Mark provenance of SQL via the branded types SafeSqlFragment and
UntrustedSqlFragment. Only SafeSqlFragment should be executed;
UntrustedSqlFragments require some kind of implicit user approval (show
on screen + user has to click something) before they are promoted to
SafeSqlFragment.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Editor and RLS tester show loading states for inferred/generated SQL
and include a dedicated user SQL editor for safer edits.
* **Refactor**
* Platform-wide SQL handling tightened: snippets and AI-generated SQL
are treated as untrusted/display-only until promoted, improving safety
and consistency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR migrates the whole monorepo to use Tailwind v4:
- Removed `@tailwindcss/container-queries` plugin since it's included by
default in v4,
- Bump all instances of Tailwind to v4. Made minimal changes to the
shared config to remove non-supported features (`alpha` mentions),
- Migrate all apps to be compatible with v4 configs,
- Fix the `typography.css` import in 3 apps,
- Add missing rules which were included by default in v3,
- Run `pnpm dlx @tailwindcss/upgrade` on all apps, which renames a lot
of classes
- Rename all misnamed classes according to
https://tailwindcss.com/docs/upgrade-guide#renamed-utilities in all
apps.
---------
Co-authored-by: Jordi Enric <jordi.err@gmail.com>
A variety of fixes and improvements to the Cmd+K AI completions endpoint
in the [SQL Editor](https://supabase.com/dashboard/project/_/sql/new):
- Pre-load table definitions for the public schema and any other schemas
referenced in the editor, so the model has real column names without
needing to fetch them dynamically
- Replace the generic tool suite with a single streamlined
`getSchemaDefinitions` tool the model can still call to look up
additional schemas on demand without behavior differences across
platform & self-hosted
- Swap generic chat system prompt for a purpose-built
`COMPLETION_PROMPT`; fix role (`assistant` → `user`) for consistency
with other endpoints
- Validate and type the request body with `zod`, which was previously
untyped (`any`)
- Improve Cmd+K behavior when nothing is selected — use the full editor
content as context, return the complete query rather than just the
changed fragment, and switch to a generation mode when the editor is
blank
- Escape single quotes in schema names when fetching entity definitions
in `pg-meta` to prevent schema names from breaking out of the SQL string
and injecting arbitrary content into the prompt
## Before
Before, the SQL Editor would often hallucinate tables / columns that
don't exist in the user's database making it less helpful if you don't
know the exact table/column names. Even with maximum Assistant opt-in
level on the org, it would often fail to call the necessary tools to
gather database context.
<img width="5062" height="1522" alt="image"
src="https://github.com/user-attachments/assets/fbe1130f-6b5a-41a8-99d7-7268880af188"
/>
<img width="2540" height="658" alt="image"
src="https://github.com/user-attachments/assets/a31c2967-7751-4fce-a9b7-60bd77660b1a"
/>
Sometimes it also silently fails and generates empty queries:
<img width="1352" height="398" alt="CleanShot 2026-04-09 at 17 46 06@2x"
src="https://github.com/user-attachments/assets/e17c103a-d47d-47e6-8c2e-101f0fae5651"
/>
Or echos back the user's prompt:
<img width="1368" height="282" alt="CleanShot 2026-04-09 at 23 04 56@2x"
src="https://github.com/user-attachments/assets/7dff6e64-f54e-45b5-8e86-5399e5a2fe41"
/>
## After
In this example, the completion correctly interpreted my request for
"completed" todos as a query on the `completed_foo` column in my
`public` schema, instead of assuming existence of a `completed` column.
<img width="1452" height="838" alt="CleanShot 2026-04-09 at 17 43 13@2x"
src="https://github.com/user-attachments/assets/7a575589-78b4-448d-810a-0330ff08ef8b"
/>
In this example, the completion was correctly aware of an `other` schema
because it was detected in my existing query. I didn't have to select
the text, it included the full query in context when unselected. Notice
how it correctly used the `is_done` column when I asked for "completed"
cakes:
<img width="1372" height="534" alt="CleanShot 2026-04-09 at 17 39 07@2x"
src="https://github.com/user-attachments/assets/e6b7eb6f-f3e8-4fa1-90a3-b5e34ddc14e4"
/>
Supersedes #44151
Closes AI-544
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Cleanup shortcuts with new hooks
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Centralized keyboard shortcut system for consistent shortcut behavior
across the app and moved preference toggles to a unified registry.
* **New Features**
* Added explicit shortcuts for Command Menu, AI Assistant, Inline
Editor, and result copy/download actions.
* Hotkey preferences UI now renders dynamically from the centralized
shortcut list.
* **Tests**
* Test helpers updated to include the command menu provider for accurate
shortcut behavior in tests.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR moves several components which rely on `next` out of the `ui`
package to the `ui-patterns` package.
`ui-patterns` package is intented to be imported with specific imports
so it's ok if there are components reliant on `next` in there.
The `SonnerToaster` component has removed its dependency by requiring a
prop for `theme`.
## What kind of change does this PR introduce?
Resolves FDBK-40065
## What is the current behavior?
Using the _Run_ button on either inline or “full” SQL Editor removes
focus from the Monaco editor.
## What is the new behavior?
The text caret remains in the Monaco editor even after button press.
## To test
Try running a few queries both with keyboard (⌘ enter) and mouse click
on the _Run_ button:
```sql
-- 1) Create a mock table + seed data
drop table if exists public.test;
create table public.test (
id bigserial primary key,
name text not null,
created_at timestamptz not null default now()
);
insert into public.test (name)
values
('alpha'),
('beta'),
('gamma'),
('delta');
select * from public.test order by id;
```
```sql
-- 2) Deletion query that should trigger the warning modal (destructive op)
delete from public.test where id <= 2;
-- Verify remaining rows
select * from public.test order by id;
```
## Additional context
- [ ] This was FDBK-40065 that we should reply to
- EditorPanel can now load, save, and rename SQL snippets inline
- New SaveSnippetDialog component for saving snippets with AI-generated
titles
- EditorPanel state tracks active snippet ID and pending reset
- EditQueryButton opens the inline editor panel instead of navigating to
SQL editor page
- AIEditor exposes onMount callback for editor instance access
- SnippetDropdown label updated to "Create snippet"
## TO TEST
### Normal CRUD
- open inline SQL Editor
- try creating a new snippet
- try editing an existing snippet
### Homepage V2 Report
- Try adding a new block → create snippet
- create the snippet in inline sql editor
- select the snippet in the report block section
## Context
Resolves https://github.com/supabase/supabase/issues/42304
Realised that the Inline Editor behaves differently from the SQL Editor
in which
[`isStatementTimeoutDisabled`](https://github.com/supabase/supabase/pull/36367)
is not set to true for the former which hence runs queries within a
transaction.
PR here sets that to true which should align the behaviour between both
editors
IMO though - the long term fix is just consolidating the editors so that
the behaviours are the same
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* SQL statements in the editor can now execute without timeout
restrictions, allowing long-running queries to complete successfully.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
* Load the TS lib files dynamically in the editor and set them on the Monaco instance only if the language is TS or JS.
* Change the AIEditor to use named export.
* Add catches for the dynamic loads.
* Add a generateDeterministicUuid function and tests for it.
* Use the new function and generate an id automatically when creating a snippet.
* Clean up extra code.
* Don't pass in id when creating a snippet.
* Add generateSnippetTitle function and use it instead of fixed string.
* When SQL editor is open, generate an id form a generated snippet title.
* Add id override for SQL editor to avoid flash when saving the snippet.
* Merge the two generate functions to happen in the same useMemo block.
* Save the snippet to the API when adding it.
* Minor fixes from CodeRabbit review.
* Hide new folder CTA in sql editor for self-hosted
* Don't add the snippet for saving, just set the value.
* UpsertContentPayload always has an id.
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* feat(preferences): allow disable hotkeys
Add a section in /account/me for disabling hotkeys. Only added one
hotkey for now (Cmd + E for toggling editor side panel) but we can add
more with the same pattern.
* refactor: remove default export on ProjectLayout
* feat(hotkeys): allow toggling of command menu and ai assistant hotkeys
* Nit
* PRettier lint
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* update onboarding
* update model and fix part issue
* action orientated assistant
* fix tool
* lock
* remove unused filter
* fix tests
* fix again
* update package
* update container
* fix tests
* refactor(ai assistant): break out message markdown and profile picture
* wip
* refactor(ai assistant): break up message component
* refactor: break ai assistant message down into multiple files
* refactor: simplify ReportBlock state
* fix: styling of draggable report block header
When the drag handle is showing, it overlaps with the block header.
Decrease the opacity of the header so the handle can be seen and the two
can be distinguished.
* fix: minor tweaks to tool ui
* refactor: simplify DisplayBlockRenderer state
* fix: remove double deploy button in edge function block
When the confirm footer is shown, the deploy button on the top right should be
hidden (not just disabled) to avoid confusion.
* refactor, test: message sanitization by opt-in level
Refactor the message sanitization to have more type safety and be more testable.
Add tests to ensure:
- Message sanitization always runs on generate-v4
- Message sanitization correctly works by opt-in level
* Fix conflicts in pnpm lock
* Couple of nits and refactors
* Revert casing for report block snippet
* adjust sanitised prompt
* Fix tests
---------
Co-authored-by: Charis Lam <26616127+charislam@users.noreply.github.com>
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* try a really long context window to maximize caching
* update examples
* attempt to update packages and useChat
* update endpoints
* update zod
* zod
* update to v5
* message update
* Revert "zod"
This reverts commit ec39bac6b6.
* revert zod
* zod i
* fix complete endpoints
* remove async
* change to content
* type cleanup
* Revert the package bumps to rebuild them.
* Bump zod to 2.25.76 in all packages.
* Bump openai in all packages.
* Bump ai and ai-related packages.
* Remove unneeded files.
* Fix the rest of the migration stuff.
* Prettier fixes.
* add policy list tool
* refactor
* ai sdk 5 fixes
* refactor complete endpoint
* edge function prompt
* remove example
* slight prompt change
* Minor clean up
* More clean up
---------
Co-authored-by: Jordi Enric <jordi.err@gmail.com>
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* decouple editor panel from global state
* refactor again
* dont close assistant
* remove async
* onsave props
* Fix TS errors
* Remove editorPanel state from app-state, use useHotKey hooks for keyboard shortcuts
* Minor UX improvements to EditorPanel
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* Replace all usage of useProjectContext with useSelectedProjectQuery
* Replace all usage of useSelectedProject with useSelectedProjectQuery
* Replace all usage of useProjectByRef with useProjectByRefQuery
* Replace all usage of useSelectedOrganization with useSelectedOrganizationQuery
* Deprecate useSelectedProject, useSelectedOrganization, and useProjectByRef hooks
* Deprecate ProjecContext
* Clean up usage of newOrgAiOptIn and useBedrockAssistant feature flags
* Remove all OpenAI endpoints
* Fix for self-hosted
* Default isLimited to false
* Update PG meta tests
* Fix unit tests for model
* Revert pg meta tests
* Fix test
---------
Co-authored-by: Alaister Young <alaister@users.noreply.github.com>
* Feature flag assistant endpoint + opt in UI
* Feature flag bedrock stuff for the other endpoints like title, cron, complete
* add edge function complete v2
* revert to old complete
* Revert hardcode
* fix chart colour
---------
Co-authored-by: Saxon Fletcher <saxonafletcher@gmail.com>
* step 1
* use mcp
* system prompt
* clean up
* space
* clean up
* add three state opt in toggle
* clean up
* todo
* hooks
* refactor opt in form and modal
* refinements
* add bedrock
* remove console
* update mcp util
* use bedrock
* remove openai sdk package
* re-add tools
* update complete endpoints
* fix: ai assistant markdown formatting (#35541)
* fix: mcp types and project ref (#35540)
* feat: more flexible aws credential provider (#35538)
* feat: more flexible aws credential provider
* fix: add AWS_REGION to turbo env vars
* change to allowed
* update complete endpoints
* add an additional permission
* refinements
* use claud 4
* legal copy changes
* update other ai functions to use bedrock
* update generate v3 copy
* remove generate sql modal
* fixes for query block
* re-add dragging to reports
* clean up
* add open ai edge function example
* use handle error from fetchers
* remove schema and lean on tools
* copy
* Assistant MCP tests (#36049)
* feat: refactor and test mcp and model logic
* fix: remove get_project tool
* fix: remove additional get_project tool references
* update copy
* Clean up, fixes, refactors
* oops
* Float errors from AI endpoionts as toasts
* Use a env var AWS_BEDROCK_PROFILE for bedrock.
* Rename the env var for AWS bedrock profile.
* feat: support custom aws bedrock env vars
* chore: add comments explaining aws credential chain
* MCP Self Hosted Check (#36185)
support self hosted
* feat: bedrock auth via vercel oidc
* Fix broken unit test
* Feeeex
* Refactor useOrgOptedIntoAi
* Remove useDisallowHipaa hook
* small system prompt change
* readd vercel packages
* fix self hosted
* increase max duration
* try more direct prompt
* max duration 90
* reduce max steps and add loading
* mono font
* backwards compat styling
* Chore/limit number of messages sent to assistant (#36388)
* Limit number of historical messages that get sent to assistant
* Update max chat history to 5
* alignment
* bump mcp server version
* Add feature flag for opt in tags (#36466)
* Add feature flag for opt in tags
* Add one more check
* security section system prompt
* rely on default link and replace image markdown
* Add custom link component to assistant message block (#36527)
* Add custom link component to assistant message block
* Update based on feedback
* Render plain text if URL is deemed unsafe
* fix mcp tools and parse data (#36593)
* Update Admonition for AI Assistant for when opt in is re-enabled (#36663)
* Update Admonition for AI Assistant for when opt in is re-enabled
* Update
* Smol fix
* Fix TS
* Tiny
---------
Co-authored-by: Greg Richardson <greg.nmr@gmail.com>
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
* chore: move HIPAA checks from org to project level
HIPAA orgs can mark specific projects as sensitive. Those projects will
have HIPAA restrictions applied to them. This opens non-HIPAA projects
in the same Organization up to use previously disabled features.
* fix: don't call react hooks conditionally
* chore: disable AI in HIPAA
If in a project and the project is HIPAA enabled, disable AI. Otherwise
rely on the opt-in to AI at the org level
* remove flag for just accessing inline editor
* remove feature flag in header
* clean up
* fix
* Tiny tiny style fix
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* add assistant chats
* refactoring
* refactor
* refactor to use onfinish
* fix ts
* dependencies removal
* Update useAssistant.ts
* ts
* refactor useAssistant hook to valtio store
* Minor tweaks
* Add name param to newChat, and add names to each call of newChat
---------
Co-authored-by: Alaister Young <a@alaisteryoung.com>
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
Charis