Detects HIPAA customers server-side in the assistant code path. Threads
`isHipaaEnabled` boolean through `getOrgAIDetails` → `generate-v4` →
`generateAssistantResponse`. The motivation is to support online evals
down the road, where we'll want to exclude HIPAA projects from Assistant
tracing.
This PR follows existing patterns for checking if HIPAA is enabled for a
project (org has HIPAA addon + project is sensitive). Example
[[1]](https://github.com/supabase/supabase/blob/a5dd0a96716561443778f38a518b61d6cac95c19/apps/studio/components/interfaces/Settings/Addons/Addons.tsx#L75),
[[2]](https://github.com/supabase/supabase/blob/6858d4e18d9359d573fe3dff73bc4e5fa1cfe219/apps/studio/hooks/misc/useOrgOptedIntoAi.ts#L69).
```ts
const hasHipaaAddon = subscriptionHasHipaaAddon(subscription) && settings?.is_sensitive
```
(I call it `isHipaaEnabled` in this PR to avoid it being misunderstood
as just the org-level addon, rather it's a combo of that addon being
present AND high compliance being enabled on the project).
### Verification steps
<details><summary>Click to view the steps I followed to sanity check it
works with the local stack</summary>
Tested locally with `mise fullstack`:
1. Found my org's subscription ID:
```sh
docker exec platform-db-1 psql -U postgres -c "SELECT id, customer_id,
status FROM orb.subscriptions;"
```
2. Added HIPAA addon to it:
```sh
docker exec platform-db-1 psql -U postgres -c "
UPDATE orb.subscriptions
SET price_intervals = price_intervals || '[{\"price\": {\"unit_config\":
{\"unit_amount\": \"350.00\"}, \"external_price_id\":
\"addon_security_hipaa\", \"item\": {\"name\": \"HIPAA\"}}}]'::jsonb
WHERE id = '<subscription_id>';"
```
2. Toggled on High Compliance (Project Settings → General)
3. Added a temporary log after `getOrgAIDetails` in `generate-v4.ts`:
```ts
console.log('[HIPAA]', { isHipaaEnabled })
```
4. Sent a message in the AI Assistant → `isHipaaEnabled: true`
5. Toggled off High Compliance → resent → `isHipaaEnabled: false`
6. Removed addon from subscription, left project toggle on →
`isHipaaEnabled: false`
```sql
-- Find addon index:
SELECT ordinality - 1 as idx FROM orb.subscriptions,
jsonb_array_elements(price_intervals) WITH ORDINALITY AS elem(val,
ordinality)
WHERE id = '<subscription_id>'
AND val->'price'->>'external_price_id' = 'addon_security_hipaa';
-- Remove by index:
UPDATE orb.subscriptions SET price_intervals = price_intervals - <idx>
WHERE id = '<subscription_id>';
```
All three cases confirm `isHipaaEnabled` requires both the org addon and
the project-level toggle.
</details>
Closes AI-434
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added HIPAA mode detection and exposed it in AI workflows.
* API request functions now accept optional custom authorization headers
for downstream calls.
* **Tests**
* Added tests covering HIPAA scenarios and verifying authorization
header propagation in related flows.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
* Add custom types for queries, mutations and infinite queries.
* Migrate all queries to use the new type.
* Migrate all infinite queries to useCustomInfiniteQueryOptions.
* Migrate all mutations to use useCustomMutationOptions.
* Add type to all imports in `types` folder.
* Migrate all uses of invalidateQueries to use object syntax.
* Migrate the remainder of useInfiniteQuery.
* Migrate all setQueriesData.
* Migrate all fetchQuery uses.
* Migrate some leftover functions from RQ.
* Fix issues found by Charis.
* Update perms checking in audit logs
* Deprecate useCheckPermissions, useIsPermissionsLoaded and useCheckProjectPermissions as they're no longer used
* Rename useAsyncCheckProjectPermissions to useAsyncCheckPermissions
* Fix TS
* Wrap up remaining swapping of useCheckPermissions
* remove OrganizationSettingsLayout on billing, team, integrations and usage org pages
* Fix missing loading state in usage page
* Add comments for next step
- Mandatory address input when adding a new payment method
- Removed the global HCaptcha store that wasn't used consistently and would sometimes block payment method changes
- Remove the custom billing address data & tax id form on org creation and plan upgrades in favour of Stripe's `AddressElement`
- Unify usage of the Stripe payment elements into a single component
- Customers can mark "Purchasing as a business" and will then be able to put down a tax id
- Adjusted billing address form to have better labels + tax id is filtered down to selected country
- Adjusted Stripe Elements styling to use floating labels (otherwise very hard to use with address element) + additional styling changes
- New flag to filter out payment methods that do not have an address for org upgrades and credit top ups, this will be enforced a few days after rolling this out
- Added Google Maps Places API integration for address auto-completion via Stripe AddressElement
- Upgraded Stripe dependencies
- Slight adjustments to styling of plan upgrade modal
- Remove captcha for downgrades to Free, it is not needed
- Properly handle 3DS if customer has multiple payment methods
- Move payment method invalidation to react-query
This PR implements the new flow to confirm subscription upgrades using Orb pending changes. This is backwards compatible and based on a flag exposed by the backend (`subscriptionPreview.pending_subscription_flow`).
Just like the organization creation, the entire flow is slightly different - instead of creating a payment method separately, the payment method is added inline while doing the upgrade and then attached to the customer. If payment fails, the upgrade will not go through. If payment requires additional action, the user needs to confirm the payment before allowing the upgrade.
For testing the new flow locally, toggle the flag in `flags.ts` on the backend.
Changes include
- No longer rely on the `changeType` from the plans endpoint as this is regularly out-of-sync and displays wrong up/downgrade info due to race conditions
- `readOnly` mode for Stripe elements if anything is loading/submitting
- Reduced prop drilling for some components
- Hide payment method and address selection on downgrade
Adds support for the new Orb pending subscription change flow that has been added to the backend.
By default, the new feature is disabled (enabled after merge on staging). If disabled, this should work just like before with the regular `confirmPayment` function that triggers 3DS if needed and properly lets a user confirm their additional factor.
With the new flag, we only create a payment method, as we will do another payment intent that is set up for future usage and that may require 3DS - so we avoid the possible double confirmation (setup confirmation + payment intent). The organization creation endpoint can either return a full organization (i.e. on Free Plan or immediate payment success) or a payment_intent_secret. In case of the secret being returned, we need to confirm the secret with the Stripe SDK.
Moved the Stripe Elements further down to avoid the entire form reloading (especially billing address) in case of a payment failure.
* Init
* Initial set up for hooking up supavisor and pgbouncer
* Hook up pgbouncer status check after swapping pooler type
* Add check for nano compute for switching to pg bouncer
* Add check for ipv4 addon
* Remove expect error tag
* Update copy in IPv4SidePanel
* Add badge to select options for pooler types
* Hook up pgbouncer config for connect UI
* Refactor pooling-configuration react queries to supavisor-configuration
* Update Ipv4 compatability UI indicators in Connect UI when on pgbouncer
* Remove statement mode
* Resolve undefined problem with react hook form
* Fix
* Update UI texts from PgBouncer to Dedicated Pooler
* Feature flag changes
* Add pooler settings link in Connect UI
* Smol update
* Update session pooler description for pgbouncer
Occasionally results in a 429 in API - there are plans to fix this on the API level, but it's not a quick change, so hoping to reduce the likeliness of 429 with a higher stale time. Subscriptions and project addons rarely change and if they are changed, it's invalidated on the client anyway.
* Add layoutheader to self-hosted to allow showing assistant
* Fix layout
* Remove debug checks
* Check for key
* Dont load tables
* Fix assistant error handling
* Yeet
* Update turbo.json
* Another one
* god
* Fix
* Add fallback
* last attempt to fix
* Clean up
* take the wheel
* Tiny fix
* Skip enrich query for local, to match prod
---------
Co-authored-by: Alaister Young <alaister@users.noreply.github.com>
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* inited. added disk config to a new page
* add instances
* move moar
* moved things around. billing badges updated. compute added
* tidy
* new components
* form now dynamically updating itself
* updated compute form. moved warning panels. added collapsible for advanced options
* review dialog now only showing what is relevant
* Update DiskManagementForm.tsx
* compute sizes now a reccomendation
* fix old form
* started adding flags
* removed unused code. fixed issue with IOPS price showing on smaller compute
* moar clearning
* IOPS logic wrong way round
* type fixes
* start adding better error handling
* TIDY
* moved everything to own file
* tidy
* fix hydration issue
* moved some components around
* clean up
* inline errors
* update form message
* Update DiskManagementForm.tsx
* error fields fixed. some formatting issues. nano added as an option
* fix constants
* add some plan restrictions
* moar
* units updated. labels updated
* Update DiskManagement.schema.ts
* fix a ton of type issues
* text udpates
* add panel to suggest switching to io2
* more notice board stuff
* number formatting. moved a file
* Update DiskManagementForm.tsx
* remove console logs
* upgrade comms. more type fixes
* add empty states for the old areas
* more links
* updated some label issues
* hide labels when chart is active
* Update DiskManagement.utils.ts
* Delete next-env.d.ts
* Update DiskManagementForm.tsx
* Update DiskManagement.schema.ts
* text updates
* Update DiskManagement.constants.tsx
* Update next-env.d.ts
* Update next-env.d.ts
* Small clean uop
* Clean up empty files
* Clean up spelling
* Clean up more
* Fix typo in file name
* Clean up import statements
* Update DiskManagementForm.tsx
* fix issues
* Update ProjectLayout.tsx
* Remove unused import
* Fix
* Address nit
* Update database.tsx
* remove supress toast
* Update DiskManagement.schema.ts
* Update database.tsx
* change upgrade comms
* Update DiskManagementPanelForm.tsx
* fixes
* fix button size on old form
* Update DiskManagementForm.tsx
* Update StorageTypeField.tsx
* update labels on compute
* dont show banner when infra is FLY
* update comms. hide disk config for FLY
* Fix TS
* Last round of clean upo
* fix message state
* fix message
* Fix TS
* Update DiskManagement.utils.ts
* fix errors
* Update BillingChangeBadge.tsx
* fixed some label issues
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* init
* moar
* moat
* moar
* add read replica bar
* moar
* Update DiskMangementPanelForm.tsx
* added temp state mang to test
* moar
* Prepare react queries + data from API for disk mgt
* moat
* moat
* moar
* Update DiskMangementReviewAndSubmitDialog.tsx
* badge updates
* Hook up actual endpoints for E2E testing, but commented out for now for local dev
* Hook up real data + clean up files and add tests
* Update APi types
* Hook up E2E and fix all validation logic
* Only show new disk mgt UI for orb billing
* Add note on RRs 25% more disk size
* Add state to handle free plan for disk mgt
* Update increase disk size CTA in reports/database
* Fix file spelling errors
* Address feedback
* Fix missing framer motion package in ui
* Address comments
* Address feedabck
* Minor fix
* Use new disk util endpoint
* Remove unused import
* Address feedback
* More addressing of feedback
* Update pricing details for IO2 - no included disk size
---------
Co-authored-by: Jonathan Summers-Muir <MildTomato@users.noreply.github.com>
* Update the design of the sonner toasts. Add the close button by default.
* Migrate studio and www apps to use the SonnerToaster.
* Migrate all toasts from studio.
* Migrate all leftover toasts in studio.
* Add a new toast component with progress. Use it in studio.
* Migrate the design-system app.
* Refactor the consent toast to use sonner.
* Switch docs to use the new sonner toasts.
* Remove toast examples from the design-system app.
* Remove all toast-related components and old code.
* Fix the progress bar in the toast progress component. Also make the bottom components vertically centered.
* Fix the width of the toast progress.
* Use text-foreground-lighter instead of muted for ToastProgress text
* Rename ToastProgress to SonnerProgress.
* Shorten the text in sonner progress.
* Use the correct classes for the close button. Add a const var for the default toast duration. Remove the custom width class from sonner.
* Set the position for all progress toasts to bottom right. Set the duration for all toasts to the default (when reusing a toast id from loading/progress toast, the duration is set to infinity).
* Fix the playwright tests.
* Refactor imports to use ui instead of @ui.
* Change all imports of react-hot-toast with sonner. These components were merged since the last commit to this branch.
* Remove react-hot-toast lib.
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
Co-authored-by: Jonathan Summers-Muir <MildTomato@users.noreply.github.com>
* fix: update Permission params
* fix: upgrade check permission hook to support project level role
* fix: usePermissionsLoaded
* fix: Permission params can be undefined
* Scaffold new access management UI
* Add validation
* Update roles view
* Add tooltip
* Add button to apply role to all projects
* Update UI to select projects first instead of roles
* Merge master update UI
* Midway trying to implementation project level perms API
* First pass implementating updating project level permissions
* Add client side validation for assigning/removing roles
* Midway implementing new invites
* Integrate most of the project level permissions functionality
* fix: filter out org-level permissions before checking
* Add relevant UI guards in org level pages for project role POV
* Minor refactors
* Small refactors
* More fixes
* Moar refactors
* More fixes
* More fixes
* Refactor update role logic and smack some test cases on it
* Fixes
* Fix type issue
* Fix type
* more fixes, refactors, adding checks...
* MORE fixes
* Add perms checking for replicas
* Add ButtonTooltip component and use them to prevent repetition of pointer events auto for buttons with tooltips
* Convert all buttons with tooltips to use ButtonTooltip
* refactor
* PRettier
* Small fix
* Remove commented out code in organization-invitation-accept-mutation
* fix: switch to use the platform oauth authorizations routes
* Add perms checking for org audit logs and org oauth apps
* PRettier
* Fix incorrect URL for oauth app flow
* Fix incorrect URL for oauth app flow
* Fix
* Add perms checking for warehouse related UI
* Update roles helper icon
* remove unused lib
* Update package lock... again
* Update package lock... again
* Smalllll update
* Update some checks
* Add gate for project level permissions
* Last fix
* update codegen
* Update warehouse endpoint routes
* Fix
---------
Co-authored-by: phamhieu <phamhieu1998@gmail.com>
Co-authored-by: Alaister Young <a@alaisteryoung.com>
* First round of wrapping RQ errors with handleError
* Remove the throw before the handleError usage.
* Make the handling of an API error more versatile. Add logging in Sentry if the error is of unknown type.
* Remove throwing of the handleError function.
* Add return type to the handleError function to be never so that we're sure it always throws.
* Second round of wrapping RQ errors with handleError
* Temp fix in delete credential mutation, and fix loading state
---------
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
* chore: increase react-query stale time
* keep staleTime: 0 for table rows
* use staleTime: 0 for all user sql queries
* use staleTime: 0 for all pg-meta queries
* Some fixes
* fix updating tables
* fix bug while editing column names
* Fix deleting column in database/tables column list not revalidating UI
* Fix updating column in database/tables column list throwing ane rror
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* Move all studio files from /studio to /apps/studio.
* Move studio specific prettier ignores.
* Fix the ui references from studio.
* Fix the css imports.
* Fix all package.json issues.
* Fix the prettier setup for the studio app.
* Add .turbo folder to prettierignore.
* Fix the github workflows.
K-Dog (Kevin)