Commit Graph

54 Commits

Author SHA1 Message Date
Vaibhav 804475fd3a fix: redirect urls (#47487)
## TL;DR

fixes redirect url  normalization..

## PS:

| Before | After |
| --- | --- |
| Broken: whitespace could make the same redirect URL appear as a
separate entry and break delete behavior | Fixed: equivalent redirect
URLs are normalized consistently, so display, save, and delete behavior
stay in sync |
| <img width="800" height="274" alt="Before redirect URLs behavior"
src="https://github.com/user-attachments/assets/47dbb1ca-7c7d-482b-a67e-08c2eb2cd030"
/> | ![After redirect URLs
behavior](https://github.com/user-attachments/assets/b90dfad3-9ec2-4431-8412-34d4faca62da)
|

## ref:
- closes https://github.com/supabase/supabase/issues/47478

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Improved redirect URL handling so saved and displayed URLs are
consistently trimmed, normalized, deduplicated, and parsed from
comma-separated allow lists.
* Tightened redirect URL validation to better catch invalid formats and
prevent duplicates both against the existing allow list and within a new
submission.
* Fixed redirect URL deletion to remove the exact set of URLs confirmed
by the user.
* **Tests**
* Added/updated tests to cover redirect URL normalization and parsing
behavior for stored comma-separated allow lists.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-01 08:24:17 -06:00
Seid Muhammed affdcb35ff fix(studio): sum numeric-string columns in cumulative SQL charts (#47378)
Fixes: #47377

## What is the current behavior?

Enabling **Cumulative** on a results chart concatenates Y-axis values
instead
of summing them whenever the column is a `bigint`, `numeric`, `money`,
or
`count(*)` aggregate — which Postgres returns as JSON strings. For
per-row
values `10, 20, 30` the chart plots `10, 1020, 102030`.

`getCumulativeResults` ran `(prev[yKey] || 0) + row[yKey]` on raw result
rows.
The Y-axis selector explicitly allows numeric-string columns, so this is
a
common, fully-supported path (e.g. any `count(*) ... group by`).

## What is the new behavior?

Both operands are coerced with `Number()` before the addition, keeping
the
existing `|| 0` fallback for null/undefined/non-numeric values. The
series now
sums correctly: `10, 30, 60`.

The cumulative logic was previously duplicated in `ChartConfig.tsx` and
`QueryBlock.utils.ts` (which is how this bug slipped in twice). It is
now a
single shared, tested helper: `getCumulativeResults` lives in
`QueryBlock.utils.ts`, and `ChartConfig.tsx` imports it instead of
re-declaring
its own copy. The shared helper's `ChartConfig` type import is `import
type` to
avoid a runtime circular dependency, and its signature accepts
`readonly` rows
so both call sites type-check.

## Additional context

- Added regression tests for numeric-string inputs and for
null/undefined/non-numeric fallback to `0`. The existing tests only
covered
literal `number` inputs, never the string form Postgres actually
returns.
- Verified the new tests fail against the old code (`y: '010'`,
`'05undefined'`)
and pass with the fix. Full `QueryBlock.utils.test.ts` suite: 18
passing.

No migrations, no API changes, no infra changes.


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Fixed cumulative chart calculations so numeric values are always added
correctly, even when results arrive as strings.
* Improved handling of empty or non-numeric values in cumulative totals
so they are treated as zero instead of breaking the sum.

* **Tests**
* Added coverage for cumulative result calculations with numeric strings
and missing values.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-29 14:53:24 +00:00
Gildas Garcia c6fc456910 chore: cleanup duplicate exports studio (#47387)
## Problem

Knip reports many duplicate exports (both named and default). Besides,
we're moving away from default exports and even have an eslint rule to
enforce it on new code.

## Solution

- Cleanup those exports
- Update imports when necessary

No functional changes. If it builds, it's fine
2026-06-29 15:46:16 +02:00
Danny White 032bd09b0c feat(studio): use theme-aware OAuth requester logos (#47138)
## What kind of change does this PR introduce?

Bug fix. 

- Follow-up work to FE-3640
- Contributes to DEPR-604

## What is the current behavior?

Known dynamic OAuth requesters on `/dashboard/authorize` relied on
OAuth-specific hard-coded icon assets that were dark-mode only.

Cursor did not have separate light/dark assets in the shared MCP icon
registry, Perplexity only had a light tile asset with baked-in padding,
and OpenAI used the older blossom mark.

## What is the new behavior?

Known OAuth requester logos now resolve through the shared MCP icon
registry while preserving the existing `SupabaseLogo` treatment for
paired authorisation screens.

Cursor uses transparent SVG light/dark variants, Perplexity has cropped
transparent SVG light/dark variants, and OpenAI/ChatGPT uses the newer
monoblossom SVG in black/white variants. Claude remains static until a
suitable variant is available.

Unknown requester icons still render from the provided URL and fall back
to the requester initial if the image fails.

| Before | After |
| --- | --- |
| <img width="828" height="636" alt="Authorize OpenAI
Supabase-E2A05664-589F-458F-8452-9CEE008D558A"
src="https://github.com/user-attachments/assets/140021b1-ff05-4092-98ef-2eae94ff2ddb"
/> | <img width="828" height="636" alt="Authorize OpenAI
Supabase-EC7E00BD-439A-45D1-8E55-240B227C6897"
src="https://github.com/user-attachments/assets/93e603f2-5cbf-4219-b692-d36ac98e8d2a"
/> |
| <img width="828" height="636" alt="66 Authorize OpenAI
Supabase-CB31FF76-86DB-43A6-A426-46B99B8B1B91"
src="https://github.com/user-attachments/assets/b261416e-39b8-40b3-87fd-461653aa0334"
/> | <img width="828" height="636" alt="Authorize OpenAI
Supabase-EAFCF2F2-5CEA-4FE6-8AC0-819F764B414E"
src="https://github.com/user-attachments/assets/35ad7525-0fa9-4438-b117-4e70b78eb719"
/> |

## To test

1. Navigate to `http://localhost:8082/authorize?auth_id=test-auth-id`
2. Open DevTools → Network
3. Find `/platform/oauth/authorizations/test-auth-id`
4. Right-click → Override content
5. Replace the response body with:
	```js
	{
	  "name": "Perplexity",
	  "website": "https://perplexity.ai",
	  "icon": null,
	  "domain": "perplexity.ai",
	  "scopes": [],
	  "expires_at": "2026-12-31T23:59:59.000Z",
	  "approved_at": null,
	  "registration_type": "dynamic"
	}
	```
6. Then change "name" to Cursor, Claude, ChatGPT, or OpenAI and refresh
to inspect each logo

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* OAuth app requester logos now dynamically adapt to light and dark
themes, with improved logo selection for known requesters.
  * Cursor now uses a distinct dark icon variant.
  * Added Perplexity client icon support.

* **Bug Fixes**
* Improved logo rendering robustness: if a logo can’t be loaded, the UI
falls back to the requester’s initial.

* **Tests**
* Expanded coverage for theme-aware logo rendering and icon variant
handling, including unknown-icon and fallback scenarios.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-06-24 09:30:48 -06:00
Gildas Garcia 96d43099bb chore: refactor Button API so that it can be used a standard button (#46880)
## Problem

Our `<Button>` component breaks the default `button` contract by
redefining the `type` prop to set its variant (`primary`, `default`,
etc) instead of the button type (`submit`, `button`, etc).
This is confusing and forces to write more code when using it with
shadcn components that expect/inject the standard button props.

## Solution

- rename the `type` prop to `variant`
- rename the `htmlType` prop to `type`
- propagate the changes where necessary
- format code

## How to test

As this is just prop renaming, if it builds it's ok

---------

Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
2026-06-16 23:59:58 +02:00
Danny White 43c2229f1e fix(studio): align /authorize invalid and edge states with interstitial UI (#46960)
## What kind of change does this PR introduce?

Bug fix / UI polish

## What is the current behavior?

Visiting `/authorize` without an `auth_id` renders a bare `Card` outside
the shared Connect interstitial — no centered layout, no Supabase logo,
inconsistent with every other `/authorize` state (loading, error, form,
approved).

Two edge cases also produce poor UX: a blank flash while
`router.isReady` is false, and a silent empty page when the
authorization query succeeds but returns no requester.

## What is the new behavior?

- **Missing `auth_id`**: `ApiAuthorizationInvalidScreen` now uses
`InterstitialLayout` with `SupabaseLogo`, a user-facing title ("Missing
authorization link"), warning admonition, and "Back to dashboard" —
matching the error screen and CLI missing-params pattern.
- **Router not ready**: `authorize.tsx` shows
`ApiAuthorizationLoadingScreen` instead of `null`.
- **Empty requester**: `ApiAuthorization.Valid.tsx` renders
`ApiAuthorizationErrorScreen` instead of returning `null`.

Tests updated in `ApiAuthorization.test.tsx`; added `authorize.test.tsx`
for router-not-ready loading.

| Before | After |
| --- | --- |
| <img width="524" height="455" alt="Authorize API Access
Supabase-DCB404EC-7D65-4DD1-A6E0-B720DC765DA7"
src="https://github.com/user-attachments/assets/8d2b68fc-e008-4145-aa74-3154a883083c"
/> | <img width="524" height="455" alt="Authorize API Access
Supabase-6B642066-D0BE-4EDC-A186-A0290B4B5634"
src="https://github.com/user-attachments/assets/b04bee93-6b23-411f-8e36-9a0fff8a975d"
/> |

## To test

Please do a visual check on `http://localhost:8082/authorize` (no
`auth_id` or other parameters).

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Improved the UI and copy shown when the authorization link is missing.
* Updated behavior to show an explicit error screen when authorization
requester data is unavailable.
* **New Features**
* Added a loading state for the authorization page while router
parameters are initializing.
* **Tests**
* Updated component expectations for the missing authorization and
“unable to load” scenarios.
* Added a page test to verify the loading message when the router is not
ready.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-16 16:19:57 +08:00
Francesco Sansalvadore c713135384 fix(studio): wrappers install state + one-click install (#46697)
- fix install badge state in wrappers detail page
- add "Install" button in top action bar
  - "Install wrapper" if required extensions _aren't_ installed
  - "Add new wrapper" if required extensions _are_ installed
- make wrappers "one-click install" by 
  - showing the required extensions in the CreateWrappersSheet 
  - and automatically installing them on wrapper submission

Only available behind `isMarketplaceEnabled` flag at the moment.

https://github.com/user-attachments/assets/38f5549d-938e-4e2f-a723-53b9a028e9dc
2026-06-09 12:34:20 +02:00
Ivan Vasilov 40c947ebfb fix: Handle non existant columns when sorting tables (#46741)
When a user has sorted by some column in the Table Editor and the column
is deleted, the sort data is wrong so it causes issues. In the general
view in the Table Editor, the error is handled by removing the sort key
when a specific error is detected but it can still happen in
ForeignRowSelector.

To test:
1. Have 2 tables with references between them.
2. In the `sessionStorage`, under the `supabase_grid-<ref>` key, update
the sort key to a non-existant column for a table.
3. Try to open the `ForeignRowSelector` for that table by clicking on a
cell in the referencing column.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Sorting now validates referenced columns and ignores invalid sort
entries.
* Local sort restoration and UI sort application now derive sorts from
the original table context for more consistent behavior across editors
and popovers.
* Prefetch logic uses the resolved table context when falling back to
saved sorts.

* **Tests**
* Added cases for malformed and out-of-scope sort parameters to prevent
regressions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-09 12:30:13 +02:00
Danny White 35df570342 feat(studio): move /authorize to connect interstitial (#46359)
> [!CAUTION]
> The `do-not-merge` label has been applied because this contains mocks
for easier review and testing. I'll remove those mocks before merging.

## What kind of change does this PR introduce?

Feature. Part of the shared Connect UI (interstitial) rollout. Previous
slices: #46058, #45909, #45862.

## What is the current behavior?

The `/authorize` MCP/OAuth consent screen uses the old `Card`/`Alert`
layout.

## What is the new behavior?

- Wraps all `/authorize` states in `InterstitialLayout` (the shared
full-screen centered card used across Connect flows)
- Shows a quiet footnote below the Cancel button ("Authorizing will
redirect you to \<url\>") for non-localhost redirect URIs, so users can
verify the destination before approving. No extra friction for localhost
flows (local MCP servers)

| Before | After |
| --- | --- |
| <img width="692" height="997" alt="Authorize API access
Supabase-F6C3747A-5077-43D8-A509-3E16B1DDC168"
src="https://github.com/user-attachments/assets/e86dde34-94cb-48ef-b026-66aac9122df6"
/> | <img width="692" height="997" alt="Authorize API Access
Supabase-FE6FD8B3-1159-4EA5-94D7-EA5CEA7A25F3"
src="https://github.com/user-attachments/assets/c1a94a44-51d9-40d8-8046-f3104a27b929"
/> |
| <img width="692" height="997" alt="Authorize API access
Supabase-86742351-3521-4B62-AF87-403CB7E7F4F5"
src="https://github.com/user-attachments/assets/41cff7af-b9e4-4a20-a979-7148b4220265"
/> | <img width="692" height="997" alt="Authorize Cursor
Supabase-B665B4A4-600F-462B-8C97-84B171EC3103"
src="https://github.com/user-attachments/assets/804286f2-ce51-45ab-bb3f-315f8ac62445"
/> |
| <img width="692" height="997" alt="Authorize API access
Supabase-C73DC3D0-8646-4E6E-A259-3E84AE46DAF2"
src="https://github.com/user-attachments/assets/8f285edb-438f-4262-9faa-f1133c679ed4"
/> | <img width="692" height="997" alt="Authorize Cursor
Supabase-FEA86625-27D5-4DB5-B4D4-1A2CB804E56E"
src="https://github.com/user-attachments/assets/b54f2ceb-e1cf-4c7e-be3f-8e1b0942e9a4"
/> |
| <img width="692" height="997" alt="Authorize API access
Supabase-48E0C7CB-DDDD-4305-B821-F3BEB52C4A4E"
src="https://github.com/user-attachments/assets/7d123c57-e05d-408c-8df9-d747a3afd714"
/> | <img width="692" height="997" alt="Authorize Cursor
Supabase-CE8F9905-FAE0-4C06-B77A-9F269B2100FE"
src="https://github.com/user-attachments/assets/9f403b83-5de3-43c8-a592-c3022e041243"
/> |
| <img width="692" height="997" alt="Authorize API access
Supabase-E37D2CD5-476F-4F49-A5FB-631B265025DC"
src="https://github.com/user-attachments/assets/3d235315-d7c0-4279-b23f-e8b595888511"
/> | <img width="692" height="997" alt="Authorize Cursor
Supabase-DF078AEB-BB78-4647-9FA2-5D5403CCA5D6"
src="https://github.com/user-attachments/assets/53d51718-8707-4b97-9cbe-8e523f4ce0e0"
/> |
| <img width="692" height="997" alt="Authorize API access
Supabase-D6F6817F-D8DD-4D55-85BB-A15100814AAB"
src="https://github.com/user-attachments/assets/c80c5579-772a-4dfe-a247-b0b9772b9690"
/> | <img width="692" height="997" alt="Authorize Cursor
Supabase-E457B580-9786-43AD-9CF9-FE4F5BB8E785"
src="https://github.com/user-attachments/assets/30c47b05-edf5-4380-a2f1-aedb99482540"
/> |
| <img width="692" height="997" alt="Authorize API access
Supabase-4F3D6AA4-E2E3-4526-B391-49B6E0861911"
src="https://github.com/user-attachments/assets/ffbe5b65-6eef-49d7-95f1-c29072c320b8"
/> | <img width="692" height="997" alt="Authorize Cursor
Supabase-CA9FFCC9-4CA2-4718-AD49-B02D86C6EF6A"
src="https://github.com/user-attachments/assets/8fd7ff39-19f5-4414-af13-3821290735b2"
/> |
| <img width="692" height="997" alt="Authorize API access
Supabase-E507B7A5-9AD0-4F17-8743-63A7B47D171A"
src="https://github.com/user-attachments/assets/1639b5cc-69c4-4a43-b049-6f989e2cdbb1"
/> | <img width="692" height="997" alt="Authorize Cursor
Supabase-9844BB27-2429-4BA6-BD36-1AB54099F44F"
src="https://github.com/user-attachments/assets/a94b88e2-9c2f-4941-840a-5182342bb335"
/> |
| <img width="692" height="997" alt="Authorize API access
Supabase-27684173-9DBB-4F6E-9F7F-87EFD4E10A5F"
src="https://github.com/user-attachments/assets/91794c96-8a81-4d83-9c97-01d134639676"
/> | <img width="692" height="997" alt="Authorize Cursor
Supabase-04E31F7B-D098-4814-A394-01CE3D3E5A51"
src="https://github.com/user-attachments/assets/ba0284a3-363c-4aa5-9e4a-c378aed9c42c"
/> |
| <img width="692" height="997" alt="Authorize API access
Supabase-207CBC69-4957-499C-92E8-163F2B34C8AD"
src="https://github.com/user-attachments/assets/1bafedd2-bba8-473c-ba57-637289f1c940"
/> | <img width="692" height="997" alt="Authorize API Access
Supabase-C1627071-4AE2-4012-8F7C-4E6D883618A3"
src="https://github.com/user-attachments/assets/a6fc6125-3c1e-4b8c-821a-c3c9f32f3cc0"
/> |

## To test

A mock toolbar is included for easy local testing. Navigate to
`/authorize?mock=loading` and then switch between the following
variants:

| State | What to check |
| --- | --- |
| `loading` | Shimmer skeleton inside the card |
| `ready` | Regular waiting state |
| `approving` | Authorize button shows spinner, both buttons disabled |
| `approved` | Success admonition: "Authorization approved" |
| `expired` | Warning admonition: "Authorization request expired", no
action buttons |
| `organizations-loading` | Org selector shimmer, no action buttons |
| `organizations-error` | "Unable to load organizations" admonition, no
action buttons |
| `empty` | "No organizations found" admonition, no action buttons |
| `not-member` | "Organization unavailable" admonition, no action
buttons |
| `error` | "Unable to load authorization" error screen |

Then please test the `organization_slug` prefill:
`/authorize?mock=ready&organization_slug=<your-org-name-here>`. That org
selector should be pre-selected and locked.

To test against a real OAuth app, use a registered app on
`supabase.green` — the mock states cover all edge cases but a live
round-trip confirms the approve/decline API calls.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

## Release Notes

* **New Features**
* Added mock preview functionality for testing API authorization and
Connect flows
* Introduced collapsible, grouped permissions view for OAuth
authorization requests

* **Refactor**
* Redesigned API authorization screens with improved layout and
messaging
  * Restructured permissions display for better organization and clarity

* **Bug Fixes**
  * Fixed inline link underline decoration color

* **Tests**
  * Updated authorization flow test assertions to match new UI behavior

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46359?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Ali Waseem <waseema393@gmail.com>
2026-06-08 10:51:04 -06:00
Ali Waseem a776b54863 fix(studio): show role permission descriptions in edit access drawer (#46627)
Mirrors the recent invite drawer change (#46515) on the edit access
drawer. Each role option now describes its permissions via the shared
\`ROLE_DESCRIPTIONS\` map instead of showing just the role name.

Closes FE-3524.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Role selection in Team Settings now shows full, role-specific
permission descriptions and appends any disabled-reason details for
clarity.

* **Tests**
* Added integration tests covering the role panel UI: role listing,
selected role label, documentation link, role-specific descriptions, and
an admin-safety notice; includes test environment compatibility stubs
for animations and routing.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-04 07:41:39 -06:00
Ali Waseem 3e7d8d0f68 chore: Update styling and more descriptive information for roles when inviting members (#46515)
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES

## What kind of change does this PR introduce?
- Better role selector thats actually more helpful with descriptions
- More tests with MSW
- Refactored to a side panel due to more information being presented in
the modal

## How to test
- Try inviting members to an org
- Make sure members can still be revoked!

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Team member invitation interface redesigned from modal dialog to side
panel.
* Role selection now displays as an interactive radio list with
descriptions for each role.
* Improved form layout with horizontal organization for better
usability.

* **Tests**
* Added integration and unit tests for team member invitation
functionality.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-02 07:34:22 -06:00
Ali Waseem 6236ee9ef9 POC: bring back MSW to remove the pattern of vi.mock (#46439)
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES

## What kind of change does this PR introduce?

Right now our tests for API mocking is using vi.mock and mocking that
query or fetch handler. This is not the right approach IMO, 2 years ago
@jordienr added MSW with some very powerful helpers. The idea is to move
component test that rely on API using MSW within ViteTest. Principles
are simple:
- Mock API responses
- Mount your component that uses API responses
- Tests and assert on UI 
- Added Skill for Clanker

This pattern is 100 times better than what we have

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Tests**
* Expanded and strengthened test suites for secrets, org lookup, support
flows, OAuth auth, and onboarding; mocks now use contract-backed
responses for more realistic coverage.

* **Documentation**
* Added a comprehensive guide describing a standardized pattern for
component tests that mock network requests.

* **Chores**
* Improved test helpers, typing for API mocks, and test runner
configuration for more reliable and maintainable tests.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46439?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Alaister Young <alaister@users.noreply.github.com>
Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
2026-05-28 12:58:50 +00:00
Kanishk Dudeja ba77d15d41 chore(billing): remove billing address modal and tax id banner (#46210)
This PR removes the billing address modal and tax id banner code
completely since we no longer need it.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Removed Features**
  * Billing address update modal is no longer accessible.
  * Tax ID banner has been removed from the app UI.
  * Placeholder banner block disabled.

* **Tests**
  * Automated tests for the billing address modal were removed.

* **Chores**
  * Associated local-storage key for the tax ID banner was removed.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46210?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-21 18:30:18 +05:30
Gildas Garcia 4e86c39ea1 chore: remove <ContextMenu> _Shadcn_ suffix (#45971)
## Problem

The `_Shadcn_` suffix isn't needed anymore on `<ContextMenu_Shadcn_>`
and related components

## Solution

Remove it. No other changes

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Refactor**
* Replaced legacy context-menu component variants with the unified UI
context-menu components across the app for consistent rendering and
imports; behavior and menu content remain unchanged.
* **Tests**
* Updated a test mock to track the unified context-menu component mount
count.
* **Chores**
* Simplified UI package re-exports to expose the canonical context-menu
symbols.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45971)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-15 15:09:25 +02:00
Danny White 205ab69061 feat(studio): move CLI login to connect interstitial (#45814)
## What kind of change does this PR introduce?

Feature / UI refactor

## What is the current behaviour?

The CLI browser login route still uses the older API authorisation
layout and redirects missing or failed sign-in session states to generic
404/500 pages.

## What is the new behaviour?

Moves `/cli/login` onto the shared connect interstitial layout as the
next small stacked slice after the organisation invite work.

This keeps the real CLI login contract intact while updating the
surface:
- creates the CLI login session from `session_id`, `public_key`, and
optional `token_name`
- redirects to the generated `device_code`
- renders missing-parameter and session-creation failures in-card
instead of redirecting away
- keeps the 8-character verification code selectable and copyable as a
single string
- uses a full-width primary `Copy code` action

This also adds the small shared interstitial helpers needed by this
surface and adjusts `CopyButton` so the copied check icon inherits the
primary button colour instead of turning green.

This also removes the CLI version admonition:

> Browser login flow requires Supabase CLI version 1.219.0 and above.

I checked with our stats and the CLI team. The vast majority of users
are on a newer version.

| Before | After |
| --- | --- |
| <img width="1024" height="759" alt="Authorize API access
Supabase-D1E3CF26-BD59-4BB2-B457-B552EE47E3DA"
src="https://github.com/user-attachments/assets/c89b8b13-fa98-41b7-8093-e59d15b2aa9e"
/> | <img width="1024" height="759" alt="Authorize CLI
Supabase-C9977F21-88B8-441B-8A2C-09A9515935B0"
src="https://github.com/user-attachments/assets/ca13b65a-3875-425c-b73b-8f2101c1e406"
/> |
| <img width="1024" height="759"
alt="Supabase-F42FBEAF-F74D-4920-8A51-7C25004F66D5"
src="https://github.com/user-attachments/assets/51adb1e6-a2fb-41fb-b36f-0ae466fe60e2"
/> | <img width="1024" height="759" alt="Authorize CLI
Supabase-8159A1B1-2594-4183-AC35-FEF1EFD4EA37"
src="https://github.com/user-attachments/assets/6f143218-795d-41c9-a8e1-52e529a6b988"
/>
| <img width="1024" height="759"
alt="Supabase-2506E468-9F42-44B9-A5B7-BC4D3777F552"
src="https://github.com/user-attachments/assets/a304fca5-cf26-4ae7-abe9-77cdbc21fba5"
/> | <img width="1024" height="759" alt="Authorize CLI
Supabase-A0EE1239-A345-427C-9CF7-997037A8FC0E"
src="https://github.com/user-attachments/assets/33118777-35f3-49d6-bc1e-30e7124b3677"
/> |
| <img width="1024" height="759" alt="Authorize API access
Supabase-A7B84CA6-D230-4C3E-9227-DE21CE35375C"
src="https://github.com/user-attachments/assets/78eb6296-035a-4201-b254-b97eda44443c"
/> | <img width="1024" height="759" alt="Authorize CLI
Supabase-F55E26B2-609B-449C-9C64-08AA90AE3D1E"
src="https://github.com/user-attachments/assets/ff7b3b4e-729c-4681-844d-2d5d94bfc084"
/> |

## Testing instructions

Use the Vercel preview URL for this PR once it is available. The
examples below use `<preview-origin>` as a placeholder, for example
`https://studio-git-dnywh-feat-cli-login-interstitial-supabase.vercel.app`.

You need to be signed in to Studio to see these states because
`/cli/login` is still behind `withAuth`.

Ready state:
- Open `<preview-origin>/cli/login?device_code=ABCD1234`
- Check the page title is `Authorize CLI | Supabase`
- Check the card title is `Authorize Supabase CLI`
- Check the code fills the width, uses the normal sans font, and can be
selected
- Drag-select the code and copy it; the clipboard should contain
`ABCD1234`, not one character per line
- Click `Copy code`; the button should show the usual copied success
state without a green check icon on the primary button

Missing parameters state:
- Open `<preview-origin>/cli/login`
- Check the card says `Missing sign-in parameters` and names the missing
`session_id` and `public_key` parameters
- Open `<preview-origin>/cli/login?session_id=session-test`
- Check it still stays in-card and names the missing `public_key`
parameter instead of redirecting to `/404`

Creation error state:
- Open
`<preview-origin>/cli/login?session_id=not-real&public_key=not-real&token_name=local-dev`
- Check it stays in-card with `Unable to create CLI sign-in` instead of
redirecting to `/500`
- The exact error detail can vary by environment; the important bit is
that the failure is shown inside the interstitial card

Loading state:
- This is transient because there are no production mocks in this slice
- To inspect it manually, throttle the browser network before opening a
session-creation URL such as
`<preview-origin>/cli/login?session_id=not-real&public_key=not-real`

Real CLI flow:
- Run the browser login flow from Supabase CLI as usual
- When the CLI opens a Studio URL, keep the path and query string but
replace the origin with the PR preview origin
- The page should create the login session and then route to
`/cli/login?device_code=<8 character code>`
- Enter that 8-character code back in the CLI prompt


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Redesigned CLI login flow with clearer state-driven screens and
improved verification UI.
* Added a small paired-logo component for centered logo pairs with a
connector icon.

* **Improvements**
* Copy button behavior and styling refined for consistent visual
feedback across variants.

* **Tests**
* New unit tests covering copy-button behavior and multiple CLI login UI
flows.

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45814)
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-13 11:14:38 +10:00
Danny White 9660b0075c refine organisation invite state helpers (#45813)
## What kind of change does this PR introduce?

Code cleanup. Follow-up to #45774.

## What is the current behavior?

The organisation invite interstitial derives invite states, titles, and
descriptions from nested conditional logic in the component. That makes
the component harder to scan and pushes too much state coverage into
render tests.

## What is the new behavior?

See #45774 for screenshots of the general UI before-and-after (which
this one builds upon). That PR also contains testing instructions.

Extracts the invite status and content decisions into small pure
helpers, then covers those helpers with focused unit tests.

The component keeps the user-facing render and interaction coverage,
including the invalid lookup regression where a 404 should render the
invalid invite state instead of raw backend copy.


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Refactor**
* Improved organization invite flow with enhanced error state handling
for expired, invalid, and wrong-account scenarios.
* Better consistency in error messages and user guidance throughout the
invite process.

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45813)

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-13 10:40:41 +10:00
Danny White 791fc74412 feat(studio): shared connect layout for organisation invites (#45774)
## What kind of change does this PR introduce?

Feature. Part of DEPR-279.

## What is the current behavior?

The organization invite page has its own bespoke centered card and
page-level Supabase logo.

## What is the new behavior?

Introduces a minimal shared interstitial layout and migrates `/join`
onto it as the first small connect-surface slice. The invite API and
accept-invite mutation paths are unchanged.

| Before | After |
| --- | --- |
| <img width="1024" height="794"
alt="Supabase-F2325C57-D5DE-445D-8083-12EF8A1EE0CA"
src="https://github.com/user-attachments/assets/b23dcc7a-c649-4b59-9393-9232d74f0c6b"
/> | <img width="1024" height="794" alt="Join Organization
Supabase-66CDA329-0531-4B12-AC32-A7E21931F876"
src="https://github.com/user-attachments/assets/454917ce-1a96-4e50-b003-6c16a541b39a"
/> |
| <img width="1060" height="822" alt="CleanShot 2026-03-13 at 11 04
43@2x-2616AECB-8203-4439-A1CD-45AB18FC4CA8
1-584A0600-CCE0-4F16-9111-9BEB94BE85EC"
src="https://github.com/user-attachments/assets/871c7dcb-120e-40cd-afc8-2cec95e4b7ae"
/> | <img width="1024" height="794" alt="Join Organization
Supabase-26AD978E-4CF9-4600-9885-082084349E94"
src="https://github.com/user-attachments/assets/ee9bfaff-dde4-4366-abae-77dc8a95c4ef"
/> |
| <img width="1024" height="794"
alt="Supabase-4993D74C-D62B-43B7-9681-826BE1591AC4"
src="https://github.com/user-attachments/assets/1c411ae0-90e7-481d-a4cc-3eac26267291"
/> | <img width="1024" height="794" alt="Join Organization
Supabase-C84D4E4C-24F5-463D-B1D6-D11D3256596F"
src="https://github.com/user-attachments/assets/688387a4-3c49-41db-b89c-7c5531e91aed"
/> |
| <img width="1024" height="794"
alt="Supabase-D9BD2601-98A4-489D-A51D-CEB73F51FA6F"
src="https://github.com/user-attachments/assets/6d1da65f-d655-4047-9f6a-db65f8c0a729"
/> | <img width="1024" height="794" alt="Join Organization
Supabase-50065F40-179A-4BD6-8F1D-6106FFD8A15C"
src="https://github.com/user-attachments/assets/e61809f9-dcec-4e51-ba94-91b04010ec50"
/> |

## Testing notes

Staging invite emails are generated with the fixed staging dashboard
origin, for example:

```text
https://supabase.green/dashboard/join?token=...&slug=...
```

To test this PR preview with a real invite token, keep the path and
query string from the email but replace the origin with the Vercel
preview origin, for example:

```text
https://studio-staging-git-dnywh-featconnect-interstitial-join-supabase.vercel.app/dashboard/join?token=...&slug=...
```

### Manual state checks

- **Signed out:** open the swapped invite URL in an incognito window or
a browser signed out of Studio. Expected: `View invitation`,
sign-in/create-account actions, and no loading skeleton hang.
- **Wrong account:** sign in to the PR preview as an account that is not
the invite recipient, then open the swapped invite URL. Expected: `Wrong
account`, warning callout, and `Sign out`.
- **Happy path:** sign in as the invited email address, then open the
swapped invite URL. Expected: `Join {Organization}`, signed-in account
row, `Accept invite`, and `Decline`. Accepting should join the
organization.
- **Invalid token:** alter one character in the token in the swapped
invite URL. Expected: invalid invite state.
- **No longer valid:** accept the invite once, then open the same
swapped invite URL again. Expected: no-longer-valid/already-used state,
depending on the backend response.

### Test-covered states

Expired invites, generic backend error, loading, and
create-account-disabled states are harder to force manually in staging.
They are covered by `tests/components/OrganizationInvite.test.tsx`.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Refactor**
* Redesigned the organization invitation experience with an interstitial
layout, clearer early-return flows for signed-out, loading,
expired/invalid, wrong-account, and accepted-invite states; primary CTA
now reads “Accept invite”.
* Streamlined error and sign-out flows with clearer, focused messaging.

* **New Features**
* Added a reusable interstitial layout and compact account row for
invitation screens.

* **Tests**
* Added comprehensive tests covering invite states, accept/decline
actions, and error handling.

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45774)
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-12 10:41:47 +10:00
Ali Waseem 153f2619bc feat(studio): show expand affordance for large SQL result cells (#45589)
## Summary

- Adds a hover-revealed expand button to SQL result cells whose value is
unlikely to fit on one line (objects, arrays, strings >60 chars, or
strings with newlines). Clicking opens the existing `CellDetailPanel`
for that cell.
- Switches the expand state from a boolean tied to the selected cell to
a direct `{ column, value }` reference, so the context menu and the new
button both target the right-clicked / clicked cell.
- Extracts the per-cell renderer into its own `ResultCell` component to
keep `Results.tsx` digestible and the new affordance isolated.
- Covers the new logic with exhaustive `isLargeValue` unit tests and a
`ResultCell` component test (visibility, click, right-click).

Linear: [FE-3130](https://linear.app/supabase/issue/FE-3130)

## Test plan

- [x] Run a SQL query that returns mixed cell types (short strings, long
strings, JSON objects, arrays, nulls) and confirm the expand button
appears only on cells where content is likely truncated.
- [x] Hover a large cell and click the expand button — `CellDetailPanel`
opens with the correct column + value.
- [x] Right-click a large cell and choose "View cell content" — same
panel opens with the right cell.
- [x] Right-click a small cell and "Copy cell content" — clipboard
contains the raw value.
- [x] Resize a column wider than its content and confirm the button
still positions correctly.
- [x] `pnpm vitest` for `Results.utils.test.ts`, `Results.test.tsx`,
`ResultCell.test.tsx` — all green.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Enhanced SQL result cells with automatic detection and expansion
functionality for large values (exceeding 60 characters or containing
line breaks)
  * Added expand button to view full cell content directly in results
  * Integrated right-click context menu for cell content options
  * Improved display of null values in query results

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-05 11:00:09 -06:00
Samir Ketema ee5d4a9314 chore: remove format param from audit log query (#45466)
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES

## What kind of change does this PR introduce?

Cleanup after shipping https://github.com/supabase/supabase/pull/45389,
the backend is now defaulting to the new v2 `format`, and made `format`
param optional.

So this:
- removes references to `v2` naming, as this is the only format
- removes the `format` query param from the audit logs API calls

## What is the current behavior?

Same audit log functionality shown in
https://github.com/supabase/supabase/pull/45389

## What is the new behavior?

Functionally the same behavior for audit logs.

- [x] Manual test in staging

## Additional context

⚠️ Will leave the `do-not-merge` tag on until:
- [ ] backend `format` optional PR lands in production.


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Refactor**
* Consolidated audit log type definitions and updated internal API
request formatting for audit endpoints across Account and Organization
audit log components. No changes to user-facing functionality or audit
log display.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-04 16:24:44 -07:00
Danny White e540f9089f fix(studio): restore Safari table editor cell copy and context menu (#45353)
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES

## What kind of change does this PR introduce?

Bug fix.

## What is the current behavior?

- Safari Table Editor cells fail to copy from a focused cell with `⌘C`.
- Safari right-click can show the browser menu instead of the custom
cell menu.
- Copy can leave RDG's copied-cell fill behind.

## What is the new behavior?

- Reuses the existing shared `copyToClipboard(value, onSuccess)`
pattern, with the Safari clipboard fix inside that util.
- Handles selected-cell `⌘C` in the RDG keydown path, preventing
browser/RDG defaults and showing the success toast only after copy.
- Replaces the row-level synthetic context-menu shim with RDG's
`onCellContextMenu`, so we prevent Safari's browser menu at the source
and select/focus the target cell.
- Keeps the selected-cell outline while the controlled menu is open.

## Additional context

- `RowRenderer` was only supporting the old context-menu shim; removing
it is part of moving to RDG's cell event path.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

## Release Notes

* **New Features**
* Context menu now provides feedback with toast notifications when
copying cells or rows.
* Selected cells retain their visual styling when context menu is open.

* **Bug Fixes**
  * Improved keyboard shortcut handling for copy functionality.
  * Enhanced clipboard error handling with user-friendly error messages.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Ali Waseem <waseema393@gmail.com>
2026-05-04 11:34:28 +10:00
Samir Ketema d666b950ff feat: update audit log schema & UI (#45389)
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES

## What kind of change does this PR introduce?

- Update to the audit log schema (changes were already applied in
staging)
- Updates the org & project audit log page to reflect the changes to the
schema
- The schema should be agnostic to whether logs were emitted to logflare
with the old & new schema format - the backend adjusts old logs to the
new format.

## What is the current behavior?

Currently, the frontend is parsing the legacy schema as the backend
returns this by default. It also doesn't show some of these new fields
yet.

## What is the new behavior?

### Org Audit Logs - Table View
<img width="1810" height="1310" alt="CleanShot 2026-04-29 at 18 27 22"
src="https://github.com/user-attachments/assets/47fec068-1ffa-4e52-bc46-3bffdef55adb"
/>

### Org Audit Logs - Single log View

<img width="1842" height="1494" alt="CleanShot 2026-04-29 at 18 27 37"
src="https://github.com/user-attachments/assets/3cff3bdf-4a6a-4981-acaa-7f95bb3ae9cf"
/>

Note that the `Target` field is no longer there. We just show the
`metadata` JSON.
<img width="1842" height="1494" alt="CleanShot 2026-04-29 at 18 27 40"
src="https://github.com/user-attachments/assets/d2e681f0-41a6-4bc7-a3d7-ec7e8101616c"
/>

### Account (Profile) Audit Logs - Table View

<img width="1810" height="1310" alt="CleanShot 2026-04-29 at 18 25 20"
src="https://github.com/user-attachments/assets/c72e19df-9b82-4611-8889-7af463769550"
/>

### Account (Profile) Audit Logs - Single log View

<img width="1810" height="1310" alt="CleanShot 2026-04-29 at 18 25 32"
src="https://github.com/user-attachments/assets/46f8d3b6-4f2f-4944-b891-431a93e5f3c3"
/>

## Additional context

⚠️ currently leaving the `do not merge` tag on, until:
- [x] I have verified it works in staging
- [x] We've deployed the new schema to production


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Audit logs now use the v2 format with microsecond-accurate timestamps,
improved ordering, and a revamped details panel showing clearer
actor/action/request/project/org fields and fallback labels.
* Page/header layout updated so audit logs render at top level with
adjusted spacing.

* **Refactor**
* Shared sorting and filtering utilities added for consistent
user/project filtering and non-mutating log sorting.

* **Tests**
* Added tests for timestamp conversion, sorting, filtering, and
date-range formatting.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-30 13:52:16 -07:00
Samir Ketema 8454ec241d feat: add batch email org invites (#44832)
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES

## What kind of change does this PR introduce?

Feature

## What is the current behavior?

When sending organization invites to multiple emails at once, the
invitations API is called once for each email passed, passing a single
email address in the `email` field.

## What is the new behavior?

A single request is used when sending multiple organization invites at
once, by using the new `emails` field.

## Additional context

This builds further on https://github.com/supabase/supabase/pull/42637

⚠️ Note: I'd like to merge this after getting the API changes in first:
https://github.com/supabase/platform/pull/31561


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Bulk invite: paste comma-separated emails (parsed, trimmed,
deduplicated, lowercased) and send as a single batched request; inputs
are categorized into new, already-invited, and existing members.
  * SSO and project scope options included in invite payloads.

* **Bug Fixes / API**
* Invitation endpoint now accepts multiple emails; resend uses
multi-email format. Invalid addresses are blocked, existing members are
skipped with error toasts, and overall success is reported with the
dialog closing after invite.

* **Tests**
* Added unit and UI tests covering parsing, categorization, payload
building, validation limits, and invite flows.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Danny White <3104761+dnywh@users.noreply.github.com>
2026-04-23 18:02:08 +00:00
Ignacio Dobronich cfce3c7efc refactor: save tax ID via customer update endpoint (#44728)
## Summary

- Consolidate tax ID saving into the `PUT
/organizations/{slug}/customer` endpoint instead of using a
separate `/tax-ids` endpoint


## Test plan

### Updating billing information
From the billing dashboard`/org/_/billing`:
- [ ] Manually test updating billing address + tax ID from org billing
settings - single API call should save both
- [ ] Clear the Tax ID in the org, save and assert that it has been
deleted
- [ ] Modify all the fields in the address form, including TaxID. Click
"Cancel" and assert that everything has returned to the previous values.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Refactor**
* Billing address and tax ID updates are now sent in a single update
operation.
* Error messaging for billing updates consolidated into a single failure
notification.
* Tax ID handling clarified: you can clear tax ID explicitly or leave it
unchanged; omitting address fields no longer overwrites existing
address.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 09:49:57 -03:00
Charis 205cbe7d26 chore(studio}: enforce import order, remove bare import specifiers (#44585) 2026-04-07 20:34:10 -04:00
Ali Waseem fbb0770b47 fix(studio): AI assistant results make page unresponsive (#44578)
## Summary

Fixes https://linear.app/supabase/issue/FE-2941

- Replaced per-cell `ContextMenu_Shadcn_` in SQL result tables with a
single shared instance
- Each Radix ContextMenu registers a `keydown` listener on `document`
via `useEffect`. With 1000+ row result sets, this created thousands of
document-level listeners. Chrome trace showed listeners growing from 21k
to 347k, with every keystroke taking ~250ms (70k+ function calls per
long task)
- Fixed DataGrid not rendering in Firefox by using flex layout instead
of `height: 100%` for sizing
- Fixed double scrollbar in QueryBlock results by making the container a
flex column and removing `overflow-auto`
- Moved format utils into `Results.utils.ts`

## Test plan

The `Results` component and `QueryBlock` are used in several places.
Each should be verified:

- [x] **AI Assistant** — Have the assistant run a query returning 1000+
rows. Verify the page stays responsive while typing and there is only a
single scrollbar on the results table
- [x] **AI Assistant (Firefox)** — Same as above but in Firefox. Verify
the results table actually renders
- [x] **SQL Editor results panel** — Run a query in the SQL Editor.
Verify results render correctly with a single scrollbar in the utility
panel
- [x] **SQL Editor explain tab** — Run an EXPLAIN query. Verify explain
results render
- [x] **Editor Panel** (used in Table Editor SQL preview) — Verify
results display correctly
- [x] **Context menu** — Right-click a cell in any of the above and
verify "Copy cell content" and "View cell content" still work

## Traces
<img width="891" height="599" alt="image"
src="https://github.com/user-attachments/assets/6e1b710b-ca9e-4748-9369-d03457d80206"
/>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Fixed context menu behavior so it opens at the cursor and is
instantiated once.
* Improved clipboard copy formatting for cell values; NULLs copy as
empty and cells render as "NULL".

* **Style**
* Adjusted table layout and scrolling behavior to improve results
container sizing.

* **Tests**
* Added tests for results rendering, context-menu behavior, and
cell/clipboard formatting utilities.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-06 13:04:24 -06:00
Usama Nadeem 33c890f564 fix(studio): allow selecting columns for empty-cell NULL conversion on CSV import (#44515)
Bug fix / enhancement to an existing Studio import flow.

## What is the current behavior?

Studio currently supports converting empty CSV cells to `NULL`, but the
behavior applies across all imported columns. That makes it impossible
to preserve empty strings in some columns while still treating empty
cells as `NULL` in others.

This follows up on the earlier CSV import fix discussed in #43281, which
addressed the underlying issue reported in #43258.

## What is the new behavior?

This PR updates the CSV import flow so users can choose exactly which
imported columns should convert empty cells to `NULL`.

The import flow now:
- keeps all imported columns selected by default for
backwards-compatible behavior
- lets users narrow that selection down to specific columns
- keeps preview behavior aligned with the actual inserted data

## Additional context

I manually verified the full create-table-from-CSV flow locally in
Studio, including saving the imported data and confirming that only the
selected columns were persisted as `NULL` while other empty cells
remained empty values.

Formatting was checked with Prettier.
A direct production build run was started locally, but the Next.js build
process remained running without producing a final result during this
session, so I am not claiming a completed local build verification here.

## Related issues

- Fix follow-up for #43281
- Original issue: #43258

## Summary by CodeRabbit

## Release Notes

* **New Features**
* Added a "Set empty cells as NULL" selector during spreadsheet import,
allowing users to specify which columns should treat empty strings as
NULL values rather than converting all nullable columns automatically.
* Enhanced import preview to display NULL representation for selected
empty-string columns.

* **Tests**
* Added test coverage for selective empty-string-to-NULL conversion
behavior.

---------

Co-authored-by: Charis Lam <26616127+charislam@users.noreply.github.com>
2026-04-06 12:35:07 -04:00
Charis 6563dc7998 refactor: authorize page (#44522)
Refactor authorize page to move Next.js dependencies into the page shell
and have Next.js-agnostic code for the core logic. Add unit tests for
authorize screen.

## Summary by CodeRabbit

* **New Features**
* New end-to-end API authorization UI: loading, error, invalid,
approved, and main approval screens.
* Organization selector with preselection, create-organization link, MCP
warning, expiration handling, and approve/decline actions.
  * Improved page title handling via layout/head provider.

* **Tests**
* Added comprehensive component tests covering loading, error, approval
flows, organization states, validation, and side effects.
2026-04-06 10:02:56 -04:00
Giuseppe Mandato 2335906d08 feat(read-replicas): bump up max read replicas for small instances (#44027)
INDATA-193
BACKEND: <https://github.com/supabase/platform/pull/30575>

<img width="1199" height="1005" alt="Screenshot 2026-04-03 at 11 54 29"
src="https://github.com/user-attachments/assets/38e9d676-449f-45c0-9e07-f273312a812f"
/>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Refactor**
* Consolidated read replica limit configuration to provide more
consistent behavior across different compute tiers.

* **Tests**
* Added comprehensive test coverage for read replica eligibility checks
and replica limit calculations based on compute tier.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-03 13:04:49 +00:00
Kanishk Dudeja be3737d9d0 feat(billing): use Stripe AddressElement for billing address form (#44105)
### Summary

This PR refactors the billing address form to use Stripe AddressElement
on both the org billing page and the missing-address modal, adding
Google Maps autocomplete and country-aware state/province inputs.

### Testing

- Address element renders on org billing page, autocomplete works, and
state/province options update per country.
- Existing billing address data loads correctly into the form.
  - Need to verify this with invalid country/state as well.
- Save enables only when the form is dirty after editing address or tax
ID fields.
- Cancel restores both address and tax ID to the original values.
- Submitting with missing required address fields shows a validation
toast.
- Tax ID options are filtered by the selected billing country.
- Tax-ID-only edits submit successfully without interacting with the
address form.
- Without billing write permission, address fields are read-only.
- Update billing address modal behaves the same as the org billing page.
- Address element appearance looks correct in both light and dark mode.
- Payment method form remains unchanged and still uses floating labels.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Billing form now uses Stripe Address Element via Stripe Elements with
an embedded custom font and theme-aware appearance; tax-ID entry remains
separate.

* **Bug Fixes**
* Stronger address validation and submit gating, improved dirty-state
tracking, explicit save confirmation and reset behavior, and clearer
error toasts on update failures.

* **Tests**
* Expanded tests covering hook behavior, address element validation,
submit gating, payloads, reset, and permission scenarios.

* **Style**
  * Adjusted billing email form spacing/layout.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-01 15:41:54 +05:30
Usama Nadeem 55e0b34a18 fix(studio): add option to treat empty CSV cells as NULL on import (#43281)
When importing a CSV file, empty cells were always imported as empty
strings with no way to import NULL values instead. This adds a "Treat
empty cells as NULL" checkbox to the import configuration panel.

When enabled, PapaParse's transform option converts empty strings to
null before the data is parsed and previewed, so the imported rows
correctly contain NULL rather than empty strings.

Fixes #43258.

## What kind of change does this PR introduce?

Bug fix

## What is the current behavior?

Empty cells in a CSV file are always imported as empty strings with no
way to import NULL values instead. Fixes #43258.

## What is the new behavior?

"Treat empty cells as NULL" checkbox is added to the import
configuration panel. When enabled, empty cells are imported as NULL
instead of empty strings. Toggling the checkbox instantly re-parses the
preview.

## Additional context

The fix uses PapaParse's transform option to convert empty strings to
null before parsing. Applies to both file uploads and pasted text.

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Charis Lam <26616127+charislam@users.noreply.github.com>
2026-03-31 11:05:08 -04:00
Kanishk Dudeja c55908bbf0 chore(billing): make update billing address modal non-dismissable (#44127)
### Summary

This PR removes the visible close button from the billing address
required modal to make it non dismissable, since the majority of users
on paid orgs are still not filling their billing address.

The modal already prevents dismissal via Esc and outside/backdrop
interaction, and this change preserves that behavior. The existing
submit flow is unchanged, so the modal still closes after a successful
billing address update.

### Manual testing:

1. Open Studio in a state where the billing address required modal
appears.
2. Confirm the top-right close button is no longer shown.
3. Press Esc and verify the modal remains open.
4. Click outside the modal / on the backdrop and verify the modal
remains open.
5. Submit a valid billing address and verify the modal closes after a
successful save.

For testing whether an update successfully closes the modal, you can:

- You can create a free org without a billing address
- You will need to tweak this logic (on the frontend)

```
const shouldShow = Boolean(
  IS_PLATFORM &&
  // showMissingAddressModal &&
  org &&
  // org.plan.id !== 'free' &&
  org.organization_missing_address &&
  !org.billing_partner &&
  permissionsLoaded &&
  canBillingWrite
)
```

- Tweak the backend logic which computes `organization_missing_address`
to exclude free orgs

---------

Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
2026-03-24 18:25:58 +05:30
Kanishk Dudeja 5d942e2a46 refactor(billing): allow GB VAT tax IDs for Isle of Man customers (#43640)
### Summary

This PR adds support for Isle of Man customers to use GB VAT tax IDs.
Isle of Man uses the UK VAT system, so Orb requires country: 'GB' for
validation - but the billing address country is IM.

- Adds an IM VAT entry to `TAX_IDS` with a new `taxCountryIso2` override
field, so the UI shows "IM VAT" while sending country: 'GB' to Orb
- Introduces `getEffectiveTaxCountry()` to resolve the correct country
code for Orb
- Introduces `resolveStoredTaxId()` to map stored Orb data back to the
correct UI entry, using billing address country to disambiguate IM vs GB
- Updates all three billing forms to use these utilities: Billing
Settings page, Add Payment Method modal and Update Billing Address modal

### Testing

#### Automated tests

I've added unit tests in this PR

#### Manual tests

You can use the following country/city/postal code combinations to test:

- Isle of Man, Douglas, IM1 2LE
- United Kingdom, Crumlin, BT29 4AA

**Billing Settings page**

- Select Isle of Man as billing country → tax ID dropdown shows "Isle of
Man - IM VAT"
- Select United Kingdom as billing country → tax ID dropdown shows
"United Kingdom - UK VAT" / "United Kingdom - GB VAT" (not "IM VAT")
- Select IM VAT, enter a valid GB VAT number, save → check network tab,
Orb receives country: 'GB'
- Reload page for an IM customer with existing tax ID → "IM VAT" is
pre-selected (not "UK VAT")
- Reload page for a GB customer with existing tax ID → "UK VAT" is
pre-selected (no regression)
- Change country from IM to GB → available tax IDs update, IM VAT no
longer shown

**Add Payment Method modal**

- Open modal for an IM customer with existing tax ID → "IM VAT" is
pre-selected
- Check "I'm purchasing as a business", select Isle of Man in Stripe
address → tax ID dropdown shows "IM VAT"
- Check "I'm purchasing as a business", select United Kingdom in Stripe
address → tax ID dropdown shows "UK VAT" / "GB VAT"
- Submit with IM VAT → check network tab, tax ID is saved with country:
'GB'
- Open modal for a GB customer → no regression, "UK VAT" shown as before

**Update Billing Address modal** 

Appears for paid orgs missing a billing address

- Open modal for an IM customer with existing tax ID → "IM VAT" is
pre-selected
- Open modal for a GB customer with existing tax ID → "UK VAT" is
pre-selected
- Fill in IM address + IM VAT and save → saves correctly, modal closes

---------

Co-authored-by: Ignacio Dobronich <ignacio@dobronich.com>
2026-03-20 21:48:56 +05:30
Kanishk Dudeja 83592b1932 feat(billing): show billing address modal for paid orgs with missing address (#43480)
### Summary

This PR adds a dismissable modal that prompts paid org users to fill in
their billing address. We need billing addresses for tax compliance and
the existing banner hasn't been as effective (~10k orgs still missing).

The modal shows on page load when all of these are true:

- ConfigCat flag `enableBillingAddressModal` is on
- Org is on a paid plan (not free)
- Org does not have billing address set
- Org is not partner-managed
- User has BILLING_WRITE permission on stripe.customer

The modal can be dismissed via the close button, but re-opens on every
page navigation.

Once the user saves a valid address, the organizations query is
invalidated and organization_missing_address flips to false - the modal
stops appearing permanently.

<img width="1256" height="703" alt="Screenshot 2026-03-05 at 4 22 11 PM"
src="https://github.com/user-attachments/assets/57e7d1b8-b3b6-4366-ad23-60910a0defe8"
/>

### Testing

#### Automated Tests

I've added unit tests in this PR

#### Manual testing

Manual test cases:

- Free org - modal does not appear
- Partner-managed org - modal does not appear
- User with "developer role" modal does not appear
- Configcat Flag disabled - modal does not appear
- Dismiss modal, navigate to another page - modal re-opens
- Fill form and save - modal closes and does not reappear
- API failure loading billing data - shows error state with Retry button

---------

Co-authored-by: Ignacio Dobronich <ignacio@dobronich.com>
2026-03-13 09:33:09 -03:00
Francesco Sansalvadore b997b7fb13 feat(studio): org project branch mobile selector (#43238)
- add new
[OrgSelector](https://github.com/supabase/supabase/pull/43238/changes#diff-214b339101a9c06864ea2755ac7246eb4c971ce74c5d3169b1385a28ee1d4227)
and
[ProjectBranchSelector](https://github.com/supabase/supabase/pull/43238/changes#diff-82d25c128c306b61bea7481026f58f670a229874f23ca3a1a1d78ddeabde21e0)
components to the mobile navigation, replacing the previous which took
up a lot of horizontal space
- org/project/branch dropdowns now open up in the bottom MobileSheetNav
for a better mobile ux
- desktop nav remains unchanged
2026-03-11 16:25:22 +01:00
Jordi Enric 785625c92f fix: add compact formatting to Y axis numbers in db charts (#43170)
In the db charts, numbers in the Y axis are not formatted, sometimes
these get too big and get cut-off.

## before
(in this example it is not cutoff because the number is not big enough)
<img width="1020" height="634" alt="CleanShot 2026-02-25 at 11 20 35@2x"
src="https://github.com/user-attachments/assets/bc29edcc-331f-44d1-934f-1553b895c338"
/>

## after
<img width="936" height="676" alt="CleanShot 2026-02-25 at 11 21 07@2x"
src="https://github.com/user-attachments/assets/eae4ea4c-b8cd-4fe4-a361-9b029955217b"
/>
2026-02-25 18:42:17 +01:00
Jordi Enric a36c50ad88 add logarithmic option to custom reports (#43001)
https://linear.app/supabase/issue/FE-2595/dashboard-feedback-logarithmic-scale-option-for-custom-report-charts#comment-19c2f27a

- adds logarithmic view option to charts
<img width="1308" height="866" alt="CleanShot 2026-02-18 at 21 15 56@2x"
src="https://github.com/user-attachments/assets/2ed95d0e-ccd0-4cd1-9a3b-ac9ae5628995"
/>
2026-02-19 07:20:12 -07:00
Jordi Enric eb85515acb minor percentage formatting fixes (#41923)
* support total percentage normalization and show idle time in cpu usage chart

* pretier

* improve test

* clarify in comment why new prop is necessary

* fix type error int est

* refactor to use max value instead of idle property, add more tests

* cleanup composed chart

* prettier

* fix tests

* react improvements

* remove unused stacking properties

* remove rest property references as it wont be used

* fix comment and max cpu desc

* test the resolvehighlightedvalue function

* undo unnecessary composedcharthandler change

* remove unnecessary comment

* minor db charts percentage formatting fixes

* move format check

* fix issue with conflict resolution
2026-01-27 13:07:39 +00:00
Jordi Enric aec9be147a chart: handle values below 0.01 (#41742)
* fix

* fix file
2026-01-06 17:29:29 +00:00
Charis 000c79e22b fix(studio): rework global storage size validation (#41378)
The global storage size validation depends on an unpaginated buckets
query to determine whether it is lower than any individual bucket's
cutoff. This causes a problem for users with tens of thousands of
buckets.

There's a bit of a UX/performance problem here, because in order to
determine whether any bucket's `file_size_limit` exceeds the global
setting, we need to get the max `file_size_limit` of `storage.buckets`
-- however, that column is not indexed.

My workaround is:
- Below a certain threshold (10,000) buckets, the query for max
`file_size_limit` is automatically run on form submit.
- Above that threshold, the user must confirm whether they want to run
the query. They're still allowed to change the storage config without
running it -- this does open a loophole where they can have a global
storage setting lower than an individual bucket's file size limit, but
though this is a potentially confusing situation, it's not strictly an
error.

---------

Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
2025-12-16 09:02:31 -05:00
Joshen Lim 011f6c3e87 Fix Table Editor not identifying truncated array column values properly (#37683)
* Fix Table Editor not identifying truncated array column values properly

* Add comment

* update tests

* Fix TS issues and shift test file to beside the file its testing

* Fix tests

---------

Co-authored-by: Jordi Enric <jordi.err@gmail.com>
2025-08-06 11:11:14 +07:00
Drake Costa 57cd26ac77 Move non-layout Storage components to components/interfaces (#37381)
* Update studio testing setup files

Improves API mocking type safety and polyfills browser APIs necessary to run tests with framer-motion components

* fix missing listen call for msw, resolve test type error

* fix imports

* Update studio testing setup files

Improves API mocking type safety and polyfills browser APIs necessary to run tests with framer-motion components

* fix missing listen call for msw, resolve test type error

* fix imports

* Move non-layout Storage related components to `components/interfaces`

* Fix paths

---------

Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
2025-07-22 23:48:20 +08:00
Saxon Fletcher 3aadc009e6 feat: billing address, name and tax id for org creation/upgrade (#34922)
We currently get support requests about adding or amending invoices due to no billing address being set. Changes in this PR:
- Unify tax id and billing address into a single form
- Add ability to set billing name that diverges from org name
- Add ability to set billing address & tax id during org creation (only paid plans)
- Add ability to set billing address & tax id during plan upgrade
2025-05-02 10:10:41 +08:00
Ivan Vasilov 326c7535f6 chore: Bump vulnerable deps. (#34395)
* Bump all testing libs to force babel to upgrade itself.

* Remove react-hooks package, it's included in @testing-library/react.

* Add await to all useEvent calls.

* Remove duplicate babel/helpers.

* Deduplicate babel/core.

* Bump vite to non-vuln version.

* Bump estree-util-value-to-estree.
2025-04-16 10:02:06 +02:00
Terry Sutton 110e8ed77f Chore/update url regex (#30138)
* Allow excluding options in the url regex

* Add tests for options
2024-10-29 10:05:52 -02:30
Ivan Vasilov cb1e3a8170 chore: Prep work for pnpm (#29610)
* Add all missing libraries in the packages/apps.

* Add all missing Vitest imports to the tests.

* Add some missing exports to ui.

* Fix the admonition export.

* Fix various minor bugs.

* Migrate the ui package to use vitest.
2024-10-01 11:29:37 +02:00
Terry Sutton 6d78a98b63 Chore/replace url with regex (#29499)
* Replace zod .url with regex check

* Prevent adding dupe URLs in modal

---------

Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
2024-09-25 13:03:33 +08:00
Kevin Grüneberg f541107196 chore: use new tax id endpoints (#27246)
Adapts the tax id view to the new MGMT-API endpoints. Users can now only manage a single tax id instead of adding multiple.

Besides
- Use non-deprecated fetchers
- Use Shadcn components
2024-06-19 12:19:20 +08:00
Ivan Vasilov e1cf9d61ae fix: Fix the sort feature in the Table editor (#26865)
* Expand the Sort type with a table property.

* Add a qualifier for the sort when sending a fetch table query.

* Fix the tests.
2024-05-29 17:02:54 -02:30
Jordi Enric 764d10986d vitest & msw integration (#26303)
* Fix tests in tests/unit, tests/components and files under tests, looking into tests/pages

* Fix tests under pages/projects root

* Fix

* Comment out broken tests that im stuck with

* Fix api-report.test

* Fix storage-report-test

* chore: fix some tests

* chore: remove logging

* Fix LogsPreviewer.test.js

* Fix most of logs-query-test

* Skip broken tests instead of false positiving them

* Replace jest with vitest

* Rename all *.test.js to *.test.ts

* Configure vitest to work with jsx

* fix vitest issues, fix tests, skip broken tests, add msw, add next-router-mock

* uncomment file

* add tests for msw and nrm

* Fix failing tests

* fix tests in RowEditor

* fix datepicker tests

* fix type errors and comment out tests that need some refactoring

* leave 1 test so test script works

* rm clog and aaaaa

* rename script

* move msw to studio

* add pckg json which i forgot in last commit

* rm consolelog

* move vitest ui dep

* Move next-router-mock to studio.

---------

Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
Co-authored-by: TzeYiing <ty@tzeyiing.com>
Co-authored-by: Kamil Ogórek <kamil.ogorek@gmail.com>
Co-authored-by: Terry Sutton <saltcod@gmail.com>
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
2024-05-29 17:31:20 +02:00
Joshen Lim d025e0f739 chore/fix studio jest tests (#25872)
* Fix tests in tests/unit, tests/components and files under tests, looking into tests/pages

* Fix tests under pages/projects root

* Fix

* Comment out broken tests that im stuck with

* Fix api-report.test

* Fix storage-report-test

* chore: fix some tests

* chore: remove logging

* Fix LogsPreviewer.test.js

* Fix most of logs-query-test

* Skip broken tests instead of false positiving them

---------

Co-authored-by: TzeYiing <ty@tzeyiing.com>
2024-05-11 12:05:25 +02:00