Mark provenance of SQL via the branded types SafeSqlFragment and
UntrustedSqlFragment. Only SafeSqlFragment should be executed;
UntrustedSqlFragments require some kind of implicit user approval (show
on screen + user has to click something) before they are promoted to
SafeSqlFragment.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Editor and RLS tester show loading states for inferred/generated SQL
and include a dedicated user SQL editor for safer edits.
* **Refactor**
* Platform-wide SQL handling tightened: snippets and AI-generated SQL
are treated as untrusted/display-only until promoted, improving safety
and consistency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Context
Resolves FE-3077
Related discussion: https://github.com/orgs/supabase/discussions/45233
Verifying the correctness of your RLS policies set up has always been a
gap, as highlighted by a number of GitHub discussions like
[here](https://github.com/orgs/supabase/discussions/12269) and
[here](https://github.com/orgs/supabase/discussions/14401). As such,
we're piloting a dedicated UI for RLS testing (using role impersonation
as the base), in which you'll be able to
- Run a SQL query as a user (not logged in / logged in - this is the
role impersonation part)
- See which RLS policies are being evaluated as part of the query
- And hopefully be able to debug which policies are not set up correctly
Changes are currently set as a feature preview - and we'll iterate as we
get feedback from everyone 🙂🙏
<img width="613" height="957" alt="image"
src="https://github.com/user-attachments/assets/83c37f8a-28fc-43b3-b0ff-e28571d8710c"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* RLS Tester: run queries as anon or authenticated users, view inferred
SQL, per-table policy summaries, and data previews of accessible rows.
* UI preview: new RLS Tester preview card and modal with opt-in toggle;
RLS Tester sheet with role/user selector and query editor.
* SQLEditor: “Explain” tab is always visible.
* **Chores**
* Added supporting API endpoints, background checks for table RLS
status, and a local-storage flag to persist the preview opt-in.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
* Hide favorite and share actions for self-hosted version.
* Rename the query on save only on platform.
* Simplify useCheckOpenAiKeyQuery.
* Rename with AI now depends if the OPENAI_API_KEY is set.
* Minor fixes.
* Fix the tests to use .skip for skipping tests. Remove extra port params.
* Make the test for favourites work only on platform variant.
* Add custom types for queries, mutations and infinite queries.
* Migrate all queries to use the new type.
* Migrate all infinite queries to useCustomInfiniteQueryOptions.
* Migrate all mutations to use useCustomMutationOptions.
* Add type to all imports in `types` folder.
* Clean up usage of newOrgAiOptIn and useBedrockAssistant feature flags
* Remove all OpenAI endpoints
* Fix for self-hosted
* Default isLimited to false
* Update PG meta tests
* Fix unit tests for model
* Revert pg meta tests
* Fix test
---------
Co-authored-by: Alaister Young <alaister@users.noreply.github.com>
* Feature flag assistant endpoint + opt in UI
* Feature flag bedrock stuff for the other endpoints like title, cron, complete
* add edge function complete v2
* revert to old complete
* Revert hardcode
* fix chart colour
---------
Co-authored-by: Saxon Fletcher <saxonafletcher@gmail.com>
* step 1
* use mcp
* system prompt
* clean up
* space
* clean up
* add three state opt in toggle
* clean up
* todo
* hooks
* refactor opt in form and modal
* refinements
* add bedrock
* remove console
* update mcp util
* use bedrock
* remove openai sdk package
* re-add tools
* update complete endpoints
* fix: ai assistant markdown formatting (#35541)
* fix: mcp types and project ref (#35540)
* feat: more flexible aws credential provider (#35538)
* feat: more flexible aws credential provider
* fix: add AWS_REGION to turbo env vars
* change to allowed
* update complete endpoints
* add an additional permission
* refinements
* use claud 4
* legal copy changes
* update other ai functions to use bedrock
* update generate v3 copy
* remove generate sql modal
* fixes for query block
* re-add dragging to reports
* clean up
* add open ai edge function example
* use handle error from fetchers
* remove schema and lean on tools
* copy
* Assistant MCP tests (#36049)
* feat: refactor and test mcp and model logic
* fix: remove get_project tool
* fix: remove additional get_project tool references
* update copy
* Clean up, fixes, refactors
* oops
* Float errors from AI endpoionts as toasts
* Use a env var AWS_BEDROCK_PROFILE for bedrock.
* Rename the env var for AWS bedrock profile.
* feat: support custom aws bedrock env vars
* chore: add comments explaining aws credential chain
* MCP Self Hosted Check (#36185)
support self hosted
* feat: bedrock auth via vercel oidc
* Fix broken unit test
* Feeeex
* Refactor useOrgOptedIntoAi
* Remove useDisallowHipaa hook
* small system prompt change
* readd vercel packages
* fix self hosted
* increase max duration
* try more direct prompt
* max duration 90
* reduce max steps and add loading
* mono font
* backwards compat styling
* Chore/limit number of messages sent to assistant (#36388)
* Limit number of historical messages that get sent to assistant
* Update max chat history to 5
* alignment
* bump mcp server version
* Add feature flag for opt in tags (#36466)
* Add feature flag for opt in tags
* Add one more check
* security section system prompt
* rely on default link and replace image markdown
* Add custom link component to assistant message block (#36527)
* Add custom link component to assistant message block
* Update based on feedback
* Render plain text if URL is deemed unsafe
* fix mcp tools and parse data (#36593)
* Update Admonition for AI Assistant for when opt in is re-enabled (#36663)
* Update Admonition for AI Assistant for when opt in is re-enabled
* Update
* Smol fix
* Fix TS
* Tiny
---------
Co-authored-by: Greg Richardson <greg.nmr@gmail.com>
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
* Add custom error handler for fetch error 'Failed to fetch'
* Refactor EdgeFunctionTesterSheet to use react query instead of manually calling fetch
* Use new fetchHandler for where we're calling fetch
* Revert
* fix: response error codes
* upgrade docs
* remove request url modification middleware
* move api routes for self-hosted to platform folder
* remove some lib/common/fetch usage
* docs: use middleware for openapi-fetch (#30600)
Get rid of the unauthedAllowedPost function (I don't think there's any harm in letting any requests that require authentication to just 403, they should be disabled at the React Query level and if not they will fail gracefully enough...)
* fix local count query
* add default values for clone mutation
* fix ts and codegen
* add missing lodash dep to playwright tests
* Fix the playwright tests to match the new folder structure for selfhosted variant.
* remove unused import
* Remove unused state
* remove unused sql debug mutation
* remove unused export
* fix notifications query
* fix jwt updating status
* fix typescript
* save sql snippet after renaming
* update codegen & fix ts error
* override array querySerializer
---------
Co-authored-by: Charis <26616127+charislam@users.noreply.github.com>
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
* Add a message if openai_api_key not set
* Fix disabled state
* Some fixes
* Add same check in global assistant
* Remove check for api key for platform
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* Update the design of the sonner toasts. Add the close button by default.
* Migrate studio and www apps to use the SonnerToaster.
* Migrate all toasts from studio.
* Migrate all leftover toasts in studio.
* Add a new toast component with progress. Use it in studio.
* Migrate the design-system app.
* Refactor the consent toast to use sonner.
* Switch docs to use the new sonner toasts.
* Remove toast examples from the design-system app.
* Remove all toast-related components and old code.
* Fix the progress bar in the toast progress component. Also make the bottom components vertically centered.
* Fix the width of the toast progress.
* Use text-foreground-lighter instead of muted for ToastProgress text
* Rename ToastProgress to SonnerProgress.
* Shorten the text in sonner progress.
* Use the correct classes for the close button. Add a const var for the default toast duration. Remove the custom width class from sonner.
* Set the position for all progress toasts to bottom right. Set the duration for all toasts to the default (when reusing a toast id from loading/progress toast, the duration is set to infinity).
* Fix the playwright tests.
* Refactor imports to use ui instead of @ui.
* Change all imports of react-hot-toast with sonner. These components were merged since the last commit to this branch.
* Remove react-hot-toast lib.
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
Co-authored-by: Jonathan Summers-Muir <MildTomato@users.noreply.github.com>
* Remove feature preview for the conversational AI for SQL editor.
* Remove all code related to the previous implementation of editor ai.
* Update the snapshots for the ai commands.
* Remove unneeded code from the ai panel.
* Show the diff bar when debugging.
* Convert the updateEditor function into a callback.
* Simplify the debugging functionality by using react state instead of react context.
* Erase the AI disclaimer when formatting code as modification.
* Add a button to clear the chat history.
* Add vercel/ai. Commit additional next types.
* Add a API route in /app for streaming responses.
* Make the components work with streaming response.
* Add a dummy page to /app folder to fix a linking bug.
* Fix the dummy page.
* Fix the dummy page again.
* Add an empty layout to the app folder.
* Make the code snippets in the chat read-only.
* Remove queries and mutations for suggest.
* Reset the chat when closing the panel.
* Make the AI instructions a bit better.
* Don't render empty code blocks.
* Try to use remark for rendering the code. Style fixes for CodeBlock in AI assistant panel.
* Fix the styling of the definitions when sending them to OpenAI.
* Fix the css styling of the messages and code blocks.
* Move the suggest API route from app to pages folder.
* Revert the change for app API routes.
* Make the API route look like the rest of the API routes.
* Use Pre instead of Code because the <code> tags aren't working if between spans.
* Minor leftovers.
* Revert to using app route handlers.
* Change the wording on the diff header.
* Add nextjs types.
* Fix a missing import.
* Move AssistantChatForm back to db-new.
* Fix a build error.
* Rename the suggest route to assistant.
* Fix Joshen's comments.
* Send policy definition to AI when editing a policy
* Only send entity definitions if opted into AI for RLS ai assistant
* Scaffold collapsible policy details
* Update comment
* Update
* Update height
* fix messages sorting
* Add two more sizes to the Panel component.
* Add alias for the older openai-api library. The new one is added under the openai name.
* Add API routes
* Add components for the new AI RLS panel.
* Bunch of changes to the AI Policy Editor.
* Add a button for opening the new Policy Editor.
* Add a feature flag for the new editor.
* Add a confirmation modal when closing the panel.
* Fix leftover data when closing the panel.
* Make the copy button work.
* Add the next/swc packages to package-lock.json.
* Merge master
* Scaffold debug sql in rls editor
* Small improvements to policy chat
* Hook up debug to ai assistant panel
* Improve debug UX
* Add debug request badge
* Some styling fix
* Small styling fix
* Another small styling fix
* Shift create new policy ai button + fix error stylign with code editor height
* Add tooltips to apply changes and copy code from assistant message
* Hide assistant button is not platform
* Small lint
* Add default error handlers to all AI RQ mutations
* Small fix
* Remove IS PLATFORM check for rls assistant
* Add placeholder to RLS code editor
* Fix diff + rls code editor
* Add placeholder message after sending prompt
* Small style
* RLSCodeEditor hit tab if empty to populate placeholder text
* Light mode nudeges
* Update logic for when confirmation close modal should show
* Set render overview ruler as false for rls diff editor
* improve chat UX to make it smoother (thank you alaister for your help 🙏)
* Dynamically do keepPreviousData
* Gracefully handle errors for add prompt
* Use animated ai icon while message is loading
* using Sheet component
* Address commernts
* Bit more improvements
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
Co-authored-by: Jonathan Summers-Muir <MildTomato@users.noreply.github.com>
* Move all studio files from /studio to /apps/studio.
* Move studio specific prettier ignores.
* Fix the ui references from studio.
* Fix the css imports.
* Fix all package.json issues.
* Fix the prettier setup for the studio app.
* Add .turbo folder to prettierignore.
* Fix the github workflows.
Charis