multi-step sequences clearly separated for easy reference and discovery. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Gildas Garcia
|
0facd341a6 |
chore: remove UI form components _Shadcn_ suffix (#45212)
## Problem We used to have a `_Shadcn_` suffix for all the shadcn form components because we also had `formik` form components. This is not needed anymore. ## Solution - Remove the suffix - Update all usages |
||
|
Timothy Lim
|
742bc3a69f |
fix(studio): Fix Support Form prefill for failed upgrades (#45206)
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Fix incorrect pre-fills <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved formatting of upgrade failure details sent through support communications to use standard text representation instead of URL-encoded formatting. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Greg Richardson
|
1363ce2de3 |
feat: ai assistant disclaimer (#45193)
Adds a "Supabase AI may not always produce correct answers. Double check responses." disclaimer to the AI assistant chat panel. <img width="1472" height="678" alt="image" src="https://github.com/user-attachments/assets/ad53a371-f9c5-4c40-aec5-5a3be435fadf" /> Closes AI-645 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added a disclaimer message in the AI Assistant panel informing users that AI-generated answers may be incorrect and should be verified before use. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Ali Waseem
|
d67050c44e |
test(studio): add unit tests for shortcut primitives (#45162)
## Summary Closes [FE-3056](https://linear.app/supabase/issue/FE-3056/add-unit-tests-for-new-shortcut-primitives). Backfills unit coverage for the shortcut primitives added in the recent keyboard-shortcut overhaul — these shipped with no tests. - **`state/shortcuts/formatShortcut.test.ts`** (16 tests) — `hotkeyToKeys`: `Mod → Meta` mapping (case-sensitive, substring-safe), single/multi-modifier combos, named keys, punctuation, edge cases. - **`state/shortcuts/useShortcut.test.tsx`** (26 tests) — mocks `useHotkeySequence`, `useRegisterCommands`, and `useIsShortcutEnabled` to unit-test: sequence/callback wiring (single-step + multi-step G-chords), full option-resolution priority (caller → registry → fallback) for `enabled` / `timeout` / `ignoreInputs`, global-preference AND gating, command-menu registration across all four enable permutations, stable action identity, stale-closure protection via `useLatest`, and badge rendering with/without the "then" separator. - **`components/ui/Shortcut.test.tsx`** (12 tests) — mocks `useShortcut` and `ShortcutTooltip` to verify prop forwarding (including rerender behavior), tooltip positioning props, unset-prop hygiene, and the `asChild` pass-through contract (clicks on the child do not fire `onTrigger`). 54 tests total, all passing. ## Test plan - [x] `pnpm --filter studio test state/shortcuts/formatShortcut.test.ts state/shortcuts/useShortcut.test.tsx components/ui/Shortcut.test.tsx` - [x] `tsc --noEmit` clean across the three test files <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Tests** * Added comprehensive test coverage for the Shortcut component, verifying rendering, hook integration, and tooltip behavior. * Added test suite for hotkey key formatting, covering plain keys, named keys, modifiers, and edge cases. * Added test suite for the useShortcut hook, validating hotkey sequences, enablement logic, command menu integration, and callback handling. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Ali Waseem
|
28a2c25e0e |
feat(studio): add navigation shortcuts with hover tooltips (#45127)
## Summary - Adds `<Shortcut>` component: binds a registered shortcut + renders a Linear-style hover tooltip (label + keybind pills) in one declaration - Adds `<ShortcutTooltip>` as the lower-level primitive for cases where binding lives elsewhere - Registers 13 G-chord navigation shortcuts (`G H` / `G T` / `G S` / `G D` / `G A` / `G B` / `G F` / `G R` / `G V` / `G O` / `G L` / `G I` / `G ,`) - Wires shortcuts into `SideBarNavLink` — binding + dynamic-delay tooltip (0ms collapsed, 1000ms expanded) replaces the old label-only collapsed tooltip Closes [FE-3048](https://linear.app/supabase/issue/FE-3048/create-navigation-shortcuts). ## Test plan - [x] Hover each main sidebar nav item with sidebar expanded — tooltip appears after delay with label + shortcut pills - [x] Collapse sidebar — tooltip appears instantly on hover - [x] Press `G` then a registered letter anywhere outside text inputs — navigates to that screen - [x] Press `G` inside a text input — no navigation fires - [x] Disabled nav items (project inactive) — no shortcut fires, no tooltip anomaly - [x] Feature-gated routes (auth/storage/realtime off) — shortcut is gone with the route <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Global keyboard shortcuts added for navigating major app sections (home, editors, database, auth, storage, functions, realtime, advisors, observability, logs, integrations, settings). * Navigation items display their keybinds in hover tooltips and can be triggered via those shortcuts. * Tooltip timing adapts to sidebar state (immediate when collapsed, delayed when expanded). * Shortcut-aware tooltip display now shows multi-step key sequences clearly. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Danny White
|
1ab7251060 |
chore(studio): clarify partnered orgs and projects (#44328)
## What kind of change does this PR introduce? UI improvements. - Resolves DEPR-401 - Resolves DEPR-424 - Resolves DEPR-425 ## What is the current behaviour? Studio currently blurs two different concepts together: - `billing_partner` / `billing_via_partner`, which represent real billing ownership for marketplace-managed organisations such as AWS and Vercel - Stripe connection state, which is not actually partner billing in the same sense, but was previously being mocked through the same UI paths That made the Stripe work harder to reason about and left some local behaviour dependent on temporary overrides rather than the API shape we want to ship. ## What is the new behaviour? This PR separates those concerns while keeping the existing AWS and Vercel marketplace experience intact. - AWS and Vercel continue to use `billing_partner` / `billing_via_partner` for billing ownership, lockouts, and manage CTAs - Stripe display state now comes from `integration_source`, which lets Studio show Stripe-specific badges and alerts without treating Stripe as a billing partner - organisation-level partner UI is unified across AWS, Vercel, and Stripe, including the org banner, navbar icon treatment, and organisation cards - project-level Stripe UI now appears only when the project itself is marked as Stripe-connected, including the project switcher, project list surfaces, and a project-level banner - Stripe-connected organisations are no longer incorrectly blocked behind the AWS/Vercel-style billing management alerts for invoices, billing address, payment methods, or plan changes - banner dismissal is scoped to the relevant org/project and partner/integration state ## Review order Most of the diff size here is regression tests and generated types. The behavioural changes are concentrated in a smaller set of files. Recommended review order: 1. `integration_source` vs `billing_partner` data-model split and org/project query mapping 2. org-level UI: partner icon, org banner, org dropdown/card treatment 3. billing gating updates for Stripe vs AWS/Vercel 4. project-level Stripe UI: dropdown, list surfaces, banner 5. tests and generated types | Stripe Org(s) | | --- | | <img width="1024" height="759" alt="Organizations Supabase" src="https://github.com/user-attachments/assets/d0ef338c-3b41-4c6d-b3bd-f21a2c182840" /> | | Vercel Org(s) | | --- | | <img width="1024" height="759" alt="Organizations Supabase" src="https://github.com/user-attachments/assets/1dc57770-3f24-45ac-840f-34680555cde8" /> | | AWS Org(s) | | --- | | <img width="1024" height="759" alt="Organizations Supabase" src="https://github.com/user-attachments/assets/7847dad0-ee30-4a65-ab0b-b3b16af0d34f" /> | | Stripe Org, Non-Stripe Project | | --- | | <img width="1152" height="885" alt="Mallet Toolshed Supabase-1673E019-792C-462C-B6F8-C5DDB810B331" src="https://github.com/user-attachments/assets/556fbea3-b5ae-4f2f-96b9-6f66c6654e4a" /> | | Stripe Org, Stripe Project | | --- | | <img width="1152" height="885" alt="Hammer Toolshed Supabase-7E86C17C-561F-4221-BD16-EAFF7D41AAE0" src="https://github.com/user-attachments/assets/94f8daf6-0320-413e-8d56-59f9acaaea15" /> | | Vercel Org | | --- | | <img width="1024" height="759" alt="Projects Toolshed Supabase-A7891653-9366-4B99-89DD-789D70CD52E3" src="https://github.com/user-attachments/assets/c87ee6e8-4451-4866-a905-23a38b2593e3" /> | | AWS Org | | --- | | <img width="1024" height="759" alt="Projects Toolshed Supabase-58A43ECE-569E-4541-9463-346A90B02CFF" src="https://github.com/user-attachments/assets/9350a180-4d58-42a1-ad1a-95893c2e8b12" /> | This also removes the old Stripe mock override path in Studio so the frontend matches the intended API model more closely. ## ~~Dependencies~~ (merged!) This work depends on the private platform change that exposes `integration_source` on the relevant organisation and project payloads: - https://github.com/supabase/platform/pull/31874 _Update: now merged._ ## Local testing ### Stripe If you have the private `platform` repo checked out locally, make sure your local API returns `integration_source: 'stripe_projects'` consistently for the Stripe-linked org/project you are testing. Important responses: - `/platform/organizations` - `/platform/organizations/:slug/projects` - `/platform/projects/:ref` Verify: - org banner and org icon show the Stripe connected state - unopened and opened project switcher both show Stripe only for Stripe-linked projects - project cards / table rows show the Stripe chip only for Stripe-linked projects - the project-level Stripe banner appears across project surfaces - billing address, tax ID, invoices, payment methods, and plan changes remain editable in Studio for Stripe orgs ### Vercel Use a Vercel Marketplace org with real `billing_partner` / `billing_via_partner` values. Important org-level endpoints for local mocking in `platform`: - `/platform/organizations` - `/platform/organizations/:slug` - `/platform/organizations/:slug/billing/subscription` Project-level Vercel indicators still come from `/platform/integrations/:slug`, not `integration_source`. ### AWS Use an AWS Marketplace org with real `billing_partner` / `billing_via_partner` values. Important org-level endpoints for local mocking in `platform`: - `/platform/organizations` - `/platform/organizations/:slug` - `/platform/organizations/:slug/billing/subscription` AWS does not currently have a Stripe-like project-level indicator in these org/project payloads. ## Notes - `billing_partner` is no longer the right abstraction for the Stripe-connected case in this PR. It remains the source of truth for marketplace billing ownership, while Stripe currently uses `integration_source` as a connection/display signal. - I re-ran `pnpm api:codegen` while tightening this PR and kept only the generated type changes this branch actually depends on, to avoid unrelated API drift in the review. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Stripe Projects integration added for billing and project flows * Partner icons/badges shown across org and project lists, dropdowns, and rows * Dismissible, partner-specific marketplace/integration banners with contextual CTA behavior * Improved partner-billing detection to drive billing UI and invoice/plan availability * **Tests** * Extensive new test coverage for billing UI, partner-managed fallbacks, banners, icons, and related flows <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com> |
||
|
kemal.earth
|
4ec48666d2 |
feat(studio): unified logs guard change (#44962)
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? This changes the guard to expose unified logs to Enterprise. **To test:** - Create an Enterprise org. - Go to a project and then Logs. - Default view should be unified logs (with a CTA offering to switch back to old logs). <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added enterprise/Supabase-org eligibility checks and loading state for the unified logs preview. * **UX** * Updated messaging to state unified logs are only available to Enterprise plan organizations. * Sidebar and filter panels now show unified-logs preview panels based on eligibility. * **Analytics** * Track unified logs row clicks with a new telemetry event. * **Bug Fixes** * Prevent navigation until unified-logs eligibility and preview flag loading are resolved. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Ali Waseem
|
40791f9846 |
chore(studio): migrate useHotKey to useShortcut (#45099)
## Summary - Migrates all 11 `useHotKey` call sites across 9 files to `useShortcut`, backed by `SHORTCUT_DEFINITIONS` in `state/shortcuts/registry.ts`. - Adds 10 new registry entries (all `showInSettings: false` to keep behavior identical to today — these were not previously user-configurable). - Deletes `apps/studio/hooks/ui/useHotKey.ts`. - Simplifies `ActionBar.handleSave` — the legacy hook passed a `KeyboardEvent` the callback used for `preventDefault`/`stopPropagation` and a textarea-plain-Enter guard; all of that is redundant under `useShortcut` (TanStack handles default/propagation; `Mod+Enter` never fires on plain Enter). - Removes a stale commented-out `useHotKey` reference in `DataTableFilterCommand.tsx`. Part of FE-3025 (legacy hotkey hook cleanup). `useKeyboardShortcuts` in `grid/components/common/Hooks.tsx` will be migrated in a follow-up. ## Test plan All shortcuts should still fire with **Cmd** (macOS) / **Ctrl** (Win/Linux). **Table Editor — operation queue** (requires pending unsaved edits on a row) - [x] `Cmd+S` saves pending edits - [x] `Cmd+.` toggles the operation queue side panel - [x] `Cmd+Z` undoes the latest edit and re-fetches the affected table rows - [x] With no pending edits, none of the above fire (gated by `isEnabled`) **Table Editor — side panel editor forms** (row, table, column, policy, etc.) - [x] `Cmd+Enter` submits the form when the panel is visible - [x] Does not submit if the form is disabled/loading or the panel is hidden **Unified Logs — data table** - [x] `Cmd+B` toggles the filter controls sidebar (desktop) - [x] `Cmd+B` opens the filter drawer (mobile, `<sm` breakpoint) - [x] `Cmd+Esc` resets active column filters (reset button visible) - [x] `Cmd+U` resets column order + visibility - [x] `Cmd+J` toggles live mode **Unified Logs — reset focus** - [x] `Cmd+.` blurs the currently focused element / resets focus to body **AI Assistant panel** - [x] While editing a message, `Cmd+Esc` cancels the edit **Regression checks** - [x] `pnpm --filter=studio typecheck` passes (verified locally) - [x] None of the new shortcut entries appear in Account → Preferences → Keyboard shortcuts (all `showInSettings: false`) - [x] Existing shortcuts (`Cmd+K`, `Cmd+I`, `Cmd+E`, results copy/download) still work unchanged <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Refactor * Implemented a centralized keyboard shortcut registry system for managing shortcuts consistently across the application * Updated multiple UI components throughout the interface to use the new shortcut management system * All existing keyboard shortcuts continue to function without any changes in behavior or user experience ## Chores * Removed legacy keyboard shortcut hook implementation <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Stephen Morgan
|
bd55ad23a6 |
feat: iso27001 certificate (#44963)
Edit: Can be merged, mgmt api deployed Dashboard addition to frontend for access to the ISO 27001 certificate. View for Team customers: <img width="1737" height="1151" alt="image" src="https://github.com/user-attachments/assets/cd62d24f-8b6e-4600-9ded-943a170cd124" /> Resolves SEC-799 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * ISO 27001 certificate added to Documents with a Download action, confirmation modal, new-tab open on success, and error toast on failure. * Users without billing permission see a no-permission view; users missing entitlement see an “Upgrade to Team” prompt. * **Refactor** * Upgrade-to-Team flows for SOC2 and related upgrade UI standardized to use the shared upgrade component. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Joshen Lim <joshenlimek@gmail.com> |
||
|
Matt Rossman
|
8f69a10cc9 |
fix(studio): reliable schema-aware SQL editor AI completions (#44730)
A variety of fixes and improvements to the Cmd+K AI completions endpoint in the [SQL Editor](https://supabase.com/dashboard/project/_/sql/new): - Pre-load table definitions for the public schema and any other schemas referenced in the editor, so the model has real column names without needing to fetch them dynamically - Replace the generic tool suite with a single streamlined `getSchemaDefinitions` tool the model can still call to look up additional schemas on demand without behavior differences across platform & self-hosted - Swap generic chat system prompt for a purpose-built `COMPLETION_PROMPT`; fix role (`assistant` → `user`) for consistency with other endpoints - Validate and type the request body with `zod`, which was previously untyped (`any`) - Improve Cmd+K behavior when nothing is selected — use the full editor content as context, return the complete query rather than just the changed fragment, and switch to a generation mode when the editor is blank - Escape single quotes in schema names when fetching entity definitions in `pg-meta` to prevent schema names from breaking out of the SQL string and injecting arbitrary content into the prompt ## Before Before, the SQL Editor would often hallucinate tables / columns that don't exist in the user's database making it less helpful if you don't know the exact table/column names. Even with maximum Assistant opt-in level on the org, it would often fail to call the necessary tools to gather database context. <img width="5062" height="1522" alt="image" src="https://github.com/user-attachments/assets/fbe1130f-6b5a-41a8-99d7-7268880af188" /> <img width="2540" height="658" alt="image" src="https://github.com/user-attachments/assets/a31c2967-7751-4fce-a9b7-60bd77660b1a" /> Sometimes it also silently fails and generates empty queries: <img width="1352" height="398" alt="CleanShot 2026-04-09 at 17 46 06@2x" src="https://github.com/user-attachments/assets/e17c103a-d47d-47e6-8c2e-101f0fae5651" /> Or echos back the user's prompt: <img width="1368" height="282" alt="CleanShot 2026-04-09 at 23 04 56@2x" src="https://github.com/user-attachments/assets/7dff6e64-f54e-45b5-8e86-5399e5a2fe41" /> ## After In this example, the completion correctly interpreted my request for "completed" todos as a query on the `completed_foo` column in my `public` schema, instead of assuming existence of a `completed` column. <img width="1452" height="838" alt="CleanShot 2026-04-09 at 17 43 13@2x" src="https://github.com/user-attachments/assets/7a575589-78b4-448d-810a-0330ff08ef8b" /> In this example, the completion was correctly aware of an `other` schema because it was detected in my existing query. I didn't have to select the text, it included the full query in context when unselected. Notice how it correctly used the `is_done` column when I asked for "completed" cakes: <img width="1372" height="534" alt="CleanShot 2026-04-09 at 17 39 07@2x" src="https://github.com/user-attachments/assets/e6b7eb6f-f3e8-4fa1-90a3-b5e34ddc14e4" /> Supersedes #44151 Closes AI-544 |
||
|
Danny White
|
2349f76e18 |
fix(studio): guard no-op advisor dismissal localStorage updates (#45031)
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Bug fix. ## What is the current behavior? Advisor dismissals use `useLocalStorageQuery`. When advisor signals pruning ran, it sometimes invoked `setDismissedKeys` even when nothing needed to change (no-op updater returning the same array reference). Separately, `useLocalStorageQuery` would still persist + `invalidateQueries` even when the computed next value was reference-equal to the current cached value. When `useAdvisorSignals` is mounted in two places at once (`AdvisorSection` + `AdvisorPanel`), those redundant invalidations / subscriber churn could occasionally cascade into React’s “Maximum update depth exceeded” error (often surfaced via Radix `composeRefs` in stack traces). CI saw this as an unhandled error during `AdvisorSignals.integration.test.tsx`. ## What is the new behavior? - `useLocalStorageQuery` now **early-returns** when `Object.is(next, current)` so no-op updates don’t write localStorage or invalidate the query. - `useAdvisorSignals` pruning effect now **short-circuits** unless there is actually a stale banned-IP dismissal to remove. ## Additional context Follow-up from #44372 (advisor signal items for banned IPs). Tests run locally: - `pnpm --filter studio exec vitest run components/ui/AdvisorPanel/useAdvisorSignals.test.tsx components/ui/AdvisorPanel/AdvisorSignals.integration.test.tsx hooks/misc/__tests__/useLocalStorageQuery.test.ts` <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Enhanced handling of dismissed security alerts by preventing unnecessary state updates for stale dismissals, significantly reducing overhead and improving overall application performance. * Optimized local storage operations to skip redundant writes to storage and prevent triggering unnecessary cache updates and query invalidations when stored data values remain unchanged from the previous operation. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |