## Summary
- Converts ~27 `executeSql` call sites in `apps/studio/data/**` to build
SQL through `safeSql` / `ident` / `literal` / `keyword` /
`joinSqlFragments` instead of raw template-string interpolation.
- Tightens the `useDatabaseCronJobCreateMutation` and
`useDatabaseEventTriggerCreateMutation` `sql`/`query` parameter types
from `string` to `SafeSqlFragment` (callers already produce one).
- Updates `getDeleteEnumeratedTypeSQL` in `packages/pg-meta` to return
`SafeSqlFragment`.
- Fixes a bug noticed while testing where Queues integration does not
correctly handle queues with uppercase names.
## Pages to manually test
- Integrations > Cron Jobs
- Integrations > Queues
- Database > Triggers > Event Triggers
- Database > Indexes
- Reports > Query Performance
- Storage
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **Bug Fixes**
* Queue lookups now correctly handle case-insensitive queue names.
* Queue table references are now properly managed and consistently
applied throughout the queue management interface.
* Improved queue name display normalization in the user interface.
* **Chores**
* Enhanced SQL query safety across the database layer through
parameterized query construction and safer templating approaches.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Don't fire the `available-versions` request when `dbRegion` is falsy
(undefined or empty string). Fixes race condition where the request
fires before a region is selected.
## To test
- Confirm no invalid `available-versions` request in the network tab
- Confirm create new project still works
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved database region validation during project creation to
consistently handle empty or undefined values.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
## Summary
The `connectSection` A/B experiment concluded as a true null (no effect
on activation or any downstream metric after 13 days at 50/50, ~153K
mature orgs). Saxon decided to ship the Connect section as the permanent
experience. This PR removes the Getting Started control variant, the old
Connect modal, all experiment flag gating, and related telemetry types.
## Changes
- Delete `GettingStarted/` directory (5 files: section component, types,
utils, progress hook)
- Delete old `Connect.tsx` dialog modal (replaced by ConnectSheet)
- Remove `connectSection` PostHog flag reads from `Home.tsx` and
`LayoutHeader.tsx`
- Remove `getSectionVisibility()` experiment logic and
`ConnectSectionVariant` type
- Remove `getting-started` from `DEFAULT_SECTION_ORDER`
- Always render `<ConnectSheet />` in header (no more conditional with
old `<Connect />` modal)
- Remove `variant` prop from `ConnectSection` component
- Remove 4 getting-started telemetry event interfaces from
`telemetry-constants.ts`
- Update `mergeSectionOrder` tests to reflect new section order
## Testing
Tested on Vercel preview:
- [x] Project homepage shows Connect section for new projects (< 10 days
old)
- [x] Connect section hidden for mature projects (> 10 days old)
- [x] Header Connect button opens ConnectSheet (not old modal)
- [x] Connect tiles open ConnectSheet with correct tab
- [x] Section drag-and-drop still works without getting-started in the
order
- [x] Existing users with `getting-started` in localStorage order don't
break (mergeSectionOrder strips it)
## Linear
- fixes GROWTH-730
---------
Co-authored-by: Alaister Young <alaister@users.noreply.github.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
When un-pausing the dashboard, the project home page on platform shows
undefined rather than the default state of "URL not available"
## Ways to test
You can pause and then unpause a project to see if this works correctly
## Context
Main fix is to adjust the new home page + connect dialog (and connect
sheet) to render the project's custom domain if available
<img width="471" height="255" alt="image"
src="https://github.com/user-attachments/assets/3a208b2e-bdeb-43f5-a2e7-3495881dbaaa"
/>
<img width="1065" height="233" alt="image"
src="https://github.com/user-attachments/assets/2a7b8f81-8c0b-4803-bf0a-fc16a2f1e0e1"
/>
## Changes involved
- Created a `useProjectApiUrl` hook that will return the API URL
depending if custom domains is available, otherwise default to default
project API URL
- Refactored all the other places that were manually deriving the
project's endpoint
- Storage Explorer -> copy URL
- Edge Functions
- Integrations -> Data API + API Docs
- Auth Providers -> Callback URL
- Also updated the copy CTA for the addons page
- Instead of just "Change xxx", make it a bit more actionable
- For add ons with binary states (Custom domains, IPv4)
- If not enabled yet, "Enable xxx", otherwise "Toggle xxx"
- For PITR
- If not enabled yet, "Enable PITR", otherwise "Change recovery
duration"
- Also added "Edit custom domain" CTA if enabled
<img width="1144" height="518" alt="image"
src="https://github.com/user-attachments/assets/4f152ea5-0cc7-412c-95e8-ad5bb37c19c3"
/>
## To test
- [ ] Verify that for a project with custom domain set up, all the
affected UI mentioned in the above section look correct
## What kind of change does this PR introduce?
Feature. Resolves DEPR-390
## What is the current behavior?
Projects aren’t sortable in either the card or table view.
## What is the new behavior?
Projects are sortable in both:
- Card view: sort dropdown
- Table view: sort dropdown or table column headers
| Before | After |
| --- | --- |
| <img width="1382" height="797"
alt="Supabase-4D1BFE40-875D-494C-8F17-A68D92826458"
src="https://github.com/user-attachments/assets/c4f17b77-bc90-447f-90cd-78a11c2e4129"
/> | <img width="1382" height="797"
alt="Supabase-D8C0AC7C-A28D-4AA6-BA7C-0FCD61DB5D11"
src="https://github.com/user-attachments/assets/d926d03d-2702-48e5-9d1f-0e09d163079d"
/> |
| <img width="1382" height="797"
alt="Supabase-0A545C5C-40B5-47F7-9ACD-2200879BB95E"
src="https://github.com/user-attachments/assets/f2103c32-a150-4db7-a78a-8bd610e2a028"
/> | <img width="1382" height="797"
alt="Supabase-0F7AB608-2E86-4F0C-BB60-C85D9B7F3D57"
src="https://github.com/user-attachments/assets/baa63f14-4059-483d-a9d6-33663e5cff43"
/> |
## Additional context
I wonder if this is overkill given most folks only have 1–2 projects.
Some ideas:
- Only sortable in table view via column headers
- Conditional rendering for folks with 2+ projects
- Opt-in feature
- Feature-flag
I’ve opted to make it global and synced for now.
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
This pull request introduces improvements to the handling of storage
endpoints in the Studio app, ensuring that storage operations utilize
the correct endpoint and enhancing maintainability through import path
updates and code clarity. The most significant changes are grouped
below:
**Storage Endpoint Handling:**
* The `useProjectEndpointQuery` hook now returns both `clientEndpoint`
and `storageEndpoint`, allowing storage operations to use a dedicated
endpoint when available.
* In the `StorageExplorerStateContextProvider`, the logic for
constructing the resumable upload URL now prefers `storageEndpoint` if
present, falling back to `clientEndpoint` otherwise. This ensures
uploads use the most appropriate endpoint.
* The context provider now sets `clientEndpoint` to `storageEndpoint`
when available, further aligning storage requests with the correct
endpoint.
* The dependency array for the provider effect now includes
`storageEndpoint`, ensuring state updates when the storage endpoint
changes.
**Code Quality and Maintainability:**
* Import paths in `storage-explorer.tsx` have been updated to use alias
(`@/`) references, improving clarity and maintainability. Type-only
imports are also used where appropriate, reducing bundle size and
potential circular dependencies.
**Code Clarity:**
* Added comments to chunk size calculations in the upload logic,
clarifying the rationale behind chunk sizing for different file sizes.
Detects HIPAA customers server-side in the assistant code path. Threads
`isHipaaEnabled` boolean through `getOrgAIDetails` → `generate-v4` →
`generateAssistantResponse`. The motivation is to support online evals
down the road, where we'll want to exclude HIPAA projects from Assistant
tracing.
This PR follows existing patterns for checking if HIPAA is enabled for a
project (org has HIPAA addon + project is sensitive). Example
[[1]](https://github.com/supabase/supabase/blob/a5dd0a96716561443778f38a518b61d6cac95c19/apps/studio/components/interfaces/Settings/Addons/Addons.tsx#L75),
[[2]](https://github.com/supabase/supabase/blob/6858d4e18d9359d573fe3dff73bc4e5fa1cfe219/apps/studio/hooks/misc/useOrgOptedIntoAi.ts#L69).
```ts
const hasHipaaAddon = subscriptionHasHipaaAddon(subscription) && settings?.is_sensitive
```
(I call it `isHipaaEnabled` in this PR to avoid it being misunderstood
as just the org-level addon, rather it's a combo of that addon being
present AND high compliance being enabled on the project).
### Verification steps
<details><summary>Click to view the steps I followed to sanity check it
works with the local stack</summary>
Tested locally with `mise fullstack`:
1. Found my org's subscription ID:
```sh
docker exec platform-db-1 psql -U postgres -c "SELECT id, customer_id,
status FROM orb.subscriptions;"
```
2. Added HIPAA addon to it:
```sh
docker exec platform-db-1 psql -U postgres -c "
UPDATE orb.subscriptions
SET price_intervals = price_intervals || '[{\"price\": {\"unit_config\":
{\"unit_amount\": \"350.00\"}, \"external_price_id\":
\"addon_security_hipaa\", \"item\": {\"name\": \"HIPAA\"}}}]'::jsonb
WHERE id = '<subscription_id>';"
```
2. Toggled on High Compliance (Project Settings → General)
3. Added a temporary log after `getOrgAIDetails` in `generate-v4.ts`:
```ts
console.log('[HIPAA]', { isHipaaEnabled })
```
4. Sent a message in the AI Assistant → `isHipaaEnabled: true`
5. Toggled off High Compliance → resent → `isHipaaEnabled: false`
6. Removed addon from subscription, left project toggle on →
`isHipaaEnabled: false`
```sql
-- Find addon index:
SELECT ordinality - 1 as idx FROM orb.subscriptions,
jsonb_array_elements(price_intervals) WITH ORDINALITY AS elem(val,
ordinality)
WHERE id = '<subscription_id>'
AND val->'price'->>'external_price_id' = 'addon_security_hipaa';
-- Remove by index:
UPDATE orb.subscriptions SET price_intervals = price_intervals - <idx>
WHERE id = '<subscription_id>';
```
All three cases confirm `isHipaaEnabled` requires both the org addon and
the project-level toggle.
</details>
Closes AI-434
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added HIPAA mode detection and exposed it in AI workflows.
* API request functions now accept optional custom authorization headers
for downstream calls.
* **Tests**
* Added tests covering HIPAA scenarios and verifying authorization
header propagation in related flows.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
https://linear.app/supabase/issue/FE-2226/fix-incorrect-baseline-and-max-iopsthroughput-values
- Centralized compute/disk limits in
packages/shared-data/compute-disk-limits.ts (MB/s, baseline+max
IOPS/throughput) and re-exported from shared-data.
- Hooked Docs compute/disk table into shared data, converted docs
text/table to MB/s baseline/max.
- Removed duplicated compute IOPS/throughput constants from Studio,
Studio now imports shared data.
- Updated Studio disk schema: compute-aware MAX IOPS/throughput
validation (MB/s), defaults computeSize to ci_micro, and gp3/io2 checks
use compute caps.
- Clarified disk update mutation to send throughput as MB/s despite
backend throughput_mbps field name.
- Added tests for compute-size mappings and IOPS helper logic.
- Added Infra ownership for shared compute/disk data in CODEOWNERS.
- Locked zod version via catalog and added zod dep to shared-data.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a reusable Compute Disk Limits table and centralized compute
disk limits dataset for dynamic display.
* **Documentation**
* Replaced static per-size tables with a component-driven MB/s view;
clarified baseline vs. burst behavior and updated guides and
troubleshooting.
* **Bug Fixes**
* Validation and UI guidance now honor compute-size limits for IOPS and
throughput.
* **Tests**
* Expanded unit tests for sizing, mappings, and edge cases.
* **Chores**
* Published shared-data exports, added a validation schema, pinned a
dependency, and added ownership entries.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
* chore(studio): feature flag for disabling oriole creation
* obey the ai overlords
* Use tooltip instead
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* validation errors
* improvements
* deprecate notice bar
* consolidate upgrade warnings
* type fixes
* rabbit
* 📝 Add docstrings to `dnywh/chore/link-to-dropped-objects` (#41528)
* 📝 Add docstrings to `dnywh/chore/link-to-dropped-objects`
Docstrings generation was requested by @dnywh.
* https://github.com/supabase/supabase/pull/41527#issuecomment-3680610884
The following files were modified:
* `apps/studio/data/config/project-upgrade-eligibility-query.ts`
* New line
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Danny White <3104761+dnywh@users.noreply.github.com>
* Use API types instead
* Update API types
* Add manage replicas CTA to upgrade warning if unified replication and project has replicas
* Nit
* use actionable language
* gap
* simplify
* prettier
* Add URL
* better links
* add tables and encode links
* remove replication link
* nit ordering
* rabbit
* Small simplify
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* feat(studio): add mutation to update table access privileges
Adds a mutation to update table grants for `anon` and `authenticated`
roles.
* feat(studio): add data api toggles
Add toggles to the Table Editor, allowing fine-grained grants to the
anon and authenticated roles.
* fix(studio): don't show rls policies warning if table not exposed
RLS policies warning was showing in Table Editor side panel even if
table was not exposed due to no grants to anon/authenticated.
* fixup! feat(studio): add data api toggles
* fixup! feat(studio): add data api toggles
* fix(studio): revalidate rls lints when table grants are toggled
---------
Co-authored-by: Charis Lam <26616127+charislam@users.noreply.github.com>
* Bump the deps, refactor deprecated code.
* Migrate keepPreviousData usage.
* Migrate all uses of InfiniteQuery.
* Fix refetchInterval in queries.
* Migrate all use of isLoading to isPending in mutations.
* Fix accessing location in claim-project.
* Fix a bug in duplicate query keys.
* Migrate all queries to use isPending.
* Revert "Fix accessing location in claim-project."
This reverts commit 2a07df64b5.
* Revert the rss.xml file to master.
* Remove the query for temp keys. Remove the query for supabase client. Add a function which creates a supabase client with a temp key.
* Add a new query for building the endpoint URL.
* Migrate all oAuth queries and mutations to use the new function for creating a Supabase project client.
* Use the new queries/mutations in the code.
* Use query in refetchInterval for useProjectSettings.
* Replace all uses in StorageExplorer with createProjectSupabaseClient.
* Initial work on vector buckets.
* Add more queries and UI.
* chore(studio): vector buckets contents (#39705)
* language
* match analytics buckets
* shared empty state
* proper loading state
* create dialog cleanup
* simplify copywriting
* proper details
* filtering
* use real data
* chore(studio): vector buckets polish A (#39759)
* empty state
* better checks
* bucket name in sheet
* fix typo
* sheet improvements
* rename vector index to vector table
* cleanup
* More work on the vector indexes.
* Add delete for bucket and indexes. Create index should now work.
* chore(studio): vector buckets polish B (#39794)
* loading
* delete modal
* fix modal behaviour
* Add modal for deleting vector buckets.
* Bring back the shimmering loader.
* chore(studio): vector buckets polish C (#39887)
* fix bucketname on deletion dialog
* empty states
* remove extraneous padding
* proper loading and not-found cases
* Minor fixes.
* Minor updates to the vector components.
* Add more instructions to the cursor rules.
* Some refactors and shifting files around
* Refactor analytics buckets detial to improve time to fcp
* Fix
* Refactors + simplify
* Last few nits, just leaving comments
* If the bucket is not empty, delete all indexes first.
---------
Co-authored-by: Danny White <3104761+dnywh@users.noreply.github.com>
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* First pass of deprecating old storage UI components
* Clean up local-storage flag for new storage UI
* Add coming soon UI for analytics and vector buckets pages
* Set up warning states for analytics buckets
* fix spelling and margin
* Smol fix
* nit
* Surface wrappers upgrade check in UI instead of toast
* Nit clean up
* update tests
---------
Co-authored-by: Danny White <3104761+dnywh@users.noreply.github.com>
* Add custom types for queries, mutations and infinite queries.
* Migrate all queries to use the new type.
* Migrate all infinite queries to useCustomInfiniteQueryOptions.
* Migrate all mutations to use useCustomMutationOptions.
* Add type to all imports in `types` folder.
* Migrate all uses of invalidateQueries to use object syntax.
* Migrate the remainder of useInfiniteQuery.
* Migrate all setQueriesData.
* Migrate all fetchQuery uses.
* Migrate some leftover functions from RQ.
* Fix issues found by Charis.
* Midway
* Add projects-infinite-query and remove use projects query in account audit logs
* Remove useProjectsQuery from RouteValidationWrapper
* Remove useProjectsQuery from OrganizationCard
* Remove useProjectsQuery in new project page
* Deprecate useProjectByRefQuery, replace all usage with just useProjectDetailQuery
* Remove useProjectsQuery from Organization Audit logs
* Fix check
* fix: add custom message for 404 storage config errors
Added a specific error message "Storage configuration not found." when
the storage config API returns a 404 error code.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Add comment
* Nit improve error handling for S3 connection UI
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* Update perms checking in audit logs
* Deprecate useCheckPermissions, useIsPermissionsLoaded and useCheckProjectPermissions as they're no longer used
* Rename useAsyncCheckProjectPermissions to useAsyncCheckPermissions
* Fix TS
* Replace all usage of useProjectContext with useSelectedProjectQuery
* Replace all usage of useSelectedProject with useSelectedProjectQuery
* Replace all usage of useProjectByRef with useProjectByRefQuery
* Replace all usage of useSelectedOrganization with useSelectedOrganizationQuery
* Deprecate useSelectedProject, useSelectedOrganization, and useProjectByRef hooks
* Deprecate ProjecContext
* Deprecate getAPIKeys from project settings v2, use new api keys endpoint instead
* use getPreferredKeys where appropriate
* Prevent usage of secret key for storage and realtime inspector
* Add dashboard API api-keys endpoint
* Simplify
* Disable edge functions test if legacy api keys are disabled
* Revert
* Fix graphiql
* Remove all usage of api keys from project settings, except DisplayApiSettings
* Update
* Fix
* Small fix for an undefined upload url.
* Fix the storage state initialization when the resumable url changes.
---------
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
Charis