Commit Graph

154 Commits

Author SHA1 Message Date
Joshen Lim 4901f081e5 Migrate remaining requests to pg-meta API to use query endpoint (#47758)
## Context

Migrates the remaining API requests to the pg-meta endpoint to use the
query endpoint directly with the SQL from the pg-meta package. This
touches the following:
- policies
- publications
- triggers
- views
- materialized views
- types

## To test
Just need to verify that we're still fetching the data correctly on
these pages
- Database policies
- Database publications
- Database triggers
- Database tables (views + materialized views)
- Database types

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Improved and stabilized loading of database metadata (views, triggers,
RLS policies, publications, materialized views, and enum types),
including more reliable schema-scoped filtering.
* Updated policy loading behavior and related UI queries to consistently
use schema arrays, improving cache correctness and consistency.
* **Tests**
* Updated end-to-end test synchronization to wait for the correct
metadata responses using more specific request identifiers.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-09 17:09:03 +08:00
Monica Khoury fd8a37b1d0 feat: add toggle for sensitive data visibility in table columns (#46180)
## Fixes

FE-2619

## What is the new behavior?

This PR adds support for marking table columns as sensitive and masking
their values in the grid view.

Sensitive columns:

- Display an 8-dot mask instead of the underlying value
- Remain masked across page refreshes
- Can be temporarily revealed for 5 seconds via the **Show data** action
- Display a warning when copying rows containing sensitive data

This helps prevent accidental exposure of sensitive information when
sharing screens, recording demos, or taking screenshots.

## Testing

- [x] Toggle sensitivity ON → save → refresh → remains masked
- [x] Toggle sensitivity OFF → save → refresh → remains unmasked
- [x] Toggle sensitivity multiple times → state remains consistent
- [x] Copy row with sensitive columns → warning shown
- [x] Click **Show data** → value revealed for 5 seconds then re-masked
- [x] Text, Boolean, Binary, JSON, and Foreign Key columns all display a
consistent 8-dot mask

### Test data

SQL fixture covering multiple PostgreSQL data types:

https://gist.github.com/monicakh/2485e9054bf21045912359871e9a1cb4. 

### UI

<img width="1284" height="554" alt="CleanShot 2026-06-09 at 12 01 33@2x"
src="https://github.com/user-attachments/assets/4aec0ba7-c874-42d7-9442-d2c704b319cc"
/>

<img width="1200" height="560" alt="CleanShot 2026-06-07 at 10 43 40@2x"
src="https://github.com/user-attachments/assets/b9569484-6fcc-47de-bc3d-881d0edc4060"
/>

The **Show data** action is only available for sensitive columns.

<img width="450" height="400" alt="CleanShot 2026-06-07 at 10 42 18@2x"
src="https://github.com/user-attachments/assets/d48849a2-ec0b-4522-a787-561a1d204ec9"
/>

Warnings on Copy command

<img width="450" height="80" alt="CleanShot 2026-06-09 at 11 58 42@2x"
src="https://github.com/user-attachments/assets/374e7d6b-b82a-4923-b035-2ec9b2f7bb7d"
/>

<img width="450" height="80" alt="CleanShot 2026-06-09 at 11 58 58@2x"
src="https://github.com/user-attachments/assets/ecd951bb-e9e2-47ae-9ddd-d32969e01c12"
/>


<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46180?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: supabase-autofix-bot <noreply@supabase.com>
Co-authored-by: Ali Waseem <waseema393@gmail.com>
2026-07-09 10:44:42 +03:00
Alaister Young 18431efb25 fix(studio): TanStack post-merge fixes — Monaco loader, fonts, CSP (from #46424) (#47657)
Post-merge fixes for the TanStack Start migration (#46424) — things that
broke on the TanStack build as master evolved under the migration
branches. Kept on their own branch off master rather than piling onto
the E2E-matrix PR (#47119); all land on master and cascade up to S6 +
the big PR.

Common theme: a master PR changed something the Next pipeline handles
via `next/font` / `pages/_app.tsx` / `next.config.ts`, but the
hand-rolled TanStack equivalent (`routes/__root.tsx`,
`styles/fonts.css`, `vercel.ts`) wasn't updated to match — invisible on
the Next deploy, broken only on TanStack.

---

## 1. Monaco loader path (#47182)

#47182 re-nested the served Monaco assets from a flat
`public/monaco-editor/` layout into `public/monaco-editor/vs/` and
updated `pages/_app.tsx`, but `routes/__root.tsx` still pointed
`loader.config` at the old path, so `loader.js` 404'd and **no Monaco
editor mounted anywhere in the TanStack build**. Now mirrors the Next
config (`${origin}${BASE_PATH}/monaco-editor/vs`, window-guarded for
SSR). Was failing the whole `tanstack` E2E shard on #47119.

## 2. Inter + Manrope fonts (#47306)

#47306 renamed Tailwind's sans var `--font-custom` → `--font-sans` and
added `--font-heading` (Manrope), set via `next/font` on Next.
`fonts.css` still only set the now-ignored `--font-custom`, so the body
fell back to the theme's system chain (`Circular, custom-font,
Helvetica…`) at weight 450 — that's the "Inter weights look wrong".
Manrope was missing entirely.

- Wire `--font-sans` (Inter) + `--font-heading` (Manrope) to match
`next/font`.
- **Vendor all three families** (Inter, Manrope, Source Code Pro) via
`@font-face` so nothing depends on the Google Fonts CDN — matches
`next/font` self-hosting, and (see below) `font-src` doesn't allow
`fonts.gstatic.com` anyway.

Verified in-browser: computed `body` → `Inter`, headings → `Manrope`,
all loading from local `/assets/*.woff2`.

## 3. Security headers / CSP (next.config.ts `headers()`)

The Next build sets X-Frame-Options / X-Content-Type-Options / HSTS /
**Content-Security-Policy** / Referrer-Policy via `next.config.ts`. The
TanStack build never carried these over — `vercel.ts` only set
cache-control, so **the deployed TanStack dashboard shipped with no CSP
at all**.

The TanStack deploy serves a static shell (no server to attach headers),
so they go in the Vercel config:
- `security-headers.ts` — shared source of truth, reuses `getCSP()`,
env-gated exactly like next.config.
- `vercel.ts` — apply to every response (all base-path prefixes): full
`getCSP()` + HSTS on platform.
- `scripts/serve.js` — the non-platform set (`frame-ancestors 'none'`)
for the self-hosted server.

**Tested the policy in a real browser** (temporarily enforced it on the
TanStack build via /test-supabase-local): everything passed except one
real gap — `font-src` was missing `data:`, so GraphiQL's bundled Monaco
codicon font and Stripe's payment-element fonts (both data: URIs) were
blocked (37 violations on a cold load). Added `data:` to `font-src` in
`csp.ts` → violations drop to zero, SQL editor Monaco renders clean.
That gap affects the Next build too.

---

## 4. `node:path` import crashing `/project/[ref]/merge`

Found by a full-site click-through of the TanStack build (all product
areas, ongoing — see below). `useEdgeFunctionsDiff.ts` +
`EdgeFunctionsDiffPanel.tsx` did `import { basename } from 'path'` in
client code. Webpack (Next) polyfills `path` in the browser; Vite
externalizes it, so the whole `/merge` route crashed with "Module
\"path\" has been externalized for browser compatibility". Replaced the
two `basename` call sites with a string helper. Verified in-browser:
`/merge` renders.

## 5. URL shape — Next-style search-param semantics + shim fixes

The dashboard produced malformed URLs vs the Next build (strange query
params, trailing slashes, `##` hashes). Root cause + audit verified
empirically against `@tanstack/react-router@1.170.10`; all fixed with
unit tests and browser-verified:

- **`createRouter` used TanStack's default JSON search codec** —
`?flag=true` became `?flag=%22true%22` via links, repeated
`?filter=…&filter=…` collapsed into a JSON array (breaking
multi-filter/sort table-editor URLs and the account-page round-trip,
which double-encoded), and search values arrived as numbers/booleans
where the app expects strings. New `lib/router-search-params.ts`
(Next-style: strings in, strings out, repeated keys → string[]) wired
into the router.
- **Link shim** (`compat/next/link.tsx`): `URL.hash` includes the
leading `#` while TanStack's `hash` prop adds its own → every
`href="…#section"` navigated to `##section` (hash-scroll broke);
`Object.fromEntries(searchParams)` dropped repeated query params. Both
fixed.
- **Trailing slash injected before the query** on every `?`-only
relative navigation (`/auth/providers/?provider=…`): fixed in the compat
router (prefix current pathname) and via a custom nuqs adapter
(`lib/nuqs-tanstack-adapter.tsx`) replacing the stock tanstack-router
adapter, whose `navigate({ to: '?…' })` writes hit the same TanStack
behavior (123 files use nuqs).
- **Pathname-less `router.push({ query })` leaked path params** — Next
re-consumes `ref`/`id` from `query` into the path pattern; the shim
didn't, yielding
`/editor/17597?schema=public&ref=<ref>&id=17597&filter=…` from
table-editor filter/sort, linter panels, and advisor shortcuts. The shim
now defaults the pathname to the current route pattern and backfills
omitted params.
- **Redirects dropped query + hash** (Next's `redirects()` preserves
them): `__root.tsx` `matchRedirect` and `routes/index.tsx` now carry
incoming params/hash through (consumed rule params excluded,
destination's own params win). `/?next=new-project&projectName=zzz` →
`/new/new-project?projectName=zzz`; `/sql/quickstarts?template=x#frag` →
`/sql/examples?template=x#frag`.

Browser-verified post-fix: advisors `?preset=WARN`, providers
`?provider=Google`, `?schema=auth` — all clean (no `/?`, no leaks);
repeated `filter` params survive hydration; `=true` unquoted; single
`#`.

## 6. TanStack `navigate` corrupting query values (Logs Explorer SQL
newline loss)

TanStack router-core treats a query string embedded in `navigate({ to
})` as part of the *path*: `decodePath` percent-decodes it and
`sanitizePathSegment` strips control characters, silently deleting every
`%0A`. Logs Explorer's SQL (`s` param) lost its newlines on Run/reload —
`order by timestamp desc` / `limit 5` glued into `desclimit 5`, which
then failed the LIMIT lint. Pre-existing on the TanStack build (the
stock nuqs adapter had the same shape); Next unaffected.

Fixed by never embedding query strings in `to`: the nuqs adapter and the
compat `router.push`/`replace`/`prefetch` (plus the `next/navigation`
shim) now pass search as an object through the app codec
(`splitInternalUrl` hoisted to `lib/internal-url.ts`). Guard test drives
a real `createRouter` with multi-line SQL through both producers.
Browser-verified: newlines survive the full Run → reload → re-Run cycle.

## 7. Integration overview markdown never loaded (all integrations)

`MarkdownContent` used a template-literal dynamic import
(``import(`@/static-data/integrations/${id}/overview.md`)``) — webpack
builds a context module for that, Vite can't analyze it, so every
integration detail page threw `Failed to resolve module specifier` and
rendered no overview text. Fixed with an explicit lazy registry of
literal imports (`static-data/integrations/overviews.ts`, drift-guarded
by a test) plus an `mdRawLoader()` Vite plugin mirroring next.config's
turbopack raw-loader rule. Both runtimes keep working; md stays out of
the main bundle.

## 8. GraphiQL editor never mounted (`exports is not defined`)

Our `umdAmdShortCircuit()` Vite plugin (which disarms Monaco's global
AMD loader for deps like papaparse) rewrote `typeof define ===
'function' && define.amd` to `false` inside `monaco-editor`'s bundled
copy of marked — whose UMD relies on its own *local* `define` shim — so
the whole optimized monaco chunk failed to evaluate and GraphiQL's
editor pane stayed blank. The check now only short-circuits when
`define` is the global AMD loader. Browser-verified: all four GraphiQL
Monaco panes mount, queries execute. (Known follow-up: GraphiQL's Monaco
workers fall back to the main thread under Vite — functional, worker
wiring is Next-specific `setup-workers/webpack`.)

## 9. `@sentry/nextjs` bundling Next internals — built TanStack bundle
crashed (caught by E2E)

The E2E suite against the **built** TanStack bundle (not the dev server)
found lazy chunks like `table-editor-*.js` dead on arrival:
`@sentry/nextjs` (imported by ~25 client files) drags in
`next/dist/shared/lib/constants`, whose module scope evaluates
`process?.features?.typescript` — optional chaining doesn't guard an
undeclared `process` in the browser, so the whole chunk failed at load
with `ReferenceError: process is not defined`. Dev shims `process`,
which is why weeks of dev-server testing never saw it.

Fixed by aliasing `@sentry/nextjs` → `compat/sentry-nextjs.ts`
(re-exports `@sentry/react`, same deduped 10.59.0, plus explicit
stand-ins for the three Next-only APIs) in the Vite build only.
Verified: fresh build has zero Next-internals markers in any chunk;
table editor loads clean; full E2E suite run against the built bundle.

Note for the stack: `alaister/tanstack-start` / the E2E-matrix branch
already carried a different fix for the same crash (a `next/constants`
shim) that never made it to master — the cherry-pick onto those branches
keeps **both** (the shim covers any other transitive importer; the alias
keeps Next internals out of the client bundle entirely).

**Follow-up found while fixing:** Sentry is never *initialized* in the
TanStack runtime — `instrumentation-client.ts` /
`sentry.server.config.ts` are Next-convention files nothing imports
under TanStack, so `captureException` calls are silent no-ops. Needs an
`@sentry/react` init (+ `tanstackRouterBrowserTracingIntegration`) wired
into the TanStack client entry as its own PR.

## 10. GraphiQL Monaco workers + edge-function Deno typings (Vite-only
gaps)

- **GraphiQL's Monaco workers ran on the main thread** under Vite
("Could not create web worker(s)…" — `setup-workers/webpack`'s `new
URL(...)` form isn't rewritten by Vite). A `graphiqlViteWorkers()`
plugin resolves the import to graphiql's own `setup-workers/vite`
variant for client builds (SSR untouched, Next untouched); the
setup-workers chain is `optimizeDeps.exclude`d because the Rolldown
optimizer can't load `?worker` ids.
- **Edge-function editors silently lost their Deno typings** —
`AIEditor` loaded `public/deno/*.d.ts` via `/* @vite-ignore */` imports
that always failed at runtime under Vite. The `.md` raw loader is
generalized into `rawTextLoader` (exact-path allowlist for the two
typings files, served as virtual string modules so the dep scanner never
parses `.d.ts` syntax), and the imports are now static-analyzable
literals that both bundlers handle (turbopack's raw-loader rules match
them on the Next side).

## Split out for reviewability

App-level fixes that reproduce on the Next build too (DOM-nesting
hydration errors, the ghost deleted-snippet nav, the recurring pg-meta
`migrations` 400) moved to their own PR: #47667. Sentry initialization
for the TanStack runtime (captures were silent no-ops) is #47666,
stacked on this PR.

## Full-site test campaign

Drove every dashboard product area on the local TanStack build
(Playwright, human-style) hunting migration regressions:
redirects/404/catch-alls, org, account, project home/branches/merge,
table editor CRUD, SQL editor (Monaco/run/save/templates/AI), all
database pages, all auth pages, storage CRUD, edge functions + realtime,
logs/observability, advisors, settings, integrations hub incl. nested
routes, global UI (palette/connect/switchers/theme/fonts), and a
cross-cutting sweep (document titles, back/forward chain, hard-refresh
hydration on deep URLs, trailing-slash active state). Every failure
found is fixed above and re-verified in-browser; remaining console
quirks were cross-checked against the deployed Next build and are
pre-existing (tracked separately).

## To test

Most fixes are already browser-verified + covered by unit tests and the
self-hosted E2E suite; the last two landed after the final browser pass
and still need an in-browser check:

1. **GraphiQL Monaco workers** — restart the dev server (clear
`apps/studio/node_modules/.vite` once first — the optimizer cache may
hold a stale prebundle of the worker chain). Open
`/project/<ref>/integrations/graphiql/graphiql` with the console open:
the `Could not create web worker(s). Falling back to loading web worker
code in main thread` warning must be gone, and DevTools → Sources →
Threads shows the three workers (json, editor, graphql). Autocomplete in
the query editor stays responsive.
2. **Edge-function Deno typings** — `/project/<ref>/functions/new`: no
"Failed to load … typings" console error, and typing `Deno.` in the
editor offers typed completions (e.g. `Deno.env`).

Spot-checks for the rest (all previously verified):
- `/project/<ref>/merge` renders (no "Module path" crash).
- Multi-line SQL in Logs Explorer survives Run → reload (no `desclimit`
gluing, no LIMIT-lint false failure); `s` param keeps `%0A`.
- `/auth/providers` → open a provider → `?provider=…` with no trailing
slash before `?`; table-editor filter/sort URLs carry no leaked
`ref`/`id` params; `/?next=new-project&projectName=x` lands on
`/new/new-project?projectName=x`.
- Integration detail pages (cron/queues/vault/data_api) show their
overview prose; GraphiQL query editor mounts.
- Built bundle (`MODE=test vite build` + `start:tanstack`): table editor
loads with no `process is not defined`.
- `curl -sI` any page on a platform deploy: `X-Content-Type-Options:
nosniff` (was the invalid `no-sniff`).


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Centralized integration overview markdown loading with registry-based
lookup.
* Improved Monaco loading/asset path handling for smoother editor
startup.
* **Bug Fixes**
* Next-style navigation/search handling now preserves pathname, hash,
repeated query keys, and special characters (including newlines).
* Redirects now reliably carry over query and hash with correct
precedence.
* **Security/Configuration**
* Updated CSP font sourcing and unified security headers delivery across
environments; conditional HSTS behavior.
* Refreshed font CSS variables and font-face definitions to match the
theme.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->


---

### Review feedback: non-prod favicon (Joshen)

The TanStack `__root.tsx` hardcoded the prod favicon; local + hosted
staging now use the white staging favicon (`/favicon/staging`), matching
what `pages/_app.tsx` passes to `MetaFaviconsPagesRouter` for non-prod.
Rather than pull the pages-router component into the TanStack head, it
reuses the same synchronous `NEXT_PUBLIC_ENVIRONMENT` signal the file
already uses for `IS_DEV_TOOLBAR_ENABLED` (the `head()` route option
isn't a React component, so it can't run `_app`'s async CLI check — but
the env signal covers the reported local/staging case).

---------

Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
2026-07-08 14:52:59 +08:00
Ali Waseem 8f5ba52e2c fix(e2e): avoid response-listener race in SQL editor flaky test (#47698)
## Summary
- Fixes the flaky "should check if SQL editor is working as expected"
self-hosted E2E test (FE-3863)
- The second query registered the pg-meta response waiter *after*
clicking run, so a fast response could be missed, causing a 30s timeout.
Moved the waiter registration before the click, matching the pattern
already used for the first query.

Fixes FE-3863

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Tests**
* Improved SQL editor end-to-end test synchronization to better wait for
the correct API response during repeated query runs.
* Increased test reliability for scenarios involving back-to-back SQL
executions.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-07 13:21:57 -06:00
Andrey A. 229f6478f3 test(self-hosted): add an e2e test for exposed schemas in data api ui (#47602) 2026-07-07 16:22:20 +02:00
ChloeGarciaMillerand c87f673c4c Fix: improve accessibility for icon buttons (database menu) (#47531)
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES

## What kind of change does this PR introduce?

Bug fix (accessibility improvement)

## What is the current behavior?

Icon-only buttons do not have explicit accessible names for screen
readers or tooltips.

## What is the new behavior?

All icon-only buttons now have explicit accessible names using visually
hidden text (sr-only), ensuring proper screen reader support.

## Additional context

Tooltip text is preserved or added for visual users.
No visual changes were introduced.


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Tests**
* Tightened end-to-end checks for policy creation so policy names must
match exactly in the list.
* Improved validation coverage for SELECT, INSERT, UPDATE, and DELETE
policy flows, reducing the chance of false-positive test matches.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-06 16:59:40 +02:00
Vaibhav 38669218ac fix: preserve copy (#47607)
- closes https://github.com/supabase/supabase/issues/47606

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Copying cell values now preserves `false` and `0` instead of treating
them like empty values.
* Clipboard copy behavior now only returns blank for truly empty inputs,
helping keep table data accurate when copied.
* **Tests**
* Added end-to-end coverage for copying table cells with `false`, `0`,
and `true` values.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-06 07:17:17 -06:00
Charis dd3695814e test(e2e): add coverage for complex scalar and array column types (#47536)
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES

## What kind of change does this PR introduce?

Test (E2E coverage addition).

## What is the current behavior?

The SafeSqlFragment migration (#45903) reworked column type modeling in
the table/column editor (`ColumnTypeRef`: format/formatSchema/isArray)
and tightened the FK selector's type comparison to the full `(format,
format_schema, isArray)` triple instead of comparing `format` alone.
This was manually tested but had no E2E coverage for the more complex
scalar/array type cases it affects (FE-3377).

## What is the new behavior?

Adds `e2e/studio/features/column-editor-types.spec.ts` covering:
- Editing an existing array column preserves its type across an
unrelated save, and displays as `type[]` (not the raw `_type` pg format)
in the Database > Tables column list.
- Editing an existing enum column from a non-public schema preserves its
schema-qualified type across an unrelated save, and displays as
`schema.type`.
- The FK selector flags a mismatch between an array column and a scalar
column of the same base type.
- The FK selector flags a mismatch between same-named enums from
different schemas.
- The FK selector allows and successfully creates a relation between two
columns with matching array types (guards against over-flagging arrays
as incompatible).

## Additional context

Resolves FE-3377

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Tests**
  * Added end-to-end coverage for complex column types in the Studio UI.
* Verified array and enum columns continue to display correctly after
edits.
* Added checks for foreign key type-mismatch warnings and save-button
behavior.
* Confirmed foreign keys can be created successfully when matching array
types are used.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-02 13:24:54 -04:00
Joshen Lim 1de298ff31 Reinstate https://github.com/supabase/supabase/pull/45143 into latest master (#47433)
## Context

Previous PR was [here](https://github.com/supabase/supabase/pull/45143)
but it got stale with lots of conflicts so figured it'll be easier redo
it off the latest master

Moves policies page from Auth to Database under an Access Control
section along with Roles. This moves all existing files, applies
redirects, and updates urls to point to the new route

<img width="274" height="412" alt="image"
src="https://github.com/user-attachments/assets/7952c185-64ae-4355-ba36-45397efe1787"
/>

<img width="453" height="471" alt="image"
src="https://github.com/user-attachments/assets/04b3dcb3-48a5-4049-9893-d01109fb46a9"
/>


## To test
- [ ] Verify that policies now live under Database correctly

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added a quick navigation shortcut to open **Database > Policies
(RLS)**.
* **Bug Fixes**
* Updated Policies and RLS-related links across the product to open the
**Database policies** area (menus, command palette, context actions,
alerts, and link-outs).
* Added a permanent redirect from the old **auth policies** URL to the
new **database policies** URL.
* **Documentation**
* Updated RLS Dashboard and security checklist instructions to reference
**Database > Policies**.
* **Tests**
  * Adjusted automated tests to validate the new Policies route.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-30 18:49:33 +08:00
Aaditya Bhusal 719434a7fd fix(studio): batched table edits issues (#47319)
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES

## What kind of change does this PR introduce?

Bug fix

## What is the current behavior?

Fixes #47318

Supabase Studio's batched table edit queue has a few related row
identity issues:

- Editing a row's primary key can make later queued edits or deletes
lose track of the original row.
- Editing a primary key and another column in the same row before saving
can save only the primary key change, because later updates still use
the old primary key in the `WHERE` clause.
- Adding a row in batched edit mode and then deleting it before saving
may not remove the pending row correctly.

## What is the new behavior?

- Preserves the original row identity for queued operations after
primary key edits.
- Applies multiple queued edits for the same row as a single update when
saving.
- Correctly deletes newly added pending rows before they are saved.
- Adds regression coverage for these batched table edit cases.

## Additional context


https://github.com/user-attachments/assets/75672361-d781-4fe5-a542-071574ad57bd


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Improved row identity handling for grid edits, optimistic updates, and
queued operations so changes stay correctly attached when primary keys
are edited, reverted, or “taken” by another row.
* Updated header row deletion to delete from the currently
visible/targeted rows rather than relying on the full dataset.
* Reduced retry noise for missing tables by clearing conflicting sorts
and preventing repeated retries for the same “does not exist” error.
* More reliably consolidated queued edits for the same row into fewer
combined save statements.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Ali Waseem <waseema393@gmail.com>
2026-06-29 08:12:18 -06:00
Alaister Young 4fa106e53c fix(studio): stop GraphiQL from corrupting other Monaco editors (#47363)
GraphiQL (`@graphiql/react`) runs a second Monaco instance that injects
two global, page-wide styles which corrupt Studio's other editors once a
GraphiQL chunk has loaded (it persists across client-side navigation, so
a full reload hides it). After visiting GraphiQL and returning to e.g.
the SQL editor, the editor collapses to a ~5px sliver and its syntax
colors swap to GraphiQL's theme.

**Changed:**
- `monaco.css` — a higher-specificity counter-rule
(`.monaco-editor.monaco-editor { position: relative !important }`) beats
GraphiQL's runtime-injected `.monaco-editor { position: absolute
!important }`, which otherwise pulls Studio's `@monaco-editor/react`
wrapper out of flow and collapses it to ~5px.
- GraphiQL now uses the primary `supabase` Monaco theme instead of a
separate `supabase-graphql-*` theme, so the global `.mtk*` token palette
stays identical and syntax colors no longer bleed into other editors.

**Added:**
- E2E test (`monaco-graphiql-coexistence.spec.ts`) reproducing both bugs
via client-side SQL editor → GraphiQL → SQL editor navigation (a full
reload unloads the chunk and hides the bug).
- Component test (`CodeEditor.test.tsx`) guarding the height-class
precedence regression from #47339/#47350 — a caller height (e.g. the
email template editor's `h-96`) must win over the default `h-full`.
Covered as a component test since the email source editor isn't
reachable on self-hosted.

## To test

- Open the SQL editor → **Integrations → GraphiQL** → back to the SQL
editor (in-app navigation, not a reload). It should stay full height and
keep its own syntax colors.
- Confirm autocomplete still works in the SQL editor.
- `pnpm --prefix e2e/studio run e2e --
features/monaco-graphiql-coexistence.spec.ts`
- `pnpm --prefix apps/studio test -- CodeEditor.test`


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Improved Monaco editor styling so GraphiQL no longer affects the SQL
editor’s theme or layout when navigating between them.
* Fixed editor sizing so a custom height now takes precedence over the
default full-height setting.
* Polished GraphiQL panel styling for more consistent spacing and
appearance across themes.

* **New Features**
* GraphiQL now uses the shared editor theme for better visual
consistency with Studio.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
2026-06-29 08:45:09 +00:00
Danny White a074b62ed1 chore(studio): use sentence case for Data API access label (#47353)
## What kind of change does this PR introduce?

UI copy + agent guidance.

## What is the current behavior?

- The Table Editor labels the Data API setting as "Data API Access"
(title case).
-  Agents have no scoped pointer to our copywriting rules

## What is the new behavior?

- Label uses sentence case: "Data API access" (e2e and test docs
updated).
- Agents are pointed at
`apps/design-system/content/docs/copywriting.mdx` via
`studio-copy.instructions.md` and `studio-ui-patterns` skill.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Standardized the **“Data API access”** label casing across the Studio
UI.
  * Updated end-to-end tests to assert the corrected label text.
* **Documentation**
* Updated Studio E2E test review instructions and examples to use
**“Data API access”**.
* Added/expanded Studio UI copywriting guidance, including where to
source copy and how to apply consistent casing.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-26 14:50:37 -06:00
ChloeGarciaMillerand b1b29ad011 Fix: improve accessibility for icon buttons (#47214)
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES

## What kind of change does this PR introduce?
Bug fix (accessibility improvement)

## What is the current behavior?

Icon-only buttons do not have explicit accessible names for screen
readers.

## What is the new behavior?

All icon-only buttons now have explicit accessible names using visually
hidden text (sr-only), ensuring proper screen reader support.

## Additional context

Tooltip text is preserved or added for visual users.
No visual changes were introduced.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

## Release Notes

* **New Features**
* Added hover tooltips across the database editor and SQL editor,
including “More options” menus, table filter controls, and the “Create a
new query” action.

* **Accessibility**
* Improved button accessibility by adding/expanding `aria-label`s for
Intellisense, favorites (add/remove), and “Prettify SQL.”
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-26 11:36:29 +02:00
Alaister Young 2fdb59a905 test(e2e/studio): drop racy post-action waits in database specs (from #46424) (#47106)
Follow-up to #47077, extracted from the TanStack Start migration
(#46424).

Three `waitForResponse` waits in `database.spec.ts` were registered
*after* their triggering action, so the response could resolve before
the listener attached and the wait would time out (this surfaced under
TanStack, where the data is SSR-streamed, but the waits are redundant on
Next too).

**Removed:**
- Schema Visualizer *actions*:
`waitForSchemaVisualizerToLoad(...'auth')` registered after the
schema-selector click — the `focusTableInVisualizer` loop immediately
below already auto-waits for the auth schema's tables.
- table update / duplicate: `waitForDatabaseToLoad(...)` after the save
mutation — the `toBeVisible` assertion right after each already waits
for the list to refetch.
- the now-unused `waitForDatabaseToLoad` /
`waitForSchemaVisualizerToLoad` imports.

The UI assertions are the real synchronization points, so behaviour is
unchanged on Next.

## To test
- Studio E2E `database.spec.ts` passes (the Schema Visualizer + Tables
groups).


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Tests**
* Improved database e2e test reliability by optimizing synchronization
logic and eliminating timing-sensitive helpers that could introduce
flakiness during schema and table operations.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
2026-06-22 13:37:04 +00:00
Vaibhav 84edf0dc94 fix: protect csv import (#47040)
## TL;DR 
fixes protected schema empty tables still exposing CSV import actions in
table editor...
## ref: 
- closes https://github.com/supabase/supabase/issues/41358
- supersedes: https://github.com/supabase/supabase/pull/41362
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Updated the table empty state so CSV import actions are shown only
when the table is allowed to accept imports, and are hidden for
protected cases (including foreign-table scenarios).

* **Tests**
* Added an end-to-end test confirming that empty tables in protected
schemas do not expose the “Import data from CSV” button or the
drag-and-drop CSV hint.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-18 15:43:46 +01:00
Alaister Young ba00a311db test(studio): harden flaky E2E specs (extracted from #46424) (#47077)
Pulls the framework-agnostic E2E test fixes out of the TanStack Start
migration PR (#46424) so they can land on `master` independently and
scope that PR down. Test files only — no app/source changes.

> [!NOTE]
> **These changes originate from #46424** (the Next.js → TanStack Start
migration). They were made while getting the E2E suite green on both
builds, but they're pure test-file changes that are framework-agnostic
and already pass on the current Next.js build. A few are *also* written
to tolerate TanStack behaviour (called out in code comments) — harmless
and correct on Next today.

**Changed:**
- `realtime-inspector.spec.ts` — drop the racy
`waitForResponse(/settings/)` (the "Join a channel" UI assertion already
gates on settings loading); click the message row's timestamp instead of
its center, which the wide untruncated-JSON cell pushes under the
always-present detail panel.
- `database.spec.ts` — gate the three Schema Visualizer / Tables tests
on the visualizer UI (`focusTableInVisualizer` already auto-waits for
the schema, including the freshly-created table) instead of the `pg-meta
… public-infinite_tables` XHR.
- `database-webhooks.spec.ts` — wait on the `Database Webhooks` heading
instead of marketing copy that was removed when the page moved to the
new integrations UI.
- `queue-integration.spec.ts` — wait on the unconditional "Create queue"
button instead of the grid (which only renders once a queue exists);
assert creation by polling for either valid end-state.

## To test

- Run the affected specs against a local self-hosted studio and confirm
they pass:
`pnpm --prefix e2e/studio run e2e -- features/realtime-inspector.spec.ts
features/database.spec.ts features/database-webhooks.spec.ts
features/queue-integration.spec.ts`
- Or just let the studio E2E suite run on this PR (Next.js build).

Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
2026-06-18 20:02:08 +08:00
Joshen Lim 097f220c5c Add support for managing stored procedures under database functions (#46977)
## Context

Dashboard currently doesn't have any support for managing stored
procedures. In the event that the security advisor surfaces a warning
about a stored procedure, users hence run into a dead-end as there's
currently no way to self-remediate via the dashboard

## Changes involved

We're hence adding support for managing stored procedures within
Database Functions
<img width="1082" height="546" alt="image"
src="https://github.com/user-attachments/assets/2598a5fe-e58f-4e8a-ad2f-9cb6d0eb2f53"
/>

Creating a function now shows a dropdown to select the type
<img width="500" alt="image"
src="https://github.com/user-attachments/assets/acc9249d-7b25-4416-aae8-89c630e1c62b"
/>

In which if stored procedure is selected, the following fields will be
hidden since they're irrelevant for stored procedures
- Return type
- Behaviour (Under advanced settings)

Some other minor UI changes as well:
- Field inputs are re-ordered a little, opting to group "Schema" and
"Name" into one section, followed by "Type" and "Return type"
- Opting to show "Return type" when editing a function but disabled
- Add schema filter for fetching database functions to reduce
unnecessary load on the database

## To test
- [ ] Can create, update, delete, read stored procedures via database
functions page

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

## Summary

- **New Features**
- Added PostgreSQL **procedure** support alongside functions, including
a **Type** selector in the create/edit flow.
- Updated Functions UI with a new **Type** column and procedure-aware
return/argument details.

- **Improvements**
- Refreshed create/edit headers and language help text for clearer
context.
- Improved argument parsing/display, including better handling of
procedure argument modes.

- **Bug Fixes**
- Corrected routine-type handling during function/procedure delete and
update SQL operations.

- **Tests**
- Updated unit snapshots and end-to-end UI flows/labels for the new “New
function” control.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-17 19:15:54 +08:00
Jordi Enric a10bc9a88a feat(unified-logs): compact toggle banner and ArrowDown selects first log (#46812)
Visual cleanup of the Logs sidebar (unified logs):

- Restyle the "Go back to old logs" and "Try Unified Logs" banners as
full-bleed bordered strips (no card), with an icon-only switch-back
button and a tooltip
- Add a "Beta" badge next to the "Logs" sidebar title
- Rename the product from "Logs & Analytics" to "Logs"

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added Unified Logs banner with “Try Unified Logs” and “More
information” actions, plus a “Go back to old logs” utility layout.
  * Show a **“Beta”** badge for Unified Logs eligibility.

* **UX Updates**
* Updated the Logs experience to consistently display under the
**“Logs”** product layout.

* **Tests / Documentation**
* Updated end-to-end checks and examples to expect the **“Logs”**
heading text exactly.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: kemal <hello@kemal.earth>
2026-06-16 10:50:52 +00:00
Ali Waseem 7414802e57 test(studio): unflake schema visualizer Copy as SQL assertion (#46863) 2026-06-11 16:09:16 -06:00
ChloeGarciaMillerand d745036c9e chore: create index form (#46288)
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES

## What kind of change does this PR introduce?

Refactored the Database Create Index side panel to align with the
recommended Studio form patterns.

## What is the current behavior?

The side panel was using a legacy layout that did not follow the common
Studio form patterns.
It's also not a real form.

## What is the new behavior?

The Create Index side panel in the Database section is now consistent
with the Studio form patterns.
It's now a real form using `react-hook-form`

## Additional context

Before:
<img width="668" height="855" alt="image"
src="https://github.com/user-attachments/assets/d15ee63c-8d03-4780-8945-1792f0493133"
/>

After:
<img width="606" height="856" alt="image"
src="https://github.com/user-attachments/assets/78e0269c-e79c-42d1-a2c2-9465c0b0c46a"
/>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **UI Improvements**
* Reworked index-creation panel into a validated, form-driven workflow
with clearer field interactions, multi-column selector, live read-only
SQL preview, and updated submit/cancel behavior.
* Footer actions: Cancel resets the form and closes the panel; Create
triggers form submission and reflects loading state.
* **Tests**
* Updated end-to-end flow to click "Select a table" (replacing "Choose a
table") during index creation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Gildas Garcia <1122076+djhi@users.noreply.github.com>
2026-06-08 11:53:29 +02:00
Charis 4ae803c3d7 feat(studio): paginate Tables list with server-side search (#46514)
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES

## What kind of change does this PR introduce?

Feature / performance improvement.

## What is the current behavior?

The Database > Tables list renders every table for the selected schema
in a single `useTablesQuery({ includeColumns: true })` fetch.

## What is the new behavior?

- Database > Tables list uses `useInfiniteTablesQuery` with a 50-row
page size, streaming pages as the user scrolls.
- An `IntersectionObserver` sentinel attached to the footer status row
triggers `fetchNextPage()` while `hasNextPage` is true; the same row
doubles as the table count / loading indicator.
- Search is debounced (300 ms) and passed as `nameFilter` to the hook,
which forwards it to pg-meta's `getTablesPaginatedSql`. The backend
returns only matching rows, so search works across the whole schema
rather than only the loaded pages.

## Additional context

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
  * Debounced search filtering for tables
  * Infinite-scroll pagination with sentinel-driven loading
  * Footer shows “Loading more tables…” and dynamic table counts

* **Bug Fixes**
* Ensure table list refresh after create/duplicate by invalidating
infinite-list cache

* **Tests**
* Updated end-to-end waits and helpers to match the new paginated
table-loading API
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-02 16:41:52 -04:00
Andrey A. 0c8b71de64 feat(self-hosted): update project home for self-hosted and cli (#46544) 2026-06-02 15:38:28 +02:00
Gildas Garcia ac59de1f9e chore: e2e tests reliability (#46496)
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES/NO

## What kind of change does this PR introduce?

Bug fix, feature, docs update, ...

## What is the current behavior?

Please link any relevant issues here.

## What is the new behavior?

Feel free to include screenshots if it includes visual changes.

## Additional context

Add any other context or screenshots.


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Accessibility**
* Improved screen-reader label for table row action menus so table
controls are clearer for assistive‑technology users.

* **Tests**
* Enhanced end-to-end test reliability: tightened selectors, added
dialog/toast visibility and API-wait synchronization, scoped lookup
fixes, removed redundant cleanup helper, and updated test setup to mark
a terms-of-service dismissal to reduce flakiness.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-01 10:18:07 +02:00
Charis a4334a2cc7 feat(studio): paginate Schema Designer via useInfiniteTablesQuery (#46402)
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES

## What kind of change does this PR introduce?

Performance improvement / feature

## What is the current behavior?

The Schema Designer fetches all tables in a single request via
`useTablesQuery`. For schemas with 400+ tables this blocks first paint
on a large payload.

## What is the new behavior?

`SchemaGraph` uses `useInfiniteTablesQuery` (pageSize: 100) so the first
100 tables paint immediately. A "Load more tables" button appears above
the legend whenever more pages remain, letting users load the rest on
demand.

## Additional context

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added a "Find table…" selector and keyboard shortcut to quickly locate
and focus tables; supports incremental loading and debounced name search
(with literal wildcard handling).
* Schema Graph shows a bottom "Load more tables" control with loading
state and preserves view after loading more.

* **Refactor**
* Table listing switched to infinite/paginated retrieval and improved
"no tables" logic; server-side name filtering supported.

* **Tests**
* E2E tests add a schema-visualizer wait helper and update flows to
support the paginated visualizer.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46402?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-29 15:12:22 -04:00
Ali Waseem 5222f31fe3 fix: cron job editing was done by name rather than Job ID (#46486)
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES

## What kind of change does this PR introduce?

- Minor issues here, the validation for creating names is there but
users can create crons with empty names through SQL
- When they edit the name in the Cron editor, since we use names as the
where clause it treats it as a new create
- So a duplicate cron is created
- Since creating requires a name, the validation is moved to the
component rather than zod and disabled when editing mode is on!

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
  * Cron jobs can now be created without requiring a name field.
* Improved handling to properly distinguish between creating new cron
jobs and editing existing ones.

* **Bug Fixes**
* Fixed issue where editing unnamed cron jobs would create duplicate
entries instead of updating the existing job in place.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46486?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-29 06:33:19 -06:00
Ali Waseem c39bb96d74 feat: Context view actions for views and material views (#46383)
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES

## What kind of change does this PR introduce?

Right now material views and views don't have any options on the context
menu, they only have a copy name. This adds copy schema, export CSV,
export SQL and delete table to that list

Added E2E tests to cover the use cases

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Delete views and materialized views via confirmation dialogs with
optional cascade
  * Copy SQL definitions for views and materialized views
* Export views and materialized views as CSV and SQL from the entity
menu
* Confirmation modals now show dependency warnings and cascade toggle
consistently

* **Tests**
* End-to-end tests covering copy, export, and delete flows for views and
materialized views in the table editor

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46383?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-28 16:19:27 +00:00
Danny White 239825e9a3 fix(studio): clarify RLS disable destructiveness (#46357)
## What kind of change does this PR introduce?

UI fix

## What is the current behavior?

RLS disable dialog is just plain prose.

## What is the new behavior?

RLS disable dialog better communicates the high-risk action.

| Before | After |
| --- | --- |
| <img width="866" height="536" alt="CleanShot 2026-05-26 at 11 31
47@2x"
src="https://github.com/user-attachments/assets/9ae061aa-edf5-45e8-b866-4d59a035a597"
/> | <img width="860" height="534" alt="CleanShot 2026-05-26 at 11 29
42@2x-584E1768-6ACD-4873-9477-A8FA7D017C67"
src="https://github.com/user-attachments/assets/00b485dd-485a-4c28-825c-6c0460e3428d"
/> |

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Refactor**
  * Improved RLS toggle dialog component logic.

* **Tests**
  * Enhanced RLS policies test assertions for better accuracy.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46357?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-26 18:46:24 +10:00
Saxon Fletcher e13486e358 Storage file bucket design (#46184)
<img width="1285" height="654" alt="image"
src="https://github.com/user-attachments/assets/10074f07-3ac0-4f1f-b920-4255c67968d6"
/>

Updates file storage buckets to make use of new page components and
follow more standard full width pages as recommended in our design
system.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Search input now always visible with dynamic placeholder and cancel
control.
* “Go up one level” navigation button shown in list view when not at
bucket root.

* **Style**
* Thinner icon strokes and smaller button/icon sizing across the Storage
Explorer and preview.
* Header, breadcrumbs, and page container spacing/layout refined;
explorer outer container simplified.
* Selection count UI made compact/monospaced; new layout tokens for
header and bulk-action rows.

* **Tests**
* Unit and e2e tests updated; added e2e helper for rename/create inputs.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46184?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-26 14:17:25 +10:00
Danny White 1470c51021 fix(studio): align rls confirmation dialogs (#45961)
## What kind of change does this PR introduce?

Studio UI cleanup and docs update. Resolves FE-3217.

## What is the current behavior?

The table RLS confirmation dialogs differ across the Policies page and
Table Editor surfaces. The table editor disable flow also uses a verbose
confirmation modal with admonitions and repeated warning copy.

| Policies | Table Editor |
| --- | --- |
| <img width="852" height="448" alt="25125"
src="https://github.com/user-attachments/assets/baa9fafa-752c-4701-bf54-40da4e32030b"
/> | <img width="1108" height="1016" alt="57354"
src="https://github.com/user-attachments/assets/b1b88355-be39-49b9-aed2-a60f20c25104"
/> |
| <img width="866" height="434" alt="CleanShot 2026-05-15 at 18 01
15@2x"
src="https://github.com/user-attachments/assets/d67f69ee-0a49-4dbd-939e-ca968361fc33"
/> | <img width="840" height="426" alt="CleanShot 2026-05-15 at 18 01
52@2x"
src="https://github.com/user-attachments/assets/a0b5f390-abeb-453f-8636-ad097f22308b"
/> |

## What is the new behavior?

Table RLS enable and disable confirmations now use one shared concise
Alert Dialog treatment across the Policies page, Table Editor header,
and Table Editor side panel. The server-backed toggles use the async
Alert Dialog action behaviour from the stacked base branch, and the
design-system docs now clarify when to start with Alert Dialog versus
Confirmation Modal.

This PR is stacked on #45960.

| Before | After |
| --- | --- |
| <img width="852" height="448" alt="25125"
src="https://github.com/user-attachments/assets/baa9fafa-752c-4701-bf54-40da4e32030b"
/> | <img width="864" height="518" alt="CleanShot 2026-05-15 at 18 07
21@2x"
src="https://github.com/user-attachments/assets/bda53246-164b-4d5b-81a1-25d3bc661eb3"
/> |
| <img width="1108" height="1016" alt="57354"
src="https://github.com/user-attachments/assets/b1b88355-be39-49b9-aed2-a60f20c25104"
/> | <img width="864" height="518" alt="CleanShot 2026-05-15 at 18 07
21@2x"
src="https://github.com/user-attachments/assets/bda53246-164b-4d5b-81a1-25d3bc661eb3"
/> |
| <img width="866" height="434" alt="CleanShot 2026-05-15 at 18 01
15@2x"
src="https://github.com/user-attachments/assets/d67f69ee-0a49-4dbd-939e-ca968361fc33"
/> | <img width="860" height="488" alt="CleanShot 2026-05-15 at 18 08
41@2x"
src="https://github.com/user-attachments/assets/4c67f797-e2cd-4d56-a49d-e6c6fc0edff3"
/> |
| <img width="840" height="426" alt="CleanShot 2026-05-15 at 18 01
52@2x"
src="https://github.com/user-attachments/assets/a0b5f390-abeb-453f-8636-ad097f22308b"
/> | <img width="860" height="488" alt="CleanShot 2026-05-15 at 18 08
41@2x"
src="https://github.com/user-attachments/assets/4c67f797-e2cd-4d56-a49d-e6c6fc0edff3"
/> |

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Documentation**
* Refined guidance and wording for dialog usage, clarifying when to use
Alert Dialog, Confirmation Modal, and modal modality.

* **New Features**
* Reworked RLS confirmation flow with a streamlined toggle dialog,
clearer messaging, and a “Learn more” link to docs.

* **Tests**
* Updated end-to-end tests to cover the updated RLS dialog flows and
explanatory content.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45961?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-25 22:47:40 +00:00
Danny White 5fdff9707f chore(studio): improve download snippet dialog (#46242)
## What kind of change does this PR introduce?

Chore: component migration and copy update.

## What is the current behavior?

`DownloadSnippetModal` and `RenameQueryModal` use an awkward tabs-based
layout. The download action is labelled "Download" throughout, and the
NPX toggle was incorrectly labelled "NPM".

## What is the new behavior?

- Both modals are migrated to the `Dialog` component.
- The download dialog replaces the tab layout with a select (Migration /
Seed file / SQL file) and a CLI/NPX toggle.
- Action language changed from "Download" to "Export" (context menu
item, dialog title, select label) — more accurate since the user runs a
CLI command rather than triggering a browser download.
- NPM toggle label corrected to NPX; internal `npm` property key renamed
to `npx` for consistency.

| Before | After |
| --- | --- |
| <img width="1024" height="759" alt="Add Auth Hook (General) SQL Editor
Pickles Pantry Supabase-C6F22F8B-19FF-486E-8C08-915895495875"
src="https://github.com/user-attachments/assets/98637802-5e05-4431-87f8-b2e83216082a"
/> | <img width="1024" height="759" alt="Add Auth Hook (General) SQL
Editor Pickles Pantry Supabase-5B63AD0C-7CD0-4BB2-BEC8-5DBAE94963CE"
src="https://github.com/user-attachments/assets/a8f48c2f-a7e2-42fd-b52c-89a133811ad8"
/> |
| <img width="1024" height="759" alt="Add Auth Hook (General) SQL Editor
Pickles Pantry Supabase-1F28FADA-46D1-4C0A-BE96-6CFF2317FDCF"
src="https://github.com/user-attachments/assets/afb904d0-689b-4756-b0b4-8177703934e4"
/> | <img width="1024" height="759" alt="Add Auth Hook (General) SQL
Editor Pickles Pantry Supabase-652E6E8D-1CD2-4465-BC82-46EDB974CD8C"
src="https://github.com/user-attachments/assets/f1adfb6b-fba6-495f-b571-1713c3eebb4d"
/> |

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Refactor**
* Updated the SQL query export modal UI from a tabs-based interface to a
dropdown-based selection for choosing export formats.
* Revised menu and dialog labels to "Export query" for improved clarity.
  * Enhanced code block presentation in the export modal.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46242?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Gildas Garcia <1122076+djhi@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-22 17:51:23 +10:00
Ali Waseem 34303997c6 fix(table-editor): wait for filter value before applying (#46113)
## Summary

- Closes
[FE-3399](https://linear.app/supabase/issue/FE-3399/make-table-editor-filter-bar-wait-for-a-value)
- Table editor's filter bar was firing a row request as soon as a
property was selected, before any operator/value was set. This regressed
after #46071 unified the table editor and unified logs onto the shared
`FilterBar`.
- `LogsFilterBar` already validates that each condition has a
propertyName, operator, and non-empty value before applying.
`FilterPopoverNew.handleApply` did not — it called `setFilters`
unconditionally on every `onApply` from the shared bar (property change,
operator change, blur, etc.). This PR mirrors the `LogsFilterBar`
validation so the table editor stops requesting rows until the condition
is complete.

## Test plan

- [ ] Open the table editor on any table
- [ ] Click the filter bar, pick a column → no network request fires, no
toast, grid unchanged
- [ ] Pick an operator → still no request
- [ ] Type a value and hit Enter → row request fires, grid filters
- [ ] Remove the filter → grid refetches with no filter
- [ ] New e2e test: `pnpm --prefix e2e/studio run e2e --
features/filter-bar.spec.ts --grep "does not trigger a row request"`

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Filter validation now prevents incomplete filter conditions from being
applied, ensuring only fully-specified filters affect table data.

* **Tests**
* Added end-to-end test coverage for filter bar operations to verify
expected behavior during filter setup.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46113?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-19 10:31:57 -06:00
Alaister Young 5950b6ca04 test(e2e/studio): stabilize flaky and TZ/OS-sensitive specs (#46039)
Backports a batch of e2e test stabilization fixes — each commit is
scoped to a single failure class and only touches `e2e/studio/` files.

**Changed:**
- **`_global.setup` — playwright-locks cleanup was dead code**: the
lock-cleanup block was at the bottom of `Global Setup`, but every branch
above it returns early — so it never ran. Tests that use
`withFileOnceSetup` (cron-jobs) would see a stale `setup.done.json`
marker from the previous run and silently skip their setup, leaving e.g.
`pg_cron` uninstalled and all 11 cron-jobs specs failing. Moved the
cleanup to before any early return.
- **filter-bar — Home key**: macOS Chromium doesn't honor a standalone
`Home` keypress inside text inputs (macOS routes "go to line start" via
`Cmd+ArrowLeft` / `Fn+ArrowLeft`). Tests that expected the cursor to
jump to position 0 silently kept the previous selection. Replaced with
`el.setSelectionRange(0, 0)` so the assertion runs against a known
cursor position on every OS.
- **filter-bar — date filters**: tests inserted rows with `CURRENT_DATE`
/ `NOW()` (postgres session TZ = UTC) and asserted with JS-local dates
from `getDateValue()`. Near midnight the two diverged and the filter
returned 0 rows. Switched the inserts to explicit `getDateValue()`
strings so insert and assert use the same calendar day.
- **queue-table-operations — `networkidle`**: Studio holds long-poll /
SSE connections (PostHog, realtime), so `page.reload({ waitUntil:
'networkidle' })` never resolves and timed out. Replaced with a targeted
`waitForTableToLoad` API waiter.
- **sql-editor — RLS smoke test**: a hard-coded table name
(`pw_rls_smoke_test`) collided across 3 parallel workers running against
the same db. Suffixed with `test.info().parallelIndex`.
- **table-editor — FK spec timeout**: `waitForApiResponseWithTimeout`
for `query?key=table-update` returns `null` on timeout (silent), then
the panel-close assertion fails. Bumped 15s → 30s to absorb
parallel-load latency.
- **table-editor / storage-helpers — URL encoding & redirect race**:
post-action URL assertions were over-specific (`%20` vs `+` encoding)
and the bucket-delete redirect could race other history updates. Relaxed
the regex to accept both encodings; asserting the row removal directly
is a more stable signal than the redirect URL.


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Tests**
* Improved end-to-end determinism with explicit dates/timestamps and
stable cursor positioning
* Prevented parallel-test collisions by using unique identifiers for
resources
* Made page reloads and API waits more robust for long-lived connections
and increased timeouts
* Strengthened assertions to rely on stable UI signals instead of
transient navigation/network state
* Ensured test setup reliably cleans up temporary locks before any setup
steps run

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46039?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
2026-05-18 17:31:40 +08:00
Danny White 8935043a1b simplify sql editor warning dialog (#45912)
## What kind of change does this PR introduce?

Studio UI cleanup.

## What is the current behaviour?

The SQL editor query warning modal repeats itself with an admonition, a
nested warning panel, and extra confirmation copy. Single-warning cases
are harder to scan than they need to be.

## What is the new behaviour?

The warning now uses `AlertDialog` and resolves each detected issue into
concise title/body copy. Single-warning cases show one short
description, while multi-warning cases show a compact list. The existing
RLS actions are preserved.

## Testing instructions

Manual SQL editor checks:

Open the Studio SQL editor, paste each snippet, click **Run**, verify
the warning copy, then click **Cancel**. These snippets are only
intended to trigger the warning UI, so do not confirm the dangerous
ones.

Destructive operation warning:

```sql
drop table if exists public.codex_warning_destructive;
```

UPDATE without WHERE warning:

```sql
update public.codex_warning_table set id = id;
```

Prevent database connections warning:

```sql
alter database postgres connection limit 0;
```

Missing RLS warning:

```sql
create schema if not exists codex_warning;
create table codex_warning.missing_rls (id bigint);
```

Multiple issues warning:

```sql
drop table if exists public.codex_warning_destructive;
update public.codex_warning_table set id = id;
create schema if not exists codex_warning;
create table codex_warning.missing_rls_multi (id bigint);
```

## Additional context

| Before | After |
| --- | --- |
| <img width="1024" height="759" alt="Codex Warning Table Maintenance
SQL Editor Hammer Toolshed Supabas-BDBD32C7-FCE8-4623-ACF2-D2554233EBB4"
src="https://github.com/user-attachments/assets/aaed16c2-9910-424a-8a3c-f9815139b1bf"
/> | <img width="1024" height="759" alt="Codex Warning Table Maintenance
SQL Editor Hammer Toolshed Supabas-C8964C98-1CF9-4992-89D6-86C081C884E8"
src="https://github.com/user-attachments/assets/d291c559-1e64-4c63-b918-b20b58d9a2a5"
/> |
| <img width="1024" height="759" alt="Codex Warning Table Maintenance
SQL Editor Hammer Toolshed Supabas-C341A032-B5B0-49A2-8EA2-E3E6EEC54E4F"
src="https://github.com/user-attachments/assets/667d9d1a-e34b-4411-9f91-4972ee8d1a23"
/> | <img width="1024" height="759" alt="Codex Warning Table Maintenance
SQL Editor Hammer Toolshed Supabas-FC66ADE9-6AF1-44D2-A6B6-F7B2FC935C0E"
src="https://github.com/user-attachments/assets/1348377e-6606-47c0-aa95-128d7f86ed56"
/> |
| <img width="1024" height="759" alt="Codex Warning Table Maintenance
SQL Editor Hammer Toolshed Supabas-43AAD9FA-7FAC-4DCE-A713-00E8FC76B343"
src="https://github.com/user-attachments/assets/bdadedc2-f17d-4011-ae67-5248097b3e92"
/> | <img width="1024" height="759" alt="Codex Warning Table Maintenance
SQL Editor Hammer Toolshed Supabas-279EC81D-31C7-49C7-B4A8-EEEF1738740A"
src="https://github.com/user-attachments/assets/0c178fff-ff49-4522-870d-7a3401c6af30"
/> |
| <img width="1024" height="759" alt="Codex Warning Table Maintenance
SQL Editor Hammer Toolshed Supabas-D405AED5-613F-4C78-909E-F718C67CF17E"
src="https://github.com/user-attachments/assets/a4399935-3596-471b-854a-c689e2e0df07"
/> | <img width="1024" height="759" alt="Codex Warning Table Maintenance
SQL Editor Hammer Toolshed Supabas-725FBCE6-5606-4BC3-B13F-6210DBADF6F2"
src="https://github.com/user-attachments/assets/0dcd08fc-cfb4-4d67-b167-eb6eaa768764"
/> |
| <img width="1024" height="759" alt="Codex Warning Table Maintenance
SQL Editor Hammer Toolshed Supabas-EA6563AF-DE7E-4AB8-9164-AC66164CA581"
src="https://github.com/user-attachments/assets/ef56fe0f-0243-4ff3-a2b2-ee8b3fe2330a"
/> | <img width="1024" height="759" alt="Codex Warning Table Maintenance
SQL Editor Hammer Toolshed Supabas-EC85EFB1-715E-4841-BBCA-51F88B539595"
src="https://github.com/user-attachments/assets/5be05527-920d-4f23-92eb-c7cd0bbff13e"
/> |

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Prevented unintended modal dismissal and duplicate handling when
confirming.

* **Refactor**
* Redesigned SQL editor warning modal with structured, consolidated
warnings, adaptive title/confirmation copy, and centralized handling of
missing-RLS table names.
  * Added conditional "Run and enable RLS" confirmation when available.

* **Tests**
* Updated end-to-end tests to match the new modal headings and body
text.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45912)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-15 10:00:58 +10:00
Vaibhav 7092cac4a4 e2e: fk save shortcut (#45804)
adds coverage for:
- #45761 which solved
 #45759



<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Tests**
* Added test coverage for keyboard shortcut save workflow in the column
editor with foreign-key relationships.

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45804)

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-11 13:53:56 -06:00
Gildas Garcia 1e59ef9a06 chore: balance e2e shards load (#45661)
## Problem

We run the e2e tests across two shards to reduce their duration.
However, one takes longer than the other.

## Solution

Use a currently hidden Playwright feature to balance their load

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
* Upgraded Playwright test dependency to a newer version for refreshed
test tooling and fixes.
* Adjusted end-to-end test shard weighting to rebalance distribution
across parallel runs.

* **Tests**
* Stabilized several end-to-end editor interactions to make E2E flows
more reliable.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-07 06:53:09 -06:00
Charis 0433eeb5f5 feat(studio): mark sql provenance for safety (#45336)
Mark provenance of SQL via the branded types SafeSqlFragment and
UntrustedSqlFragment. Only SafeSqlFragment should be executed;
UntrustedSqlFragments require some kind of implicit user approval (show
on screen + user has to click something) before they are promoted to
SafeSqlFragment.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Editor and RLS tester show loading states for inferred/generated SQL
and include a dedicated user SQL editor for safer edits.

* **Refactor**
* Platform-wide SQL handling tightened: snippets and AI-generated SQL
are treated as untrusted/display-only until promoted, improving safety
and consistency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-04 13:08:06 -04:00
Ali Waseem e6f779ea30 feat(studio): add keyboard shortcuts to the schema visualizer (#45386)
## Summary

Adds the first batch of keyboard shortcuts for the Database → Schema
Visualizer page, following the registry pattern established for the SQL
editor and table editor.

Fixes [FE-3115](https://linear.app/supabase/issue/FE-3115).

## Shortcuts

| Shortcut | Action |
| --- | --- |
| `Mod+Shift+C` | Copy schema as SQL |
| `Mod+Shift+M` | Copy schema as Markdown |
| `D` then `P` | Download schema as PNG |
| `D` then `S` | Download schema as SVG |
| `O` then `A` | Open the auto-layout confirmation dialog |
| `O` then `S` | Open the schema selector |

All six entries appear in the Cmd+K command menu under "Shortcuts" and
in the global shortcuts sheet (`Mod+/`) under a new "Schema Visualizer"
group while the page is mounted. None are surfaced in Account →
Preferences yet (`showInSettings: false`), matching how the SQL/table
editor batches shipped.

The schema selector and auto-layout button are wrapped in the unified
`Shortcut` component so the keybind is shown on hover (Linear-style).
The dropdown items for copy/download don't get hover hints since
tooltips on dropdown items don't make sense — they're discoverable via
Cmd+K instead.

## Toasts

Each user-visible action now confirms via a sonner toast:

- `Successfully copied as SQL` — fires on Copy as SQL (button or
`Mod+Shift+C`).
- `Successfully copied as Markdown` — fires on Copy as Markdown
(dropdown or `Mod+Shift+M`).
- `Successfully downloaded as PNG` / `Successfully downloaded as SVG` —
already present in `useExportSchemaToImage`; fires on click or `D → P` /
`D → S`.
- `Failed to download current view: …` — error toast on download failure
(also pre-existing).

## Notes

- `Mod+Shift+C` and `Mod+Shift+M` collide with the SQL editor's
`results.copy-csv` / `results.copy-markdown` shortcuts. They coexist
cleanly because `useShortcut` only fires while the hook is mounted, and
the two pages live on different routes. Both labels appear in the global
shortcuts sheet honestly scoped per surface.
- `SchemaSelector` was promoted to a `forwardRef` component that spreads
extra props onto its outer `<div>`. This was needed for `<TooltipTrigger
asChild>` to attach event handlers and the ref properly — previously
they were silently dropped and the hover tooltip didn't render.
- `SchemaSelector` and the auto-layout `AlertDialog` accept controlled
`open` props now so the shortcuts can drive them and the tooltip can be
suppressed while the popover/dialog is open (`Shortcut` gained a
`tooltipOpen` passthrough for this).
- Auto-layout still pops the existing confirmation dialog rather than
running directly — destructive enough to keep the guardrail.

## Test plan

- [x] On the Schema Visualizer page, each of the six shortcuts fires the
corresponding action.
- [x] Hover the schema selector and the Auto layout button — tooltip
shows the action label and keybind badge.
- [x] Open the schema selector popover (click or `O → S`) — hover
tooltip is suppressed while open.
- [x] Open the auto-layout confirm dialog (click or `O → A`) — hover
tooltip is suppressed while open.
- [x] Cmd+K shows all six entries under "Shortcuts" while on the page;
navigating away unregisters them.
- [x] `Mod+/` shortcuts sheet has a "Schema Visualizer" group listing
all six.
- [x] Copy as SQL / Markdown each fire a confirmation toast; PNG / SVG
downloads each fire a confirmation toast.
- [x] On the SQL editor results page, `Mod+Shift+M` / `Mod+Shift+C`
still copy results (no regression from the duplicate keybinds).
- [x] The download dropdown items still work via click; PNG/SVG
downloads succeed.
- [x] All other consumers of `SchemaSelector` (~15 callsites) render
unchanged after the `forwardRef` promotion.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Keyboard shortcuts for schema visualizer: copy as SQL/Markdown,
download PNG/SVG, auto-layout, and focus selector
  * Success toasts when copying content to clipboard

* **Improvements**
* Schema selector and auto-layout dialog can be opened/closed via
keyboard and programmatically
* Shortcut tooltips can be suppressed when related overlays/dialogs are
open
  * Schema Visualizer added to the shortcuts reference sheet

* **Tests**
  * E2E tests dismiss transient toasts to avoid UI interference
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-01 07:13:37 -06:00
Joshen Lim 7f8ae81d64 Clean up table editor header (#45452)
## Context

Resolves FE-3126

Just cleaning up the table editor header with a bit of refactors
(pre-req to investigating collapsing filter bar and table editor header
actions into a single row)

## Non-visual changes involved
- Break down components within `GridHeaderActions` into smaller ones
  - `IndexAdvisorPopover`
  - `SecurityDefinerViewPopover`
  - `RealtimeToggle`
- Deprecate use of `useUrlState` in `GridHeaderActions` to use
`useQueryState` instead
- Improve types for `TwoOptionToggle`

## Visual changes involved
- Collapse realtime button toggle into a button icon, with no text (just
tooltip)
- Adjust layout of buttons a little

### Before
<img width="796" height="118" alt="image"
src="https://github.com/user-attachments/assets/436bca94-4d91-471a-a184-487c6f78dc04"
/>

### After
<img width="731" height="132" alt="image"
src="https://github.com/user-attachments/assets/5fd30982-a1fc-4f92-a590-146d1e69d52a"
/>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
  * Index Advisor popover with recommendations.
  * Realtime toggle to manage realtime table publication.
  * Security Definer view popover with optional autofix.
  * Insert menu for adding rows/columns and CSV import.

* **Bug Fixes**
  * Adjusted filter bar input sizing for improved readability.

* **Refactor**
* Header layout updated and insert/import actions moved into dedicated
components.

* **Tests**
  * Updated end-to-end selectors for the Insert row menu item.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-01 18:45:21 +08:00
Gildas Garcia f4abe3fca7 chore: migrate MultiSelectDeprecated to Shadcn multi-select (#45377)
## Problem

We want to reduce the code we ship and maintain.

## Solution

- Migrate old `MultiSelectDeprecated` usage to the new Shadcn
`multi-select`
- Fix `multi-select` background color to align it with other inputs
- Fix `multi-select` popover content alignment (now align to its input
start)

## Screenshots

### RLS policies
Before:
<img width="618" height="705" alt="image"
src="https://github.com/user-attachments/assets/098504fc-21a9-4386-9390-e69f929189c1"
/>

After:
<img width="549" height="704" alt="image"
src="https://github.com/user-attachments/assets/06842e31-90bf-4d24-8c19-78f74941cd65"
/>

### Storage policies
Before:
<img width="1177" height="664" alt="image"
src="https://github.com/user-attachments/assets/3cf1afb4-9604-4ee9-b7b6-8371f94bcfcc"
/>

After:
<img width="1170" height="653" alt="image"
src="https://github.com/user-attachments/assets/e3b235d3-5890-45ff-9658-82c6612ac82a"
/>

### Database indexes
Before:
<img width="675" height="496" alt="image"
src="https://github.com/user-attachments/assets/84c0d3b6-45af-49dc-b4f4-274abed4cea7"
/>

After:
<img width="674" height="498" alt="image"
src="https://github.com/user-attachments/assets/697ceafc-256f-4106-9193-8697bc3d9d8e"
/>

### Contact support
Before:
<img width="643" height="534" alt="image"
src="https://github.com/user-attachments/assets/ee7fc790-622d-4c09-afab-269271a31af4"
/>

After:
<img width="645" height="457" alt="image"
src="https://github.com/user-attachments/assets/db0b9a32-95e0-4864-a12a-88828c431aab"
/>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Refactor**
* Replaced legacy multi-select controls with a unified selector UI:
dynamic trigger labels, per-item disable support, explicit item
rendering, deletable badges, and improved search/selection behavior.
* **Chores**
* Removed deprecated multi-select badge and legacy picker
implementations; adjusted exports/types to align with the new selector
components.
* **Style**
* Minor UI text and inline code styling improvements and modal spacing
tweaks.
* **Tests**
  * Updated end-to-end flows to wait and interact with the new pickers.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
2026-04-30 10:35:01 +02:00
Gildas Garcia 718021fc7b chore: migrate Listbox to Shadcn components (#45279)
## Problem

We want to reduce the code we ship and maintain.

## Solution

Migrate old `<Listbox />` usage to the new Shadcn component.

## Screenshots

### Billing
Before:
<img width="536" height="458" alt="image"
src="https://github.com/user-attachments/assets/c8883bd8-cbbd-47cd-84a4-e37a36c05cd6"
/>

After:
<img width="541" height="451" alt="image"
src="https://github.com/user-attachments/assets/9c848b1b-e72a-413c-b264-48340ce0c7ef"
/>

### Foreign Key Editor
Before:
<img width="463" height="995" alt="image"
src="https://github.com/user-attachments/assets/4debeeeb-94bd-439d-8f57-a84a2ed5230a"
/>
<img width="428" height="241" alt="image"
src="https://github.com/user-attachments/assets/81a21d58-c023-445a-a6e8-c9be22b53075"
/>

After:
<img width="451" height="1007" alt="image"
src="https://github.com/user-attachments/assets/18c781c0-4f52-4ca2-99e6-1fc34dc857e3"
/>
<img width="434" height="240" alt="image"
src="https://github.com/user-attachments/assets/13fbb3ad-ef3c-499d-a27e-26cfae89ae44"
/>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Refactor**
* Replaced legacy dropdowns with a unified Select component and
consistent form layout across payment method, org transfer,
foreign-key/column selectors, region selection, and other dropdowns.
* **Chores**
* Removed the legacy listbox implementation and its public exports from
the UI package.
* **Tests**
* Removed old listbox unit tests and updated e2e selectors to target the
new Select-based controls.
* **Style**
  * Deleted obsolete listbox-specific styles.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-28 14:30:49 +02:00
Gildas Garcia bc3dc73240 chore: migrate old <Select /> usage to the new Shadcn component (#45232)
## Problem

We want to reduce the code we ship and maintain.

## Solution

Migrate old `<Select />` usage to the new Shadcn component.

## Screenshots

### `www` Pricing 

Before:
<img width="637" height="697" alt="image"
src="https://github.com/user-attachments/assets/b6f261de-e587-411b-9408-faf94d709f1c"
/>

After:
<img width="644" height="756" alt="image"
src="https://github.com/user-attachments/assets/8cc4894c-64da-4e6a-960c-77cd162ac71d"
/>

### Observability

Before:
<img width="1015" height="452" alt="image"
src="https://github.com/user-attachments/assets/3d7e8613-e7a6-461d-a50d-e66c7c85fef1"
/>

After:
<img width="833" height="467" alt="image"
src="https://github.com/user-attachments/assets/98ace34f-25ec-48b5-aad3-fe812307b01d"
/>

### Docs Realtime

Used in pages:
- https://supabase.com/docs/guides/realtime/postgres-changes
- https://supabase.com/docs/guides/realtime/benchmarks

Before:
<img width="578" height="437" alt="image"
src="https://github.com/user-attachments/assets/22fa0048-be07-42e0-9153-65171fa3ccb9"
/>

After:
<img width="571" height="423" alt="image"
src="https://github.com/user-attachments/assets/e0adbde9-0c6f-48da-b377-516392185fb0"
/>

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Refactor**
* Updated dropdown/select controls across the app to a consistent,
composable implementation
* Replaced advanced JWT generator in docs with a simplified JWT
generator component

* **Chores**
  * Removed legacy select component, associated styles and exports
  * Updated theme and tests to align with the new select implementation
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-27 15:35:50 +02:00
Vaibhav d9b58fdf3e fix: paste seq sync (#45116)
## TL;DR
- extends https://github.com/supabase/supabase/pull/45076
- closes https://github.com/supabase/supabase/issues/45113


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Sequence values now properly sync after bulk row inserts, ensuring
correct auto-increment behavior for subsequent inserts.

* **Tests**
* Added end-to-end coverage for CSV import, including a "Paste text"
import path that verifies custom-owned sequences are synchronized before
the next insert.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Gildas Garcia <1122076+djhi@users.noreply.github.com>
Co-authored-by: Ali Waseem <waseema393@gmail.com>
2026-04-22 14:34:12 +00:00
Gildas Garcia 19a6fc90ac feat: Add "Export as markdown" action on both the schema and individual tables (#44986)
## Problem

When using LLMs, it's useful to describe your tables in markdown format.

## Solution

- Add an _Copy as SQL_ and _Copy as Markdown_ in the schema visualiser
table menu
<img width="320" height="235" alt="image"
src="https://github.com/user-attachments/assets/b465d6aa-a011-4308-86de-78725328630b"
/>

- Refactor the _Copy as SQL_ and _Download current view_ buttons in a
single button/dropdown combo and add _Copy as markdown_:
<img width="333" height="143" alt="image"
src="https://github.com/user-attachments/assets/a823988b-abff-4840-b5a5-53a5830065b4"
/>



<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
  * "Copy as Markdown" for schemas and individual tables.
  * "Copy as SQL" for individual tables.
  * Per-column descriptions included in schema/table exports.

* **Style**
* Export actions consolidated into a compact, grouped dropdown with
adjacent copy action for streamlined header controls.

* **Tests**
  * Unit tests for markdown export helpers.
* E2E tests updated to use the new export UI and adjusted dialog timing.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2026-04-21 16:09:54 +02:00
Vaibhav 2e3ddc3a52 fix: csv seq sync (#45076)
## TL;DR
fixes csv imports with explicit id values leaving auto generated primary
keys out of sync
by resolving the primary key sequence correctly after import

## ex:

| Before | After |
| --- | --- |
| <img width="378" height="201" alt="Before: stale sequence after CSV
import"
src="https://github.com/user-attachments/assets/34c827f5-c69b-4c05-aa67-9fb6fd65a040"
/> | <img width="435" height="196" alt="After: sequence synced after CSV
import"
src="https://github.com/user-attachments/assets/bb84f286-1b3e-44a5-965b-5f2faa3f7622"
/> |

## ref:
- closes https://github.com/supabase/supabase/issues/45073


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

## Release Notes

* **Bug Fixes**
* Fixed identity sequence synchronization during CSV imports. After
spreadsheet data is inserted, the system now properly updates sequence
values, ensuring subsequent rows receive correct identifiers.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-21 07:59:20 -06:00
Vaibhav 8c4ae77ece fix: enum quotes (#45023)
## TL;DR

fixes enum create/update failures when names contain quotes
(also added a smol e2e)

## Ex:

<table>
  <tr>
    <td><strong>Before</strong></td>
    <td><strong>After</strong></td>
  </tr>
  <tr>
    <td>
<img width="424" height="178" alt="Before"
src="https://github.com/user-attachments/assets/d1815f4e-3879-4f8d-8d24-40d2c1f5563d"
/>
    </td>
    <td>
<img width="233" height="75" alt="After fix"
src="https://github.com/user-attachments/assets/f3f9b53c-b234-4e18-9b2d-db97ca4713d5"
/>
    </td>
  </tr>
</table>

## ref:

- closes https://github.com/supabase/supabase/issues/45022


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Fixed enumerated type description handling to preserve special
characters (quotes and apostrophes) without unintended escaping.

* **Tests**
* Extended enumerated types test coverage to include creation, updates,
and deletion of types with special characters in names and descriptions.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-20 09:07:36 -06:00
Alaister Young 19027e73f8 [FE-3036] feat(studio): runtime env var overrides for enabled features (#45049)
Lets self-hosted Studio toggle flags in `enabled-features.json` at
container start time via `ENABLED_FEATURES_*` env vars, without
rebuilding the prebuilt image. Addresses
[FE-3036](https://linear.app/supabase/issue/FE-3036/allow-enabled-featuresjson-flags-to-be-overridden-via-env-vars)
and is a prerequisite for
[COM-205](https://linear.app/supabase/issue/COM-205/add-feature-flag-to-disable-all-logs-in-studio).

**Added:**
- `packages/common/enabled-features/overrides.ts` — pure parser that
maps `ENABLED_FEATURES_*` env vars to a disabled-features list
(forward-only key mapping, boolean validation, typo warnings) + 10
vitest tests
- `apps/studio/pages/api/enabled-features-overrides.ts` — Next.js API
route reading `process.env` at request time; no-op (`{
disabled_features: [] }`) when `IS_PLATFORM`
- `apps/studio/data/misc/enabled-features-override-query.ts` — React
Query hook with `staleTime: Infinity`, `enabled: !IS_PLATFORM`
- `packages/common/enabled-features/README.md` — docs the env var
convention, resolution order, `IS_PLATFORM` gating, and the
`Support.constants.ts` build-time caveat

**Changed:**
- `apps/studio/hooks/misc/useIsFeatureEnabled.ts` — merges the
override's `disabled_features` with `profile.disabled_features`

### Env var shape

One var per flag, prefixed `ENABLED_FEATURES_`. Feature key → env name:
uppercase with every non-alphanumeric char replaced by `_`.

```bash
ENABLED_FEATURES_LOGS_ALL=false
ENABLED_FEATURES_BRANDING_LARGE_LOGO=true
```

Values are `true`/`false` case-insensitively. Other values and prefixed
vars that don't match a known feature are logged and ignored.

### Resolution order (runtime, Studio only)

1. `ENABLED_FEATURES_*` (self-hosted, via API route → React Query →
hook)
2. `profile.disabled_features` (hosted, from `/platform/profile`)
3. `enabled-features.json` static value
4. Default (enabled)

`ENABLED_FEATURES_OVERRIDE_DISABLE_ALL` still short-circuits everything.

### Known limitation

`apps/studio/components/interfaces/Support/Support.constants.ts:4` calls
`isFeatureEnabled('billing:all')` at module load to build
`CATEGORY_OPTIONS`, which is spread into Zod form schemas. That call
site stays resolved from the JSON — documented in the package README.
`billing:all` isn't on the radar for self-hosted runtime toggling.

## To test

- `cd packages/common && pnpm exec vitest run enabled-features` — 10 new
tests pass
- `pnpm --filter studio run typecheck` clean
- Spin Studio locally with `NEXT_PUBLIC_IS_PLATFORM=false` and
`ENABLED_FEATURES_LOGS_TEMPLATES=false`;
`/project/[ref]/logs/explorer/templates` should reflect the flag after
the override fetch resolves
- Confirm the API route returns `{ disabled_features: [] }` when
`NEXT_PUBLIC_IS_PLATFORM=true`
- Set a typo like `ENABLED_FEATURES_LOGS_TMEPLATES=false` and check the
warning in container logs; flag stays enabled

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Runtime feature-flag overrides for self-hosted deployments (env var
driven), new API endpoint and client-side hook to fetch overrides, and
client logic now merges profile and runtime overrides.

* **Documentation**
* Added comprehensive README describing the feature-flag system and
override configuration.

* **Tests**
* Added unit tests for override parsing and E2E tests covering runtime
override behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
2026-04-20 22:28:56 +08:00
Alaister Young 2555e81dde fix(studio): don't scan dollar-quoted bodies for DDL in SQL editor (#45050)
Fixes a false positive in the CREATE-TABLE-without-RLS warning modal
added in #45008. The warning was firing on `CREATE FUNCTION` statements
because the `SELECT..INTO` detector was matching plpgsql variable
assignments inside `$$…$$` function bodies.

Reported example that triggered the modal with no table actually being
created:

```sql
create or replace function schema_checks()
returns jsonb
language plpgsql
as $$
declare
  ret jsonb;
begin
  select jsonb_build_object('value', 'ok') into ret;
  return ret;
end;
$$;
```

**Changed:**
- `SQLEventParser.match()` now strips the body of `$tag$…$tag$` blocks
before running detectors. Tags are kept as markers; content is blanked
out so function bodies, DO blocks, and dollar-quoted string literals are
never scanned as DDL.
- Updated a pre-existing parser test that asserted the buggy behaviour
(it expected `CREATE TABLE fake` inside a `$$…$$` string literal to be
detected — `$$…$$` is a string literal in Postgres, not DDL).

**Added:**
- Regression tests in `SQLEditor.utils.test.ts` covering: the exact
reported function, DO blocks with `select into`, `create table` text
inside a function body, mixed top-level `CREATE TABLE` + function with
`INTO` assignments, and custom `$body$…$body$` tags.
- Parser-level regression test in `sql-event-parser.test.ts`.

## To test

- In the SQL editor, paste the function from the Slack report and run it
— the RLS warning modal should not appear.
- Run `create table foo (id int8 primary key);` on its own — modal still
appears as before.
- Run `create table foo (id int8); create or replace function bar()
returns int language plpgsql as $$ declare v int; begin select 1 into v;
return v; end; $$;` — modal should flag only `foo`, not `v`.
- Run an existing destructive query (`drop table x`) — unaffected, modal
still works.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Parser no longer treats DDL/DML-like text inside PL/pgSQL functions,
DO blocks, or dollar-quoted bodies (including nested/custom tags) as
top-level CREATE TABLE/SELECT INTO, preventing false detections and UI
warnings.

* **Tests**
* Added unit and e2e regression tests covering dollar-quoted blocks,
nested dollar tags, DO blocks, SELECT INTO inside functions, and
positive controls with a real top-level CREATE TABLE.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
2026-04-20 21:19:28 +08:00
Alaister Young 3aed9a9a2a feat(studio): warn before CREATE TABLE without RLS in SQL editor (#45008)
Adds a pre-execution warning in the SQL editor when a `CREATE TABLE`
statement is run without enabling Row Level Security on the new table.
Responds to the press call-out around SQL editor security.

<img width="708" height="498" alt="Screenshot 2026-04-18 at 4 31 07 PM"
src="https://github.com/user-attachments/assets/4f23ed5e-f32c-46f0-b0da-ac6d4c661c7c"
/>


**Added:**
- Pre-execution check in `executeQuery` that detects `CREATE TABLE`
statements without a matching `ALTER TABLE ... ENABLE ROW LEVEL
SECURITY` in the same submitted SQL.
- New "Run and enable RLS" action in the warning modal that rewrites the
SQL to append `ALTER TABLE [schema.]<table> ENABLE ROW LEVEL SECURITY;`
for each detected table before running.
- Link in the modal to the RLS docs.

**Changed:**
- `RunQueryWarningModal` now renders `Dialog` directly (instead of
`ConfirmationModal`) so it can show three buttons: Cancel / Run without
RLS / Run and enable RLS.
- `sqlEventParser` table-name regex now supports quoted identifiers
containing spaces (e.g. `"My Table"`) and escaped quotes (e.g.
`"user""table"`).

The check runs against the SQL that's actually submitted, so
partial-selection works correctly — selecting only the `CREATE TABLE`
portion will trigger the warning even if there's a matching `ENABLE RLS`
lower in the editor.

## To test

- Open the SQL editor and run `create table foo (id int8 primary key);`
→ modal should appear with the RLS warning bullet and three buttons.
- Click **Run and enable RLS** → query runs, table is created with RLS
enabled.
- Click **Run without RLS** → query runs as written, no RLS.
- Run `create table foo (id int8); alter table foo enable row level
security;` → no modal (RLS already enabled in same submission).
- Run `create table public.bar (id int8); create table baz (id int8);
alter table baz enable rls;` → modal flags only `public.bar`.
- Select only the `create table` portion of a snippet that also enables
RLS lower down and run the selection → modal should still fire.
- Run an existing destructive query (`drop table x`) → modal still works
as before with two buttons (Cancel / Run this query).

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* SQL editor now detects CREATE TABLE statements missing Row Level
Security (RLS) and shows counts and dynamic table/schema details in a
redesigned warning dialog with updated pluralization and a “Learn more”
link.
* New actions: “Run without RLS” and, when available, “Run and enable
RLS” which applies RLS and runs the query; editor can execute an
overridden SQL payload when applying RLS changes.

* **Tests**
* Added comprehensive unit and e2e tests covering RLS detection, SQL
augmentation, trigger handling, identifier parsing, and the “Run and
enable RLS” flow.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
2026-04-18 17:18:12 +08:00
Ali Waseem ae4f1551f0 chore: make new table filter bar the default (#44910)
## Summary
- Makes the new table filter bar the permanent default by hardcoding
`useIsTableFilterBarEnabled` to return `true`
- Removes the feature preview toggle (opt-out) from the preview modal
- Cleans up E2E tests: removes old filter UI test, removes
`enableFilterBar` helper, fixes race condition in column-drop test
- Old filter code paths are left in place for a follow-up cleanup PR

Closes FE-2819

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
* Removed the table filter bar preview and its opt-in/local-storage
preview key.
  * Cleared preview content from the feature preview modal.

* **Tests**
* Removed the UI filtering e2e test and associated preview opt-in
helper.
* Updated filter-bar e2e flows to adjust navigation/wait behavior (added
explicit waits, removed redundant reloads).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
2026-04-16 07:59:48 -06:00
Gildas Garcia 8ff22d7f0f fix: table editor columns cannot be selected nor advisor icon clicked (#44931)
## Problem

Since the drag & drop refactor, users cannot double click to select the
column name in the columns headers of the table editor. Besides, the
advisor button cannot be clicked either.

## Solution

- Add a delay constraint on the drag & drop operation, allowing click
events to trigger
- Add e2e tests to prevent future reggressions

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
  * Double-click column headers to copy column names to clipboard
  * Index Advisor warnings now accessible in the Table Editor

* **Improvements**
* Improved drag start timing and tolerance for smoother column dragging
  * Better screen reader announcement for index suggestion actions
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-16 15:12:39 +02:00