mirror of
https://github.com/supabase/supabase.git
synced 2026-07-06 00:26:00 -04:00
create-pull-request/patch
1185 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
78bcd430ab | [create-pull-request] automated change | ||
|
|
3521ff06e1 |
Joshen/fe 3778 rls tester to support insert queries (#47554)
## Context Back to working on the [RLS Tester](https://github.com/orgs/supabase/discussions/45233), slowly adding support for mutation queries. First part here will be to add support for testing `INSERT` based queries (Note that there's no changes to the sandbox stuff in this PR) ## Changes involved - If testing an `INSERT` query, we show a big warning first that the query will be ran on the actual DB - Note that we skip the warning if the sandbox is used <img width="534" height="231" alt="image" src="https://github.com/user-attachments/assets/ef75a0c9-61e4-49b0-9d78-458e8e5f7f4f" /> - If the testing as an anon user + RLS enabled <img width="601" height="386" alt="image" src="https://github.com/user-attachments/assets/b21f048d-bac1-4ddd-b84b-c231ae9f9e3e" /> - If testing as an auth-ed user + RLS enabled, but the INSERT violates RLS (conditions don't meet) <img width="604" height="489" alt="image" src="https://github.com/user-attachments/assets/41c40486-48d5-4eee-b7cd-8f993edc47be" /> - Else if testing as an auth-ed user + RLS enabled and INSERT matches RLS <img width="612" height="402" alt="image" src="https://github.com/user-attachments/assets/41854b40-b351-408b-8d23-cc5e0fa40813" /> - Minor cosmetic layout change here - Use layout horizontal - Also added the user ID below the dropdown with click to copy action for convenience <img width="615" height="528" alt="image" src="https://github.com/user-attachments/assets/b9c04395-5435-474a-b3c5-640143faa782" /> - Added inline guard againsts some conditions - Should not be able to run UPDATE or DELETE queries <img width="622" height="319" alt="image" src="https://github.com/user-attachments/assets/351af7c6-8f1e-47ae-8651-3b9b0b512490" /> - Should not be able to run multiple queries <img width="612" height="317" alt="image" src="https://github.com/user-attachments/assets/603d9a1f-1d1f-40f2-806d-93aea6b6cf8e" /> ## To test - [ ] Verify that the RLS Tester works as expected for an insert query - Against actual DB - Against sandbox (only available on staging) - [ ] Verify that inline guards are all working as expected - Let me know if there's any edge cases I might have missed! <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * RLS Tester results are now operation-aware (SELECT vs mutations), with clearer “no rows/all rows” and policy evaluation explanations. * Added copy-to-clipboard for the impersonated user ID. * Query parsing now surfaces richer context, including WHERE clause details and statement count, and SELECT-only previews. * **Bug Fixes** * Improved handling of blocked mutation queries and RLS-related error messaging. * Updated RLS Tester navigation to the correct policies page. * Refined sandbox-assisted execution flow and empty/error states. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
a1716edc3c | refactor(replication): do not fetch secrets from APIs and enable partial update on API (#47454) | ||
|
|
f9fc5c8020 |
fix: table-editor-negative-bigint-filter-precision (#47471)
Fixes: #47470 ## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Bug fix. ## What is the current behavior? In the Table Editor, filtering a `bigint` (`int8`) column by a large **negative** value returns the wrong results (the matching row does not appear), while the equivalent large **positive** value works correctly. `formatFilterValue` (`apps/studio/data/table-rows/utils.ts`) keeps out-of-range bigint filter values as strings so they reach Postgres without precision loss, but it only guards the upper end of the JS safe-integer range: ```ts const numberValue = Number(filter.value) // Supports BigInt filter values if (Number.isNaN(numberValue) || numberValue > Number.MAX_SAFE_INTEGER) return filter.value else return Number(filter.value) ``` `numberValue > Number.MAX_SAFE_INTEGER` is always `false` for negative numbers, so large negative bigints (e.g. the int8 minimum `-9223372036854775808`) fall through and get rounded by `Number()` (`Number('-9223372036854775808')` → `-9223372036854776000`). The rounded value is then sent to SQL, so the filter no longer matches the intended row. The same helper feeds the row count and "delete all matching" queries. Steps to reproduce: 1. Create a table with a `bigint` column `id`. 2. Insert a row with `id = -9223372036854775808`. 3. In the Table Editor, filter `id = -9223372036854775808`. 4. The row is not returned. Filtering by `9223372036854775807` works as expected. ## What is the new behavior? Large negative bigints are now preserved as strings just like large positive ones, so the literal sent to Postgres matches what the user typed and the filter returns the correct rows. The fix guards the safe-integer range by magnitude: ```ts if (Number.isNaN(numberValue) || Math.abs(numberValue) > Number.MAX_SAFE_INTEGER) return filter.value else return numberValue ``` In-range values and large positive bigints are unaffected. ## Additional context - Added unit tests in `apps/studio/data/table-rows/utils.test.ts` covering non-numerical passthrough, in-range coercion (positive and negative), `NaN` passthrough, large positive bigints (existing behavior), large negative bigints (regression), and the exact safe-integer bounds. - The negative-bigint test fails on `master` and passes with this change. Verify locally: ```bash pnpm --filter studio exec vitest run data/table-rows/utils.test.ts ``` No API, schema, or infrastructure changes. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved filter value formatting to keep the original input when numeric conversion would be unsafe (invalid numbers or values outside safe-integer bounds), including large negative inputs. * **Tests** * Added automated coverage for filter value formatting across non-numeric values, valid numeric coercion, invalid numeric strings, and bigint-like edge cases (including a large negative regression case). <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Ali Waseem <waseema393@gmail.com> |
||
|
|
3fcf980b0a |
fix(studio): batch of production Sentry crash fixes (array/null guards) (#47460)
Fixes a batch of production Studio crashes from Sentry (all caught by the global error boundary). Most are missing array/null guards where an endpoint typed as an array — or with a nested array field — returned a non-array body in production; a few are one-off render crashes. Resolves FE-3748. ## Issues fixed | Sentry | Error | Fix | | --- | --- | --- | | [J7R](https://supabase.sentry.io/issues/7492997940/) | Maximum update depth exceeded | Disable RadialBar animation in disk-cooldown countdown | | [JR5](https://supabase.sentry.io/issues/7548484681/) | resourceWarnings.find is not a function | Guard in ResourceExhaustionWarningBanner | | [JCJ](https://supabase.sentry.io/issues/7506024989/) | resourceWarnings.find is not a function | Guard in ProjectLayout + normalize query | | [K1Y](https://supabase.sentry.io/issues/7584792331/) | snippet.name on undefined | Optional-chain SQL editor download filename | | [B3K](https://supabase.sentry.io/issues/7141649636/) | pagination.count on undefined | Guard pagination in projects infinite query | | [JVP](https://supabase.sentry.io/issues/7560437621/) | schemas.some / extensions.find | Coerce pg-meta lists to arrays in useInstalledIntegrations | | [JR2](https://supabase.sentry.io/issues/7548339272/) | extensions.find is not a function | (same fix as JVP) | | [JQR](https://supabase.sentry.io/issues/7547163939/) | lints.filter is not a function | Normalize project lints query | | [JR3](https://supabase.sentry.io/issues/7548433501/) | entitlements.find is not a function | Guard call sites + normalize entitlements query | | [JQS](https://supabase.sentry.io/issues/7547557098/) | selected_addons.find is not a function | Normalize addons query arrays | <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved stability across several Studio screens by handling missing or unexpected data more safely. * Downloads now use a fallback name when a snippet name isn’t available. * Project, entitlement, schema, addon, warning, and extension views are less likely to break when data is missing or not in the expected format. * Pagination and countdown visuals now behave more consistently, with reduced chance of runtime errors or animation-related glitches. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com> |
||
|
|
d1e3c71e48 | fix(studio): close delete bucket modal immediately after deletion (#47365) | ||
|
|
4562af27c2 | test(studio): cover SQL content remap and upsert response remap (#47445) | ||
|
|
1de298ff31 |
Reinstate https://github.com/supabase/supabase/pull/45143 into latest master (#47433)
## Context Previous PR was [here](https://github.com/supabase/supabase/pull/45143) but it got stale with lots of conflicts so figured it'll be easier redo it off the latest master Moves policies page from Auth to Database under an Access Control section along with Roles. This moves all existing files, applies redirects, and updates urls to point to the new route <img width="274" height="412" alt="image" src="https://github.com/user-attachments/assets/7952c185-64ae-4355-ba36-45397efe1787" /> <img width="453" height="471" alt="image" src="https://github.com/user-attachments/assets/04b3dcb3-48a5-4049-9893-d01109fb46a9" /> ## To test - [ ] Verify that policies now live under Database correctly <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added a quick navigation shortcut to open **Database > Policies (RLS)**. * **Bug Fixes** * Updated Policies and RLS-related links across the product to open the **Database policies** area (menus, command palette, context actions, alerts, and link-outs). * Added a permanent redirect from the old **auth policies** URL to the new **database policies** URL. * **Documentation** * Updated RLS Dashboard and security checklist instructions to reference **Database > Policies**. * **Tests** * Adjusted automated tests to validate the new Policies route. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
b34a9a027f |
fix: snippet content missing after move or rename (#47409)
Snippet content was wiped blank after a move or rename (until dashboard refreshed) because it depended on the API returning the new content, but the API returns under the `content` field, not the `unchecked_sql` field that is expected. Added a `remapSqlContentField` remap to fix. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved the saved content response so snippet fields are mapped consistently before being returned. * Kept the saved status unchanged while updating the returned data shape for better accuracy. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
719434a7fd |
fix(studio): batched table edits issues (#47319)
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Bug fix ## What is the current behavior? Fixes #47318 Supabase Studio's batched table edit queue has a few related row identity issues: - Editing a row's primary key can make later queued edits or deletes lose track of the original row. - Editing a primary key and another column in the same row before saving can save only the primary key change, because later updates still use the old primary key in the `WHERE` clause. - Adding a row in batched edit mode and then deleting it before saving may not remove the pending row correctly. ## What is the new behavior? - Preserves the original row identity for queued operations after primary key edits. - Applies multiple queued edits for the same row as a single update when saving. - Correctly deletes newly added pending rows before they are saved. - Adds regression coverage for these batched table edit cases. ## Additional context https://github.com/user-attachments/assets/75672361-d781-4fe5-a542-071574ad57bd <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved row identity handling for grid edits, optimistic updates, and queued operations so changes stay correctly attached when primary keys are edited, reverted, or “taken” by another row. * Updated header row deletion to delete from the currently visible/targeted rows rather than relying on the full dataset. * Reduced retry noise for missing tables by clearing conflicting sorts and preventing repeated retries for the same “does not exist” error. * More reliably consolidated queued edits for the same row into fewer combined save statements. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Ali Waseem <waseema393@gmail.com> |
||
|
|
c6fc456910 |
chore: cleanup duplicate exports studio (#47387)
## Problem Knip reports many duplicate exports (both named and default). Besides, we're moving away from default exports and even have an eslint rule to enforce it on new code. ## Solution - Cleanup those exports - Update imports when necessary No functional changes. If it builds, it's fine |
||
|
|
2aa1b52234 |
feat(studio): add feature to rewrite queries DEBUG-145 (#47266)
## Problem Moving the Logs Explorer to ClickHouse means users' saved BigQuery queries no longer run. <img width="2430" height="1010" alt="CleanShot 2026-06-29 at 11 36 04@2x" src="https://github.com/user-attachments/assets/ae0ab155-7d3d-4ae9-81c3-22bf3a88cf8c" /> ## Fix Rewrite the query with AI instead of a SQL transpiler. AI handles the long tail of nested fields and dialect differences far better than a rule-based rewriter, and it needs no extra runtime dependency. - `rewriteLogsSqlWithAI` posts the current query to `/api/ai/code/complete` with `dialect: 'clickhouse'`. The endpoint skips the Postgres schema and best-practices for that dialect and uses logs-specific instructions and model so the output is ClickHouse logs SQL (FROM `logs` + `source` filter, no `unnest` joins, nested fields read from `log_attributes['...']`). - The query's `source` is detected and its real `log_attributes` keys are fetched and passed to the model, so it maps to exact paths instead of guessing. - The rewrite runs in the background and is proposed as a side-by-side accept/discard diff in the editor. The AI Assistant panel is not opened. - Entry points: a banner shown only for legacy-looking queries (dismissal persisted), and a "Fix Query" button next to Field Reference. - The Field Reference drawers discover `log_attributes` keys from real data so the listed fields match what the source actually emits. ## Dependencies Built on top of #47265 (Logs Explorer -> OTEL endpoint) — that is the base branch of this PR. Merge #47265 first. Behind `otelLegacyLogs` (off by default). Part of DEBUG-145 (split from #47087). ## How to test - Open the Logs Explorer with a BigQuery logs query (the templates have some), click "Fix Query", and confirm the diff shows valid ClickHouse SQL. Accept it and confirm the applied query runs. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added an OTEL legacy logs workflow (behind a feature flag) with an interactive banner and a “Fix Query” ClickHouse rewrite action, including an accept/discard diff review overlay. * Introduced OTEL-aware field reference rendering with dynamic discovery of `log_attributes` keys and updated OTEL source insertion behavior. * Enabled dialect-aware SQL completion for ClickHouse logs, using logs-specific instructions and output constraints. * **Bug Fixes** * Improved rewrite flow validation and handling, including log source detection and cleanup of AI-generated SQL formatting. * **Tests** * Added Vitest coverage for rewrite prompt generation, detection/classification utilities, SQL fence stripping, OTEL field mapping, and OTEL log attribute key discovery. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Co-authored-by: Joshen Lim <joshenlimek@gmail.com> |
||
|
|
3d10f2cab9 |
Add user flow for iceberg wrapper if api keys are rotated (#47336)
## Context We found an issue regarding Analytics Buckets and the Iceberg wrapper - upon creation of an analytics bucket, the wrapper is automatically created for the users which involves using the project's API keys as the catalog's token. However, if the user were to rotate the API keys, this will cause the wrapper to break and there's currently no clear user flow for the user to self-remediate - the only indicator they'll see is just a 403 error (e.g when trying to view the analytics bucket table via FDW on the table editor or SQL editor) ## Changes involved Am adding a user path for users to self-remediate a little, starting from the Table Editor - we'll add a contextual error message as such if we detect a 403 that's caused by an invalid token: <img width="1110" height="320" alt="Screenshot 2026-06-26 at 17 33 11" src="https://github.com/user-attachments/assets/28ea4ce6-5b81-4217-9952-880acb02f2bd" /> We'll subsequently also float this issue up in the Analytics Bucket UI (which is linked from the contextual error above) <img width="1114" height="466" alt="Screenshot 2026-06-26 at 17 31 52" src="https://github.com/user-attachments/assets/8d112e5b-6ecc-458b-b4dc-7e7647da3fb2" /> And users can then choose to use another API key as the catalog token <img width="585" height="246" alt="Screenshot 2026-06-26 at 17 31 56" src="https://github.com/user-attachments/assets/3d9689a5-b18d-4f07-a5a5-d882e41c5958" /> The warning will thereafter go away, and users will be able to query the FDW again via Table Editor or SQL Editor ## To test - [ ] Create an analytics bucket, set up a table and foreign schema (via Query via Postgres) - [ ] Insert some data, or verify that you can view the iceberg table from the Table Editor - [ ] Now rotate your API secret key (delete the old, create a new) - [ ] Verify that you'll run into that error if you view the iceberg table from the Table Editor - [ ] Follow the flow -> Go to the Analytics Bucket UI to update the catalog token - [ ] Verify that thereafter, you can view the iceberg table again from the Table Editor <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added clearer Iceberg/analytics bucket setup prompts for missing, outdated, or uninstalled wrappers. * Added an “Update catalog token” dialog and a collapsible “View error” troubleshooting UI. * **Bug Fixes** * Improved detection of Iceberg authorization failures and now shows a more specific error with guidance. * Warn users when the saved catalog token no longer matches available API keys. * Enhanced post-update refresh behavior so updated token values display correctly. * **Documentation** * Clarified vault token description to indicate it may be a secret or service role key. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
77bf0a4ec9 |
chore: more dead code cleanup (#47312)
## Problem There's still more unused code in the repository which slows down everything: - checkouts - tooling - probably builds (not sure how good turbopack is at handling this) ## Solution - remove old unused code - remove more recent code after checking git history to ensure it's not unfinished/ongoing work <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Removed several outdated UI components and helper utilities to streamline the app. * Cleaned up unused analytics, database, and observability hooks and queries. * **Refactor** * Simplified data table, unified logs, and assistant panel internals by removing legacy display and navigation pieces. * **Bug Fixes** * Reduced the chance of showing stale or inconsistent status, chart, and metric views by eliminating obsolete display paths. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
e0ba04caf4 |
feat(studio): migrate per-service log pages to OTEL endpoint behind a flag DEBUG-145 (#47264)
## Problem The legacy per-service log pages (postgres, auth, api, edge functions, storage, realtime, cron, etc.) and the single-log detail panel query the BigQuery-backed `logs.all` analytics endpoint. We are moving these reads onto the OTEL ClickHouse endpoint (`logs.all.otel`). ## Fix - Add `Logs.utils.otel.ts`: ClickHouse query builders (rows/count/chart/single) + row mappers that target the single `logs` table keyed by `source`, reading fields from the `log_attributes` map and aliasing columns to the leaf names the renderers expect. - Parameterize `buildWhereClauses` / `genWhereStatement` in `Logs.utils.ts` so the OTEL builders reuse the shared nested AND/OR filter grouping. Defaults keep the BigQuery behavior unchanged. - Gate `useLogsPreview` (rows, count, chart) and `useSingleLog` (detail) on the new `otelLegacyLogs` flag. BigQuery stays the default when the flag is off. - Extract the OTEL timestamp parser into `parseOtelTimestamp` (`otel-inspection.utils.ts`) and reuse it in `unified-logs-infinite-query.ts` (replaces an inline copy of the same logic; no behavior change). ## Dependencies None. Standalone, safe to merge on its own. Behind `otelLegacyLogs` (off by default), so no user-facing change. Part of DEBUG-145 (split from #47087). ## How to test - In staging, go to Legacy Logs. - All logs pages should work the same as before. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added OTEL-backed logs support for preview, count, chart, and single-log details when enabled. * **Bug Fixes** * Improved timestamp parsing/normalization for OTEL data to ensure correct display and pagination. * Enhanced filtering behavior, including safer handling of unknown filter keys and invalid values across OTEL queries. * Improved single-log result shaping to preserve expected API/database metadata in OTEL mode. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|
|
df7a0ca3f7 | feat(replication): Evaluate new product name (#47066) | ||
|
|
d5653f1f92 |
refactor(studio): unify snippet save + persistence into SnippetStatus (3/9) (#47251)
## What PR 3 of a stacked refactor of the SQL editor snippet state. Replaces the two overlapping pieces of snippet lifecycle state — the `savingStates` map (`IDLE|UPDATING|UPDATING_FAILED`) and the `isNotSavedInDatabaseYet` boolean — with a single `SnippetStatus` enum. ## Status is attached at the data layer (never absent) - `SnippetStatus` + `SnippetWithContent` now live in `data/content`. The snippet queries attach `status: 'saved'` via a typed `withSavedStatus()` helper, and `upsertContent` returns `SnippetWithContent` so move/rename responses carry status too. - A SQL-typed `getSqlSnippetById`/`useSqlSnippetByIdQuery` returns `SnippetWithContent` (the generic `useContentIdQuery` stays for Reports, which use it). `[id].tsx` loads content with **no casting**. - `'new'` is attached on local creation (`createSqlSnippetSkeletonV2`). ## Behavior Behavior-preserving for the existing auto-save flow (faithful mapping of both old fields, including the replication-lag swallow). One incidental fix: the read-only/saving indicator now also covers a brand-new snippet's first save (previously only re-saves of persisted snippets had distinct saving/failed states in some paths). ## Tests New `sql-editor-lifecycle.test.ts` (29 tests) covering every predicate and transition; existing rules tests updated. `pnpm --filter studio typecheck` clean; 52 state/sql-editor unit tests pass. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **Refactor** * Restructured SQL snippet persistence tracking, replacing boolean flags with a comprehensive status system for clearer visibility into save progress. * Enhanced saving indicator UI to reflect accurate snippet save states. * **Tests** * Added test coverage for snippet persistence state transitions and lifecycle scenarios. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
9eab4f8fbf |
build(studio): Vite/TanStack-Start build pipeline behind flag (stack 1/6, from #46424) (#47107)
**Stack 1/6** of the TanStack Start migration (#46424), split into reviewable, independently-mergeable PRs. > [!IMPORTANT] > **Next stays the default and only active framework after this PR.** This wires up the Vite/TanStack-Start build pipeline behind the `STUDIO_FRAMEWORK` flag, but there are no TanStack routes yet — so the TanStack build isn't functional or tested until later PRs in the stack. Nothing about the Next build, dev, or deploy changes behaviourally here. ## What's in this PR - **Dispatch:** `dev`/`build`/`start` now go through `scripts/dispatch.js`, which runs the Next variant unless `STUDIO_FRAMEWORK=tanstack`. The original commands are preserved as `dev:next`/`build:next`/`start:next`. - **Build pipeline:** `vite.config.ts`, `serve.js`, `smoke-server.mjs`, vite/tanstack deps, `turbo.jsonc`. - **`tsconfig.json`:** `jsx: react-jsx`, `moduleResolution: Bundler`, `target: ES2022`. Because `include` is `**/*.ts(x)`, this re-typechecks the whole app, so the companion adaptations below land with it. - **Shared adaptations (companions to the tsconfig change):** `BufferSource` casts, `packages/ui` unused-`React` import removals, etc. - **Routing/middleware plumbing:** `next.config.ts` + `redirects.shared.ts` (redirect rules now shared with `vercel.ts`), `proxy.ts`/`start.ts` middleware + `hosted-api-allowlist.ts`. ## Verification Run locally off `master`: frozen install ✓, `studio` typecheck ✓, **Next build ✓** (compiles + generates all routes), lint ratchet ✓ ("some rules improved"), prettier ✓. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added a hosted API endpoint allowlist to return 404 for non-supported `/api/*` routes. * Introduced a TanStack route-migration checklist and expanded TanStack Start routing support. * **Improvements** * Enhanced deployment refresh/detection by tightening cookie handling for “latest deployment” updates. * Centralized redirect/maintenance-mode rules for consistent platform vs self-hosted behavior. * Improved production serving with a dedicated static + proxy server and a post-build smoke test. * **Dependencies** * Updated TanStack-related packages and React Table/query tooling versions. * **Documentation / Chores** * Updated formatting and tooling config; added shared build environment parsing utilities. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com> Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com> |
||
|
|
97ff695ac9 |
fix: invalidate permissions cache on org invite acceptance (#47247)
- Add `invalidatePermissionsQuery` helper to `permissions-query.ts` - Invalidate it alongside organizations and projects in `useOrganizationAcceptInvitationMutation`'s `onSuccess`, so permissions are refetched before the redirect to the org. ## Testing 1. Invite a user to an org. 2. Accept the invite via the invite link. 3. Navigate to the org's Billing page. 4. Verify the Subscription and Cost Control sections load without "you need additional permissions" errors (no manual reload needed). <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Fixed an issue where user permissions were not properly synchronized after accepting organization invitations. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
c7ab0c7370 |
feat(studio): marketplace preview listings (#47004)
Updates the Studio integrations marketplace to support the new marketplace-specific database view and `preview` status |
||
|
|
b0a56bba61 |
Skip waking a hibernating project for prefetching (#47222)
## Context Opting to keep the prefetching behaviour on Project cards from the home page, but skip waking the project if its hibernating <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Optimized project loading to skip unnecessary wake operations during prefetch, reducing latency when browsing project lists. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
0044bb8e4f |
Add log configuration in database settings (#47212)
## Context Adds a log configuration section under database settings, which exposes 2 toggles: - Log connections - Log disconnections <img width="757" height="336" alt="image" src="https://github.com/user-attachments/assets/e2615baf-f01b-43e2-b2a5-b106aacc59d9" /> UI changes are flagged for internal on prod ## To test - [ ] Can toggle + save either options - [ ] Configuration should load correctly with a refresh - [ ] Should only be for hosted Related docs PR: https://github.com/supabase/supabase/pull/47199 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added connection logging configuration for database projects, allowing users to toggle logging of database connections and disconnections. * The new settings UI is available on supported platforms and only when the feature flag is enabled. * Included backend-backed retrieval and updates for the PostgreSQL configuration, with save/cancel behavior, form defaults, and permission-aware controls. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
171ca026b5 |
feat(studio): Add integration settings page with connected resources (#46961)
Adds integrations settings page to each oauth integration to show associated resources (e.g. API keys, config, oauth apps, etc) <img width="1150" height="892" alt="Screenshot 2026-06-16 at 2 44 31 PM" src="https://github.com/user-attachments/assets/035cc602-886d-43bc-a5a7-e14f76dd37c3" /> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Summary * **New Features** * Added a Marketplace “Settings” tab with a grouped **Connected resources** view (OAuth apps, API keys, Edge Function secrets, SMTP), including loading/empty/missing-resource states and per-kind removal actions. * Added a resource-group section UI plus integration-aware grouping/copy customization and missing-kind zero-states. * **Bug Fixes** * Improved installed-state detection for Grafana and Doppler by broadening conditions. * Added an orphaned-resources warning when expected OAuth apps are missing. * **Refactor** * Unified connected-resource removal into a single flow with OAuth-specific revoke handling. * **Tests** * Added comprehensive UI and utility coverage for grouping, states, and destructive removal behavior. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
2ce01473bb |
feat(replication): add better form to create ducklake replication (#47069)
## What kind of change does this PR introduce? Add support to use supabase projects as a pg catalog and storage when adding a ducklake replication. ## What is the current behavior? Only simple form with raw input text for custom parameters is available. ## What is the new behavior? Being able to select supabase project to directly use projects in supabase for the ducklake. I also fixed a warning we had in the console for this form (cf screenshot) ## Additional context [API Changes ](https://github.com/supabase/platform/pull/34282) https://github.com/user-attachments/assets/4ff9ee65-6ba4-4f17-9ea1-9aebad34171c <img width="862" height="228" alt="Capture d’écran 2026-06-18 à 09 58 50" src="https://github.com/user-attachments/assets/1592c3be-807e-426f-9a5a-84979e05d93c" /> ### Test scenario Follow the screencast, go to your supabase project (better if it's in ap-southeast-1) Create a test table with 1 row for example -> Database -> Replication -> New destination -> Select ducklake and use supabase option -> Keep the same current supabase project selected for both catalog and storage -> Create destination -> You'll get a warning about the storage and credentials -> Confirm creation -> Wait until it's in status Running, if it's runing then it works <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **New Features** * Added DuckLake replication destination with **Use Supabase** and **Custom parameters** modes. * Added DuckLake bucket selection with a **“New bucket”** creation dialog. * Added/expanded BigQuery, Analytics Bucket, and Snowflake destination configuration. * **Improvements** * Updated DuckLake create vs edit behavior: mode selection is hidden in edit mode and configuration is mapped correctly for the selected variant. * Enhanced field-level validation (including whitespace-only handling) and added clearer validation issue messages. * Added a cross-region warning for DuckLake when catalog and storage regions differ. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Signed-off-by: Benjamin <5719034+bnjjj@users.noreply.github.com> Co-authored-by: Joshen Lim <joshenlimek@gmail.com> |
||
|
|
ea909e998b |
Local only: skip loading destinations if ETL API is not set up (#47031)
## Context > [!IMPORTANT] > Changes in this PR only apply to the local environment - there should not be any changes to staging (nor production) Given that read replicas currently sit under database replication, the UI currently waits for replication destinations to load before rendering the page. However for local development, setting up of the ETL API isn't necessary nor applicable for everyone so this indirectly adds friction if we just want to work with read replicas. ## Changes involved - Opting to skip retrying fetching ETL related requests if the error returned is "replication API URL is not configured" - This is indicative that the local platform isn't set up for ETL yet - ^ Database replication page will hence not wait for ETL requests to succeed before finally rendering the UI - Node diagram will also then render properly (just read replicas) - Add a small admonition to visualize this <img width="1079" height="301" alt="image" src="https://github.com/user-attachments/assets/32bd5d2f-a76e-417e-bedf-9a04de3bb305" /> ## To test - Will only be able to test locally - basically just head over to the database replication page (unless you somehow already have ETL API set up locally) - But can also verify that there's no changes on staging preview <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved error messaging when ETL is not configured in local development environments * Enhanced error handling for replication API failures with better non-retryable error detection * **Improvements** * Refined replication diagram rendering based on destination setup state * Updated dropdown menu interactions for read replica management <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
b87110b695 |
perf(studio): single-scan unified logs facet count query (#47088)
## Problem The facet counts in the unified logs sidebar were slow to load. The query scanned the logs table about 14 times, once for each group of counts (the total, each log type, each level, and method, status, and pathname). ## Fix Count the facets that have few distinct values (total, log type, level, method, status) in a single scan instead of one scan each. Pathname stays on its own scan because it has too many distinct values to count that way. A facet you are filtering on still gets its own scan, so it can keep showing counts for its other values while the rest of the sidebar reflects the filter. This takes the common case from about 14 scans down to 3. The result shape is unchanged, so nothing else needed updating. Note: facet values with a count of zero are no longer returned. Only values that actually appear show up. ## How to test - Open Unified Logs for a project with the otelUnifiedLogs flag on. - Check that the sidebar counts (log type, level, method, status, pathname) and the total badge match what they showed before, and load faster. - Filter by a facet (e.g. log type) and confirm that facet still lists counts for its other values, while the other facets update to match the filter. - Run the unit tests in apps/studio for UnifiedLogs.queries. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Updated unified log counting to a more efficient single-pass SQL approach for facet and per-dimension counts. * Standardized log-type filtering behavior across unified queries and facet/count generation. * **Bug Fixes** * Improved “total/all” counts to correctly respect active filters, including correct source handling and default log-type exclusion. * **Refactor** * Limited facet displays to the top 20 values per facet; facet totals are now calculated from the retained rows. * **Tests** * Expanded SQL and filtering assertions to cover the new counting structure and facet row behavior. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|
|
3d101e2415 |
fix(studio): paginate queue messages on a unique cursor (#47016)
Closes #47015 ## What kind of change does this PR introduce? Bug fix. ## What is the current behavior? The queue message list paginates with `WHERE enqueued_at > <last>` and `ORDER BY enqueued_at`. `enqueued_at` is not unique: pgmq defaults it to `now()`, so every message sent in one `send_batch` shares a timestamp. When a group of same-timestamp messages straddles a page boundary, the strict cursor skips the rest of that group, so those messages never appear in the grid even though they are still in the queue. With 40 messages from one batch, only 30 render. ## What is the new behavior? Pagination uses a composite `(enqueued_at, msg_id)` keyset cursor and orders by the same pair. `msg_id` is unique within each queue/archive table and breaks the tie, so no rows are dropped between pages. After the change, all 40 messages render. This mirrors the cron-runs query, which already paginates on a unique key. ## Additional context Added a test in `apps/studio/data/database-queues/database-queue-messages-infinite-query.test.ts` asserting next pages use the composite cursor and order by `enqueued_at, msg_id`. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved database queue message pagination to reliably retrieve all messages, including those with identical enqueued timestamps, preventing potential message skipping during pagination. * **Tests** * Added test coverage for database queue message pagination behavior. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Co-authored-by: Ali Waseem <waseema393@gmail.com> |
||
|
|
37fcfce07c |
feat(logs): show query and details in unified PG log dashboards DEBUG-138 (#47026)
## Problem The unified log dashboards' Postgres detail panel hid the `query` and `detail` fields. They were present in the raw log message but never surfaced in the structured view, making them harder to use when debugging. ## Fix - Select `pgl_parsed.query` and `pgl_parsed.detail` in the Postgres service flow query. - Add `Query` and `Details` field configs to the Postgres primary fields, both with `wrap: true` so long values display in full instead of truncating. The parsed Postgres field is `detail` (singular); it is labeled "Details" in the UI. ## How to test - Open Studio and navigate to the unified logs dashboard for a project. - Filter to Postgres logs and select a log row to open the detail panel. - Confirm the Postgres section now shows `Query` and `Details` rows below `User`. - Expected result: rows render the parsed query and detail text, wrapping for long values, and show an em dash when empty. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * PostgreSQL service flow logs now show additional always-visible **Query** and **Details** fields, bringing parsed database query content and expanded information directly into the log view. * **Tests** * Updated log inspection coverage to ensure the new parsed fields are correctly surfaced in the flattened inspection output. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|
|
097f220c5c |
Add support for managing stored procedures under database functions (#46977)
## Context Dashboard currently doesn't have any support for managing stored procedures. In the event that the security advisor surfaces a warning about a stored procedure, users hence run into a dead-end as there's currently no way to self-remediate via the dashboard ## Changes involved We're hence adding support for managing stored procedures within Database Functions <img width="1082" height="546" alt="image" src="https://github.com/user-attachments/assets/2598a5fe-e58f-4e8a-ad2f-9cb6d0eb2f53" /> Creating a function now shows a dropdown to select the type <img width="500" alt="image" src="https://github.com/user-attachments/assets/acc9249d-7b25-4416-aae8-89c630e1c62b" /> In which if stored procedure is selected, the following fields will be hidden since they're irrelevant for stored procedures - Return type - Behaviour (Under advanced settings) Some other minor UI changes as well: - Field inputs are re-ordered a little, opting to group "Schema" and "Name" into one section, followed by "Type" and "Return type" - Opting to show "Return type" when editing a function but disabled - Add schema filter for fetching database functions to reduce unnecessary load on the database ## To test - [ ] Can create, update, delete, read stored procedures via database functions page <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Summary - **New Features** - Added PostgreSQL **procedure** support alongside functions, including a **Type** selector in the create/edit flow. - Updated Functions UI with a new **Type** column and procedure-aware return/argument details. - **Improvements** - Refreshed create/edit headers and language help text for clearer context. - Improved argument parsing/display, including better handling of procedure argument modes. - **Bug Fixes** - Corrected routine-type handling during function/procedure delete and update SQL operations. - **Tests** - Updated unit snapshots and end-to-end UI flows/labels for the new “New function” control. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
96d43099bb |
chore: refactor Button API so that it can be used a standard button (#46880)
## Problem Our `<Button>` component breaks the default `button` contract by redefining the `type` prop to set its variant (`primary`, `default`, etc) instead of the button type (`submit`, `button`, etc). This is confusing and forces to write more code when using it with shadcn components that expect/inject the standard button props. ## Solution - rename the `type` prop to `variant` - rename the `htmlType` prop to `type` - propagate the changes where necessary - format code ## How to test As this is just prop renaming, if it builds it's ok --------- Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com> |
||
|
|
42ca11f89e |
fix(support): handle rate-limited support submissions gracefully (#46928)
## Problem When a support ticket submission is rejected by the API's rate limiter, the form surfaced the raw server exception text to the user and reported every rejection as an application error. This produced a steady stream of noisy error reports for what is actually expected, recoverable behavior. The rejections are not random: the submit endpoint allows only a small number of requests in a short window, so a quick second submission (a fast retry or a follow-up ticket moments later) gets rejected. The first submission usually succeeds; it's the immediate follow-up that fails. Surfacing the raw error and logging it made this look worse than it is. Separately, the success screen had only top padding, leaving its actions flush against the bottom edge of the card. ## Fix - Detect the rate-limit response and show a clear, friendly message that tells the user how long to wait before trying again, instead of the raw exception text. - Stop reporting rate-limit rejections as errors to our monitoring. They are expected and recoverable, so they no longer add noise. - Give the success state the same vertical padding as the rest of the form so its actions are not flush against the card edge. ## How to test - Open the support form and simulate a 429 from the submit endpoint. - Expected: a friendly message telling the user when they can retry, and no error reported to monitoring. - Submit a ticket successfully and confirm the success screen has even padding above and below its content. ## Notes This covers the user-facing handling. The rate-limit threshold itself is tuned conservatively on the API and can be revisited separately so that ordinary, legitimate resubmissions are not caught. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved support form handling for rate-limited (429) submissions by suppressing unnecessary error reporting while still showing the error and returning the form to editing. * Fixed inconsistent support form spacing so padding is consistent regardless of submission outcome. * **Improvements** * Propagated backend error `code` through the support-ticket submission flow so the UI can react more intelligently to failures (including 429 retry-window messaging). * Enhanced retry timing extraction for rate-limited errors by using `Retry-After` with a fallback to rate-limit reset data. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|
|
cb6c361f25 | feat(replication): Improve replication validation and fix scroll (#46943) | ||
|
|
0c9eb15cba |
refactor(studio): remove legacy homepage usage section (V1) (#46994)
## Problem The homepage usage section had two implementations gated by the `newHomepageUsageV2` ConfigCat flag, with the legacy V1 as the fallback. That flag has been at 100% in production for months, so V1 is dead code and the flag branch is unnecessary. ## Fix - Make V2 the default by removing the `newHomepageUsageV2` flag check in `Home.tsx`. - Delete the V1 section (`Home/ProjectUsageSection.tsx`), its chart (`Home/ProjectUsage.tsx`), and the now-orphaned `project-log-requests-count-query` plus its query key. - Shared code (`useProjectLogStatsQuery`, `UsageApiCounts`, `ProjectLogStatsVariables`) is kept since V2 and other modules still use it. The `newHomepageUsageV2` flag can be removed from ConfigCat after this merges. ## How to test - Open a project homepage on platform. - Confirm the usage section still renders (the V2 layout) with no flag dependency. - Verify no console errors and no broken imports. - Expected result: identical homepage usage section to what production shows today. ## Notes - This is independent of the in-flight service-health usage charts work (PR #46373), which is behind its own `newHomepageUsageDeltas` flag. Whichever merges second will resolve a small conflict on the `UsageSection` selection in `Home.tsx`. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Removed project usage statistics section from the home page. * Simplified the home page experience by consolidating feature flag variants into a standardized implementation. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com> |
||
|
|
ccf18fe904 |
Prevent refetch on focus and reconnect for /query requests that failed due to statement timeouts (#46972)
## Context As per PR title - prevents refetch on focus and reconnect for /query requests that failed due to statement timeouts, presumably that those requests will run into the same problem either way so this minimizes unnecessary impact to the database <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved handling of statement timeouts to prevent automatic retry attempts after window focus or reconnection. * Enhanced query execution request identification for better query tracking. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
aba4e147eb |
Joshen/fe 3613 database tables query should have schema filter wherever appropriate (#46935)
## Context There's certain areas in the dashboard where we're calling `useTablesQuery` without a schema filter, in which case the dashboard then fires a query against the project's database to fetch _all_ tables across _all_ schemas - this could easily be a heavy query if there's a large number of relations in the project's database. Am hence opting to either add a schema filter if appropriate, or otherwise opt to use the infinite loading behaviour ## Changes involved - Add schema filter to `useTablesQuery` in database triggers and publications - Use infinite loading for tables in Cmd K for "Run query on table" and "Search database tables" ## To test - [x] Verify that database triggers + publications still function as expected - [x] Verify that CMD K "Run query on table" and "Search database tables" still function as expected (including search) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Implemented debounced infinite-scrolling table search in the command menu and SQL editor command flow. * Added a schema selector dropdown to publications management for easier navigation. * **Improvements** * Removed the “Schema” column from the publications tables UI. * Updated search guidance and table-picker status (counts/loading) during infinite browsing. * Trigger table listings now follow the selected schema context. * Refined command menu list height and improved the database-tables placeholder text. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
f9b4ee871a |
fix: Disable generate snippet title feature when the org has disabled AI features (#46959)
This PR disabled generating snippet titles when running and disables the "generate titles" buttons in Rename Snippet and Save Snippet dialogs (which is accessed through the side SQL Editor). How to test: 1. Disable AI for an org. 2. Try to run a new snippet, it shouldn't be renamed automatically. 3. Right click it, click Rename. The "generate title" in the dialog should be disabled with a reason in a tooltip. 4. Open the side SQL Editor, write "select 1", click Save snippet. The "generate title" in the dialog should be disabled. Testing the same flows for HIPAA projects should say `This feature is not available for HIPAA projects.` <img width="715" height="833" alt="Screenshot 2026-06-15 at 23 02 15" src="https://github.com/user-attachments/assets/f9b68f2f-5a5a-4a66-bd0d-9245f4e2f78e" /> <img width="948" height="845" alt="Screenshot 2026-06-15 at 23 02 01" src="https://github.com/user-attachments/assets/b0c9a90e-6cc1-4262-a246-88617cec41dc" /> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * AI feature availability is now gated by organization-level AI opt-in settings instead of subscription-based HIPAA add-ons. * **Bug Fixes** * Updated "Generate with AI" buttons to display disabled state with contextual messaging (missing API key, organization AI opt-out, HIPAA project restriction, or generation in progress). <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
1baaded0bb |
Consolidate execute-sql-query into execute-sql-mutation (#46944)
## Context Just some clean up as I was going through stuff - `useExecuteSqlQuery` is deprecated and not used at all - As such `execute-sql-query` is technically irrelevant, the more relevant file is `execute-sql-mutation` - Hence opting to consolidate `execute-sql-query` into `execute-sql-mutation` - Also removing `ExecuteSqlError` since its just re-exporting the `ResponseError` type There's a lot of file changes but its essentially just updating the importing statements across the files |
||
|
|
4691372093 |
Joshen/fe 3610 projectneedssecuring to avoid fetching all table privileges (#46929)
## Context The dashboard has an RQ hook that fetches all table privileges in the database `useTablePrivilegesQuery` [here](https://github.com/supabase/supabase/blob/master/apps/studio/data/privileges/table-privileges-query.ts#L21) which can potentially be a resource heavy query on the database, especially if the database has a large number of relations. A recent UI that was added `ProjectNeedsSecuring` uses that query, and has become a common entry point for all projects as it's rendered when the user lands on the project's home page, and the project has tables with RLS issues, in which case if the project has a large number of tables, the database will face run into resource issues, resulting in statement timeouts. ## Changes involved Opting to pass in `includedSchemas` parameter wherever we're calling `useTablePrivilegesQuery`, which includes: - `ProjectNeedsSecuring` - `QueueSettings` - `column-privileges` In which we'll hence only fetch the table privileges for the provided schemas only (rather than the whole DB) Also did a similar fix for `useColumnPrivilegesQuery` as well as it likely runs into the same problem ## To test - [ ] Verify that those 3 UIs are still working as expected (should not have any visual changes) - [ ] Verify in the network tab that table / column privileges are now filtered to the schema provided, rather than fetching for all schemas in the DB <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved permission-save failure messaging by generating clearer toast errors from unexpected failures. * Prevented privilege-related UI from loading until required configuration is successfully retrieved. * **Performance** * Faster, more targeted privilege loading by scoping both table and column privilege queries to the selected/relevant schema(s), reducing unnecessary client-side filtering. * Switched privilege retrieval to schema-aware database metadata queries for more efficient results. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Ali Waseem <waseema393@gmail.com> |
||
|
|
84772721f3 |
Ensure that fetching policies is filtered by schema in table editor and auth policies page (#46930)
## Context We're currently fetching _all_ database policies when landing on the Table Editor which is unnecessarily since only the table in view matters in that moment. ## Changes involved - Ensure that fetching policies is filtered by the current schema in the table editor to avoid fetching all policies in the DB - ^ Applied the same fix on the Auth Policies page as well since it faces the same issue <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved database policy fetching so it respects the currently selected schema and won’t run when the table context is missing. * Enhanced project status updates by aligning cached updates with the infinite-list query structure. * **Refactor** * Streamlined auth policy schema handling by deriving exposed schemas via shared utilities and requesting only the needed configuration field for subsequent policy queries. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
4c011cf9c0 |
feat(reports): add optimistic delete for custom reports (#46803)
## Problem Deleting a custom report waited for the API round trip before updating the UI. The confirmation modal showed a loading spinner, the report stayed visible in the sidebar until the request resolved, and the interaction felt sluggish. ## Fix The delete now applies optimistically. On confirm, the report is removed from the sidebar immediately and the user is navigated away. The actual delete runs in the background. If it fails, the cached list is rolled back to its previous state and an error toast is shown. The optimistic behavior lives inside `useContentDeleteMutation` (via `onMutate` snapshot + `onError` rollback), so any current or future caller of that hook gets it for free, no per-call wiring required. ## How to test - Open a project with at least one custom report - Click the kebab menu on a report and choose Delete report, then confirm - Expected result: the report disappears from the sidebar instantly and a success toast appears - To test rollback: throttle/offline the network or force the delete endpoint to fail, then delete again - Expected result: the report reappears in the sidebar and an error toast is shown <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Improvements** * Deletion flows now provide explicit loading, success and error feedback; UI updates immediately on delete and will restore if the action fails. * **Removals** * Removed the reports menu and individual report menu item UI components (affects report-level rename/delete dropdowns and related menu navigation). * **Tests** * Added tests covering content deletion behavior, multiple-deletion cases, and data integrity after removals. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|
|
a412298fb0 |
feat(hibernation): automated wake (#46845)
As part of hibernation (suspend and wake), wakes via PostgREST happen automatically. However, if a user goes straight to the dashboard, we want to ensure the project wakes up from it's slumber. I've decided to add this logic at a very central point that will prevent most project-ref related pages to load (purposely). The project ref details endpoint returns whether the project is hibernating or not - so for any regularly running project, none of the added logic will be invoked and there is no extra network calls, so no negative perf impact for these checks. Eventually with v3 architecture none of this is needed as wakes are done at the proxy/network layer, but this is a necessary change for v2 for more graceful wakes. Adjusted network restrictions as it would query before the project loads and potentially time out while still loading <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **New Features** * Automatic wake-up for hibernating projects restores functionality without manual intervention. * **Platform API Enhancements** * New conversation management endpoints for escalation, synchronization, and resolution. * New project wake endpoint for managing dormant project states. * Updated read-replica operation response codes for improved API consistency. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
ee3bec08af |
fix: intercept responses missing content lenght and re-add (#46885)
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Cases with cloudflares http/3 the content-length header is optional, so in many cases we need to make sure in this case `openapi-fetch` can safely parse this (i.e ignore when the body is empty and no header is present) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **Bug Fixes** * Fixed JSON parsing failures when successful API responses contain empty bodies without `Content-Length` headers. Improves compatibility with HTTP/3 and similar response types. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
b347c8341d |
chore(etl): etl add-on forward compat (#46869)
Prep work for new ETL pipeline add-on, forward compatible |
||
|
|
61754a0eec |
feat(studio): add Snowflake replication destination (#46767)
## Details of change
Adds Snowflake to the Studio replication destination flow:
- destination selection and display
- create/edit form fields
- validate/create/update payload serialization
- generated Platform API types
Snowflake remains gated behind `etlEnableSnowflakePrivateAlpha`.
**Note:** I have configured `etlEnableSnowflakePrivateAlpha` in
ConfigCat ("all" in staging and tied to my own org id in prod).
## Details of Verification Process
- Studio focused Vitest coverage for form serialization and diagram
mapping
- Studio typecheck
- ESLint on changed Studio replication files
- Local `mise fullstack:dev` smoke test to confirm the Snowflake form
renders ok.
<img width="937" height="569" alt="image"
src="https://github.com/user-attachments/assets/8d6b3a87-1f9d-4a59-91da-be719714ea49"
/>
Full create/validate E2E depends on the Platform PR and ETL runtime
rollout.
## Review Requests
Please check the Snowflake wire payload matches the Platform/ETL
contract and that gating/edit/display behavior follows the existing ETL
destination patterns.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Snowflake added as a supported replication destination (private-alpha
gated), including UI for selecting and configuring connection and auth
(account, user, database, schema, role, private key, optional
passphrase).
* **Validation**
* Form validation and submission now handle Snowflake-specific
required/optional fields.
* **Tests**
* Unit tests added for Snowflake form behavior and replication-type
detection.
* **API**
* Destination create/update/validate flows extended to accept Snowflake
payloads.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
|
||
|
|
3ca6f665bc |
feat(reports): add swap usage series to memory chart DEBUG-127 (#46780)
## Problem The Memory usage chart in the database report showed RAM used, cache, free, and total, but did not include swap. Swap activity is a meaningful signal of memory pressure and was only visible in a hidden standalone chart. ## Fix Added `swap_usage` (from the `infra-monitoring` provider) as an additional series in the `ram-usage` Memory chart. The series uses `omitFromTotal: true` so it does not inflate the stacked total, and carries the same tooltip text as the hidden standalone swap chart. The standalone `swap-usage` chart remains hidden as before. ## How to test - Open the database report for a project on any compute size. - Navigate to the Memory usage chart. - Confirm a "Swap" series appears in the legend and renders data alongside Used, Cache + Buffers, and Free. - Hover a data point and confirm the tooltip shows a Swap value with the memory-pressure description. - Confirm the Swap value does not contribute to the stacked total. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added a "Swap" metric to the RAM usage chart in reports, displaying swap memory usage information with an updated tooltip. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|
|
948ee734ef |
fix(reports): show absolute CPU usage instead of normalized stack DEBUG-135 (#46781)
## Problem The CPU usage chart rendered every bar as nearly full (looked like ~100% CPU) even when actual usage was 0.13%. The header value and tooltip were correct (0.13%); only the bars were wrong. ## Cause The chart used `normalizeVisibleStackToPercent: true`, which rescales the visible stacked series so they always sum to 100% of the bar height. The CPU series are already absolute percentages, so normalizing stretched a real 0.13% to fill the whole bar. The `Idle` series existed only to pad the stack to 100%. ## Fix - Remove `normalizeVisibleStackToPercent` from the CPU chart so series render at absolute values against the fixed 0-100% Y axis. - Drop the `Idle` series (no longer needed to pad the stack, and we don't want to show it). - Revert the unused `hideFromLegend` plumbing from the earlier attempt. Result: low CPU usage now renders as a near-empty bar, accurately reflecting the real value. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Updated CPU usage chart in database reports to display a focused set of CPU metrics. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com> |
||
|
|
43300d43ce |
chore: consolidate useAPIKeysQuery + getKeys into a single useAPIKeys hook (#46761)
## Problem - API may return a non-array shape that can crash `getKeys` because of an hard coded cast - getting API keys is cumbersome as consumers have to call two functions ## Solution - consolidate `useAPIKeysQuery` + `getKeys` into a single `useAPIKeys` hook - guard `getKeys` so that it doesn't crash if passed a non array value - update usages <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Unified how project API keys are retrieved across the studio, resulting in more consistent loading/error handling and slight responsiveness improvements when showing keys and related command snippets. UI and permissions behavior remain unchanged for end users. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
40c947ebfb |
fix: Handle non existant columns when sorting tables (#46741)
When a user has sorted by some column in the Table Editor and the column is deleted, the sort data is wrong so it causes issues. In the general view in the Table Editor, the error is handled by removing the sort key when a specific error is detected but it can still happen in ForeignRowSelector. To test: 1. Have 2 tables with references between them. 2. In the `sessionStorage`, under the `supabase_grid-<ref>` key, update the sort key to a non-existant column for a table. 3. Try to open the `ForeignRowSelector` for that table by clicking on a cell in the referencing column. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Sorting now validates referenced columns and ignores invalid sort entries. * Local sort restoration and UI sort application now derive sorts from the original table context for more consistent behavior across editors and popovers. * Prefetch logic uses the resolved table context when falling back to saved sorts. * **Tests** * Added cases for malformed and out-of-scope sort parameters to prevent regressions. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
88440f087b |
feat(studio): add test connection button for project log drains (#46720)
## Problem
Project log drains had no way for users to verify a destination
connection before relying on it. Audit log drains already have a "Test
connection" action, and the management API exposes the equivalent
endpoint for project log drains (`POST
/platform/projects/{ref}/analytics/log-drains/{token}/test`).
## Fix
- Add `useTestLogDrainMutation`
(`apps/studio/data/log-drains/test-log-drain-mutation.ts`), mirroring
`useTestAuditLogDrainMutation`.
- Wire the already-present `onTestDrain` action in `LogDrains` to the
new mutation, so the "Test connection" item now appears in the project
log drains row menu.
- On success it shows a confirmation toast; failures surface the API
error message.
## Testing
- Added `apps/studio/data/log-drains/log-drains.test.tsx` covering the
test mutation hitting the project-scoped path.
- Manual: open Project Settings -> Log Drains, open a drain's menu,
click "Test connection".
Closes DEBUG-132
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a test capability for log drain connections. Users can now
validate that their log drain configurations are functioning correctly
before deployment to ensure proper log collection and data integrity.
The system provides immediate confirmation when tests succeed and
detailed error messages when issues occur, enabling users to quickly
troubleshoot and resolve connectivity problems.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
|
||
|
|
35df570342 |
feat(studio): move /authorize to connect interstitial (#46359)
> [!CAUTION] > The `do-not-merge` label has been applied because this contains mocks for easier review and testing. I'll remove those mocks before merging. ## What kind of change does this PR introduce? Feature. Part of the shared Connect UI (interstitial) rollout. Previous slices: #46058, #45909, #45862. ## What is the current behavior? The `/authorize` MCP/OAuth consent screen uses the old `Card`/`Alert` layout. ## What is the new behavior? - Wraps all `/authorize` states in `InterstitialLayout` (the shared full-screen centered card used across Connect flows) - Shows a quiet footnote below the Cancel button ("Authorizing will redirect you to \<url\>") for non-localhost redirect URIs, so users can verify the destination before approving. No extra friction for localhost flows (local MCP servers) | Before | After | | --- | --- | | <img width="692" height="997" alt="Authorize API access Supabase-F6C3747A-5077-43D8-A509-3E16B1DDC168" src="https://github.com/user-attachments/assets/e86dde34-94cb-48ef-b026-66aac9122df6" /> | <img width="692" height="997" alt="Authorize API Access Supabase-FE6FD8B3-1159-4EA5-94D7-EA5CEA7A25F3" src="https://github.com/user-attachments/assets/c1a94a44-51d9-40d8-8046-f3104a27b929" /> | | <img width="692" height="997" alt="Authorize API access Supabase-86742351-3521-4B62-AF87-403CB7E7F4F5" src="https://github.com/user-attachments/assets/41cff7af-b9e4-4a20-a979-7148b4220265" /> | <img width="692" height="997" alt="Authorize Cursor Supabase-B665B4A4-600F-462B-8C97-84B171EC3103" src="https://github.com/user-attachments/assets/804286f2-ce51-45ab-bb3f-315f8ac62445" /> | | <img width="692" height="997" alt="Authorize API access Supabase-C73DC3D0-8646-4E6E-A259-3E84AE46DAF2" src="https://github.com/user-attachments/assets/8f285edb-438f-4262-9faa-f1133c679ed4" /> | <img width="692" height="997" alt="Authorize Cursor Supabase-FEA86625-27D5-4DB5-B4D4-1A2CB804E56E" src="https://github.com/user-attachments/assets/b54f2ceb-e1cf-4c7e-be3f-8e1b0942e9a4" /> | | <img width="692" height="997" alt="Authorize API access Supabase-48E0C7CB-DDDD-4305-B821-F3BEB52C4A4E" src="https://github.com/user-attachments/assets/7d123c57-e05d-408c-8df9-d747a3afd714" /> | <img width="692" height="997" alt="Authorize Cursor Supabase-CE8F9905-FAE0-4C06-B77A-9F269B2100FE" src="https://github.com/user-attachments/assets/9f403b83-5de3-43c8-a592-c3022e041243" /> | | <img width="692" height="997" alt="Authorize API access Supabase-E37D2CD5-476F-4F49-A5FB-631B265025DC" src="https://github.com/user-attachments/assets/3d235315-d7c0-4279-b23f-e8b595888511" /> | <img width="692" height="997" alt="Authorize Cursor Supabase-DF078AEB-BB78-4647-9FA2-5D5403CCA5D6" src="https://github.com/user-attachments/assets/53d51718-8707-4b97-9cbe-8e523f4ce0e0" /> | | <img width="692" height="997" alt="Authorize API access Supabase-D6F6817F-D8DD-4D55-85BB-A15100814AAB" src="https://github.com/user-attachments/assets/c80c5579-772a-4dfe-a247-b0b9772b9690" /> | <img width="692" height="997" alt="Authorize Cursor Supabase-E457B580-9786-43AD-9CF9-FE4F5BB8E785" src="https://github.com/user-attachments/assets/30c47b05-edf5-4380-a2f1-aedb99482540" /> | | <img width="692" height="997" alt="Authorize API access Supabase-4F3D6AA4-E2E3-4526-B391-49B6E0861911" src="https://github.com/user-attachments/assets/ffbe5b65-6eef-49d7-95f1-c29072c320b8" /> | <img width="692" height="997" alt="Authorize Cursor Supabase-CA9FFCC9-4CA2-4718-AD49-B02D86C6EF6A" src="https://github.com/user-attachments/assets/8fd7ff39-19f5-4414-af13-3821290735b2" /> | | <img width="692" height="997" alt="Authorize API access Supabase-E507B7A5-9AD0-4F17-8743-63A7B47D171A" src="https://github.com/user-attachments/assets/1639b5cc-69c4-4a43-b049-6f989e2cdbb1" /> | <img width="692" height="997" alt="Authorize Cursor Supabase-9844BB27-2429-4BA6-BD36-1AB54099F44F" src="https://github.com/user-attachments/assets/a94b88e2-9c2f-4941-840a-5182342bb335" /> | | <img width="692" height="997" alt="Authorize API access Supabase-27684173-9DBB-4F6E-9F7F-87EFD4E10A5F" src="https://github.com/user-attachments/assets/91794c96-8a81-4d83-9c97-01d134639676" /> | <img width="692" height="997" alt="Authorize Cursor Supabase-04E31F7B-D098-4814-A394-01CE3D3E5A51" src="https://github.com/user-attachments/assets/ba0284a3-363c-4aa5-9e4a-c378aed9c42c" /> | | <img width="692" height="997" alt="Authorize API access Supabase-207CBC69-4957-499C-92E8-163F2B34C8AD" src="https://github.com/user-attachments/assets/1bafedd2-bba8-473c-ba57-637289f1c940" /> | <img width="692" height="997" alt="Authorize API Access Supabase-C1627071-4AE2-4012-8F7C-4E6D883618A3" src="https://github.com/user-attachments/assets/a6fc6125-3c1e-4b8c-821a-c3c9f32f3cc0" /> | ## To test A mock toolbar is included for easy local testing. Navigate to `/authorize?mock=loading` and then switch between the following variants: | State | What to check | | --- | --- | | `loading` | Shimmer skeleton inside the card | | `ready` | Regular waiting state | | `approving` | Authorize button shows spinner, both buttons disabled | | `approved` | Success admonition: "Authorization approved" | | `expired` | Warning admonition: "Authorization request expired", no action buttons | | `organizations-loading` | Org selector shimmer, no action buttons | | `organizations-error` | "Unable to load organizations" admonition, no action buttons | | `empty` | "No organizations found" admonition, no action buttons | | `not-member` | "Organization unavailable" admonition, no action buttons | | `error` | "Unable to load authorization" error screen | Then please test the `organization_slug` prefill: `/authorize?mock=ready&organization_slug=<your-org-name-here>`. That org selector should be pre-selected and locked. To test against a real OAuth app, use a registered app on `supabase.green` — the mock states cover all edge cases but a live round-trip confirms the approve/decline API calls. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **New Features** * Added mock preview functionality for testing API authorization and Connect flows * Introduced collapsible, grouped permissions view for OAuth authorization requests * **Refactor** * Redesigned API authorization screens with improved layout and messaging * Restructured permissions display for better organization and clarity * **Bug Fixes** * Fixed inline link underline decoration color * **Tests** * Updated authorization flow test assertions to match new UI behavior <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46359?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Ali Waseem <waseema393@gmail.com> |