## Context
Resolves FE-3126
Just cleaning up the table editor header with a bit of refactors
(pre-req to investigating collapsing filter bar and table editor header
actions into a single row)
## Non-visual changes involved
- Break down components within `GridHeaderActions` into smaller ones
- `IndexAdvisorPopover`
- `SecurityDefinerViewPopover`
- `RealtimeToggle`
- Deprecate use of `useUrlState` in `GridHeaderActions` to use
`useQueryState` instead
- Improve types for `TwoOptionToggle`
## Visual changes involved
- Collapse realtime button toggle into a button icon, with no text (just
tooltip)
- Adjust layout of buttons a little
### Before
<img width="796" height="118" alt="image"
src="https://github.com/user-attachments/assets/436bca94-4d91-471a-a184-487c6f78dc04"
/>
### After
<img width="731" height="132" alt="image"
src="https://github.com/user-attachments/assets/5fd30982-a1fc-4f92-a590-146d1e69d52a"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Index Advisor popover with recommendations.
* Realtime toggle to manage realtime table publication.
* Security Definer view popover with optional autofix.
* Insert menu for adding rows/columns and CSV import.
* **Bug Fixes**
* Adjusted filter bar input sizing for improved readability.
* **Refactor**
* Header layout updated and insert/import actions moved into dedicated
components.
* **Tests**
* Updated end-to-end selectors for the Insert row menu item.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Adds `graphiql@5.2.2` and switches from our heavily-customised rebuild
(which used `@graphiql/react` + `@graphiql/toolkit` directly) to the
prebuilt component, restyled to match the dashboard. Role impersonation
re-added as a sidebar plugin.
This is a deliberately simpler setup than what we had – we lose some
layout customisation (sidebar is forced to the left, role impersonation
moves into the sidebar) but future upgrades become much easier since
we're no longer maintaining a fork-by-rewrite.
**Removed:**
- `apps/studio/components/interfaces/GraphQL/GraphiQL.tsx` – custom
rebuild
- `apps/studio/components/interfaces/GraphQL/graphiql.module.css` –
custom styles
**Changed:**
- Added `graphiql` ^5.2.2 (we previously didn't have the top-level
package, just the subpackages)
- `@graphiql/react` ^0.19.4 → ^0.37.3 (now Monaco-based; v0.19 was still
on CodeMirror 5)
- `@graphiql/toolkit` ^0.9.1 → ^0.11.3
- `GraphiQLTab.tsx` now wires up the prebuilt `<GraphiQL />` with worker
setup, theme bridge, and plugins
- New `graphiql.module.css` scopes restyling via `:global(...)` since we
can't add hashed classes to the library's DOM
- `RoleImpersonationSelector` gained an `orientation: 'horizontal' |
'vertical'` prop (default `horizontal`) so it fits in the sidebar pane –
all existing call sites unchanged
- `MonacoThemeProvider` exports `getTheme` so the GraphQL Monaco
instance can reuse Studio's theme
**Added:**
- Theme bridge: `supabase-graphql-dark` / `supabase-graphql-light`
Monaco themes synced with `next-themes` via `forcedTheme`
- Role impersonation sidebar plugin (gated on `field.jwt_secret` read
permission, same as before)
### Notes / tradeoffs
- We don't share Studio's monaco instance – Studio loads it via AMD/CDN,
GraphiQL bundles it as ESM. Both end up on `monaco-editor@0.52.2` but in
different module systems. Sharing would require ripping out Studio's CDN
loader (Studio-wide refactor, out of scope). GraphiQL's monaco is
dynamically imported and only loads when the GraphQL tab opens.
- The dark/light response panel uses different `--graphiql-response-bg`
tokens because the editor sits at very different baseline lightness in
each theme; a single token can't lift it meaningfully in both
directions.
- Session header (tabs row) is hidden – we don't expose multi-tab
workflows.
## To test
- Open `/project/<ref>/api/graphiql` in both light and dark themes –
editor + response panel backgrounds, sidebar borders, button radii
should all match the dashboard
- Run a query and confirm syntax highlighting works (GraphQL-specific
token `argument.identifier.gql` is purple)
- Open the doc explorer and history sidebar plugins
- As a user with `field.jwt_secret` read permission: open the Role
Impersonation sidebar plugin, pick a role, confirm subsequent queries
hit the API with the impersonated JWT
- As a user without that permission: confirm the Role Impersonation
plugin doesn't appear, history still does
- Toggle theme while GraphiQL is open – Monaco theme should swap without
a reload
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Vertical layout option for the role impersonation selector; radios can
expand to full width.
* **Improvements**
* Revamped GraphiQL integration with updated upstream package, plugins,
and editor theming for improved consistency and UX.
* New GraphiQL styling and layout for clearer pane separation and
polished controls.
* Role selector radios now support a full-width mode for improved
responsiveness.
* **Chores**
* Updated GraphiQL-related dependencies.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
## Context
As per PR title - saw that there's a `md:min-w-100` on `FlexContainer`
which overrides `md:w-1/2`. Removing the former resolves this
<img width="622" height="188" alt="image"
src="https://github.com/user-attachments/assets/6414d546-7c27-4a3c-9fd9-83da89acc387"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Improved form layout responsiveness on medium-sized screens by
adjusting width constraints for better flexibility.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Context
Continuing off from this PR:
https://github.com/supabase/supabase/pull/45407
Shifting the "Auto enable RLS" toast into a banner that's dismissible,
only can be minimised until action is taken
Given that this is a security measure that we highly advise - otherwise
there's no way for users to revisit this after dismissing
We'll use the existing local storage key so it doesn't affect the
behaviour for users who already dismissed the banner
Starting state: (Not dismissed / not minimised)
<img width="1450" height="424" alt="1"
src="https://github.com/user-attachments/assets/de419812-69f5-4370-a553-88a83f27a6f7"
/>
If dismissed already / minimised: Shift CTA into a button tooltip
<img width="1449" height="402" alt="2"
src="https://github.com/user-attachments/assets/c404f39d-021f-43ba-b855-f83aea858162"
/>
Button will disappear entirely once the trigger is created
Also added this to the database tables page
<img width="1913" height="534" alt="image"
src="https://github.com/user-attachments/assets/a0c65986-6e23-4795-8720-a33ec6eec3c1"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Redesigned the Row Level Security (RLS) notice with a new card-based
layout and minimize button to reduce visual clutter while keeping the
feature accessible.
* Added a compact icon-only mode for the RLS notice in page headers,
with tooltip descriptions for clarity.
* RLS notice minimization state is now persisted locally per project,
improving user experience across page navigation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## What kind of change does this PR introduce?
Feature improvement to the Studio keyboard shortcuts reference and
command palette behaviour.
## What is the current behavior?
The keyboard shortcuts sheet does not support filtering, some shortcut
labels are harder to scan at a glance, and the command palette shows
"Show all keyboard shortcuts" before the more contextual shortcuts in
the `Shortcuts` section.
## What is the new behavior?
Adds live filtering to the keyboard shortcuts sheet, keeps the sheet
width stable on small breakpoints, renders arrow-based shortcuts more
compactly, and moves "Show all keyboard shortcuts" to the end of the
`Shortcuts` section so contextual actions appear first.
https://github.com/user-attachments/assets/315a1a36-0cfb-4a0d-b6de-ef3c86aa9a05
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added search for keyboard shortcuts with live filtering, group-aware
results, clear-search action, and empty-state handling
* Added arrow key symbols for clearer shortcut visuals
* **Improvements**
* Updated shortcut visuals and typography for a tighter, pill-style
presentation
* Improved command menu ordering so shortcut-related entries appear in a
logical sequence
* **Tests**
* Added tests covering shortcut search behavior, display formatting, and
platform-specific key rendering
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Context
Shifts the "auto enable RLS" banner in the auth policies page into a
dialog for transparency on what SQL will be run as a result of creating
the `ensure_rls` database trigger
<img width="320" height="239" alt="image"
src="https://github.com/user-attachments/assets/9d1dd071-697d-4b40-aaa3-63f4147899b3"
/>
<img width="606" height="536" alt="image"
src="https://github.com/user-attachments/assets/68765278-b2f2-489b-89a7-2383d37ffe9f"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Improvements**
* Redesigned RLS trigger creation with a dialog-driven flow for better
user guidance
* Added permission-based access controls with informational tooltips
when unavailable
* Display of trigger SQL code for transparency
* Enhanced success notifications on completion
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Context
Small improvements from this PR:
https://github.com/supabase/supabase/pull/45373
- Fix feature preview badge alignment
- Before:
<img width="341" height="75" alt="image"
src="https://github.com/user-attachments/assets/e6e2f727-fc75-4f70-b9cd-94d67aed8c5d"
/>
- After:
<img width="365" height="64" alt="image"
src="https://github.com/user-attachments/assets/3d6e5e5d-c285-48f4-8f8f-251c23101e41"
/>
- Shift feature preview badge for policies into tester side panel
<img width="640" height="93" alt="image"
src="https://github.com/user-attachments/assets/3efb73a7-f7f5-4ae0-8560-d1e0ba989626"
/>
- Realised that advisor settings wasn't set up to be behind the feature
preview
- Fixing that in this PR
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added preview badge indicator to the RLS Tester feature
* **Style**
* Improved spacing and layout alignment across authentication, database
access, webhook, logging, and advisor interface components
* Enhanced badge component styling for better vertical alignment
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
- Update to the audit log schema (changes were already applied in
staging)
- Updates the org & project audit log page to reflect the changes to the
schema
- The schema should be agnostic to whether logs were emitted to logflare
with the old & new schema format - the backend adjusts old logs to the
new format.
## What is the current behavior?
Currently, the frontend is parsing the legacy schema as the backend
returns this by default. It also doesn't show some of these new fields
yet.
## What is the new behavior?
### Org Audit Logs - Table View
<img width="1810" height="1310" alt="CleanShot 2026-04-29 at 18 27 22"
src="https://github.com/user-attachments/assets/47fec068-1ffa-4e52-bc46-3bffdef55adb"
/>
### Org Audit Logs - Single log View
<img width="1842" height="1494" alt="CleanShot 2026-04-29 at 18 27 37"
src="https://github.com/user-attachments/assets/3cff3bdf-4a6a-4981-acaa-7f95bb3ae9cf"
/>
Note that the `Target` field is no longer there. We just show the
`metadata` JSON.
<img width="1842" height="1494" alt="CleanShot 2026-04-29 at 18 27 40"
src="https://github.com/user-attachments/assets/d2e681f0-41a6-4bc7-a3d7-ec7e8101616c"
/>
### Account (Profile) Audit Logs - Table View
<img width="1810" height="1310" alt="CleanShot 2026-04-29 at 18 25 20"
src="https://github.com/user-attachments/assets/c72e19df-9b82-4611-8889-7af463769550"
/>
### Account (Profile) Audit Logs - Single log View
<img width="1810" height="1310" alt="CleanShot 2026-04-29 at 18 25 32"
src="https://github.com/user-attachments/assets/46f8d3b6-4f2f-4944-b891-431a93e5f3c3"
/>
## Additional context
⚠️ currently leaving the `do not merge` tag on, until:
- [x] I have verified it works in staging
- [x] We've deployed the new schema to production
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Audit logs now use the v2 format with microsecond-accurate timestamps,
improved ordering, and a revamped details panel showing clearer
actor/action/request/project/org fields and fallback labels.
* Page/header layout updated so audit logs render at top level with
adjusted spacing.
* **Refactor**
* Shared sorting and filtering utilities added for consistent
user/project filtering and non-mutating log sorting.
* **Tests**
* Added tests for timestamp conversion, sorting, filtering, and
date-range formatting.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
www pages that use DefaultLayout are bailing out of SSR because of
useSearchParams. Removing the useSearchParams opts more pages (including
the pricing page) into SSR.
_However_, it breaks the build because once blog pages are opted into
SSR, they fail due to next-mdx-remote/codehike incompatibilities. So we
also need to opt blog pages back _out_ of SSR using next/dynamic. This
reproduces previous behaviour for the blog.
Also had to remove suspense wrapper around everything because that was
causing the content div to be streamed in a hidden later chunk
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added support for the Contribute section with improved state
management integration.
* **Performance Improvements**
* Optimized blog post rendering with client-side enhancements.
* Improved navigation and layout loading strategies.
* **Refactor**
* Simplified provider architecture for better maintainability.
* Restructured internal component organization.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
**Changes**
Replaces our custom `StreamTransport` with
[InMemoryTransport](https://github.com/modelcontextprotocol/typescript-sdk/blob/4fbcfcd176b6b189970263c4625eb6e60db043d2/packages/core/src/util/inMemory.ts#)
from the official MCP SDK, removing the need for the
`@supabase/mcp-utils` dependency.
**Verification steps**
I verified Studio's AI Assistant still works as expected.
Closes AI-694
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated the Model Context Protocol SDK dependency to version 1.29.0.
* Removed unused AI utilities dependency.
* Optimized the internal AI service communication layer for improved
efficiency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
We added support for `*.md` guides in our docs, but our redirects don't
apply to them. This means that when we directly link to a guide using
the `.md` extension and that guide gets renamed or deleted, the links
begin to 404.
This happened already once in our agent-skills where we linked to
`https://supabase.com/docs/guides/database/data-api.md` which was
deleted and moved yesterday to
`https://supabase.com/docs/guides/api/securing-your-api.md`. Note that
there was a redirect on the regular path `/docs/guides/database/data-api
-> /docs/guides/api/securing-your-api`, but this didn't apply to the
`.md` version.
## Fix
This PR adds rules to redirect all the `/docs/guides/**/*.md` files to
their respective pages. Rather than manually duplicating all our
existing (and future) redirects by hand for `.md`, this dynamically
generates the `.md` redirect rules based on the path. Specifically it
assumes that all redirect rules under `/docs/guides` support the `.md`
extension, so it generates a redirect for all of these rules
automatically.
## How to test
Use curl to confirm that `.md` redirects are applied:
```shell
curl -I https://zone-www-dot-com-git-fix-doc-markdown-redirects-supabase.vercel.app/docs/guides/database/data-api.md
HTTP/2 308
cache-control: public, max-age=0, must-revalidate
content-type: text/plain
date: Wed, 29 Apr 2026 17:35:58 GMT
location: /docs/guides/api/securing-your-api.md
...
```
You can also verify that this didn't previously work:
```shell
curl -I https://supabase.com/docs/guides/database/data-api.md
HTTP/2 404
age: 0
cache-control: public, max-age=0, must-revalidate
content-type: text/plain;charset=UTF-8
date: Wed, 29 Apr 2026 17:38:00 GMT
...
```
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Enhanced documentation route redirects to support markdown file
extensions for guides, ensuring proper navigation for both standard and
markdown-variant paths.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
- **Subscription downgrade dialog**: The plan name row was being hidden
in the charge breakdown when `changeType === 'downgrade'`, so users
downgrading (e.g. Team → Pro) couldn't see which plan the cost referred
to. Removed the downgrade exclusion so the plan name row renders
consistently across upgrade/downgrade flows.
- **Credit Top Up dialog**: The submit button only
reflected `executingTopUp`/`paymentConfirmationLoading`, but
the `onSubmit` handler runs several async steps first (hCaptcha, billing
profile validation, Stripe `createPaymentMethod`) before the mutation
flips `isPending`. That left a clickable window where users could
trigger multiple top-ups. Added `form.formState.isSubmitting` to
both `loading` and `disabled` so the button is locked for the full
submit lifecycle.
## Test plan
- [ ] Downgrade from Team → Pro and confirm the Pro plan row appears in
the charge breakdown
- [ ] Open Credit Top Up, submit, and rapidly click the Top Up button —
verify only one charge is initiated
- [ ] Verify Top Up button shows a loading state immediately on click
(before the mutation starts)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Consistently show subscription plan cost during billing adjustments,
including downgrades.
* Improve Top Up button to reflect form submission state and prevent
duplicate submissions.
* **Style**
* Enhanced text contrast for better readability in billing information
displays.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Updated footer layout spacing for improved consistency. Adjusted the
newsletter section spacing behavior to better align with the overall
design system.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved rendering and visual consistency of exported database schema
images by refining font handling during SVG and PNG export processes.
Schema diagrams now display with better visual fidelity when exported.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Context
As part of RLS testing, adding @awaseem's idea for having "View data as
user" CTAs in the Auth Users's table
<img width="348" height="190" alt="image"
src="https://github.com/user-attachments/assets/855c8f54-0aba-478c-982b-1d9d29e419bd"
/>
## Other changes
Similar from @awaseem's suggestions, am also refactoring the Role
Impersonation UI a little, mainly from a copy writing POV to improve the
clarity of the UI.
- More action-oriented and contextual header for the role impersonation
popover
- e.g Table Editor -> "View data as a role", or SQL Editor -> "Run SQL
query as a role"
- Updated labels to be bit more intuitive from a builder's POV
- The actual database role is still mentioned in the option's
description (so we aren't obfuscating the actual postgres logic)
- Add label descriptors to elaborate what each role implies
- e.g Anon -> "Not logged in"
- Add docs button which points to
[here](https://supabase.com/docs/guides/database/postgres/row-level-security#authenticated-and-unauthenticated-roles)
that explains which roles Supabase uses
- (Nit) Refactor to use Card component
### Before
<img width="647" height="277" alt="image"
src="https://github.com/user-attachments/assets/9ebae084-38b7-4e21-886b-f609bd71976e"
/>
### After
<img width="604" height="309" alt="image"
src="https://github.com/user-attachments/assets/4d797309-1b6b-4fd0-aab3-63d5e144c53c"
/>
<img width="630" height="297" alt="image"
src="https://github.com/user-attachments/assets/ca748635-c5da-4426-a9c3-8cb5aeef47a6"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added "View data as user" and "Run SQL as user" actions to user rows
to impersonate a user and jump to table or SQL views.
* Impersonation now surfaces an identity card in new tabs showing the
impersonated identity and a Stop button.
* **UI/UX Improvements**
* Impersonation panels accept customizable headers, show clearer role
labels (Postgres), richer role descriptions, condensed RLS copy,
in-panel docs link, simplified "Stop" labels, and adjusted
typography/padding for consistent styling.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Updated the getting started guide to use the correct parameter name
'read_replica_region' instead of 'region' for creating read replicas
using curl
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated the Getting Started guide for Read Replicas with corrected API
request examples for improved accuracy.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR fixes an issue where the infinite list doesn't work for cron
jobs. If the initial data (20 cronjobs) renders and you have a tall
monitor to fit the entire table, the `react-data-grid` can't `onScroll`
event which fetches the next page.
To test:
1. Add 40-50 cron jobs by running `SELECT cron.schedule('test 30', '0 2
* * 1', 'select 1');` repeatedly.
2. Open the /project/_/integrations/cron/jobs
3. See if you can scroll and trigger the second page.
Fixes
https://linear.app/supabase/issue/FE-3117/cron-job-is-not-scrollable
This PR disables the tax ID banner. I haven't removed the code just in
case we need to reintroduce it later.
Will follow up with removing the code entirely or introducing a feature
flag if we decide to keep it.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Disabled the tax identification banner display in the application
interface.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Remove names of employees who have left.
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Update humans.txt
## What is the current behavior?
Please link any relevant issues here.
## What is the new behavior?
Feel free to include screenshots if it includes visual changes.
## Additional context
Add any other context or screenshots.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated contributor records in project metadata.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Adding a new Feature page for Custom Identity Providers
## What is the current behavior?
There is no feature page for Custom Identity Providers.
## What is the new behavior?
Adds a Custom Identity Providers entry to features.tsx, covering both
Custom OIDC Providers (auto-discovery via issuer URL) and Custom OAuth2
Providers (manual endpoint configuration). The page lives at
/features/custom-oidc-providers and links to the existing docs at
/docs/guides/auth/custom-oauth-providers.
## Additional context
N/A
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a "Custom Identity Providers" feature card and documentation
entry to explain integrating custom OIDC providers; now generally
available and supported for self‑hosted deployments.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Ana <ana1337x@users.noreply.github.com>
The format of some Tailwind classes changed from `px-[--card-padding-x]`
to `px-(--card-padding-x)`. Because `tailwind-merge` is on a older
version (pre Tailwind v4), it doesn't deduplicate the class when it
encounters
```
px-(--card-padding-x) p-0
```
With the new version, it should result in `p-0`.
By bumping `tailwind-merge` and other `cn` related deps, the `cn` util
function is aware of the new class format.
Before:
<img width="819" height="357" alt="Screenshot 2026-04-30 at 15 27 39"
src="https://github.com/user-attachments/assets/6d16497a-86a6-4a31-bc7c-eab17bb17ab3"
/>
After:
<img width="837" height="389" alt="Screenshot 2026-04-30 at 15 28 04"
src="https://github.com/user-attachments/assets/2b53d7fe-2a61-493a-9aa0-abb34007738f"
/>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Bug fix, feature, docs update, ...
- Hide lints when exposed within local storage
- Revoke on roles
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a GraphQL-exposure action in linter items that shows a
confirmation modal with the exact SQL, lets you revoke GraphQL access,
executes the operation, shows success/error toasts, and refreshes lint
results.
* Added an informational callout linking to database integration
settings when GraphQL exposure is detected.
* Lint actions now close the side panel and return the UI to the list
after completion.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
## Summary
Closes
[FE-3109](https://linear.app/supabase/issue/FE-3109/change-sql-editor-assistant-shortcut-to-cmdshiftk).
The SQL editor's "Generate SQL" Monaco action was bound to `Cmd+K`,
which conflicted with the global command menu shortcut while the editor
was focused. This PR moves the assistant shortcut to `Cmd+Shift+K` and
makes `Cmd+K` open the global command menu from inside the editor.
## Changes
- `MonacoEditor.tsx` — rebind `generate-sql` to `Cmd+Shift+K`. Add an
`editor.addCommand` for `Cmd+K` that opens the global command menu
(gated on the user's `COMMAND_MENU_OPEN` shortcut preference). Without
this, Monaco swallows `Cmd+K` as a chord prefix and the global hotkey
never fires inside the editor.
- `SQLEditor.tsx` — update the empty-editor placeholder text from
`CMD+K` to `CMD+SHIFT+K`.
## Notes
- Monaco's standalone defaults bind `Cmd+Shift+K` to "Delete Line";
registering an `editor.addAction` with the same keybinding overrides it.
- The same `Cmd+K` binding still exists in
`apps/studio/components/ui/AIEditor/index.tsx` (used by the inline
editor panel and edge functions). Out of scope for FE-3109 — happy to
file a follow-up.
## Test plan
- [x] Focus the SQL editor, press `Cmd+K` → global command menu opens.
- [x] Focus the SQL editor, press `Cmd+Shift+K` → Generate SQL widget
opens (or "Make an edit" if a diff is already visible).
- [x] Disable the command menu shortcut in Account → Preferences →
Keyboard shortcuts and confirm `Cmd+K` no longer opens the menu from
inside the editor.
- [x] Empty SQL snippet placeholder reads "Hit CMD+SHIFT+K to generate
query…".
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Improvements**
* Reorganized SQL editor keyboard shortcuts for clearer access
* "Generate SQL" shortcut changed to Ctrl/Cmd + Shift + K (was Ctrl/Cmd
+ K)
* Command menu can now be opened with Ctrl/Cmd + K when enabled
* Editor UI shortcut hints updated to reflect the new bindings
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Refined layout styling in the authentication hook interface to
optimize flex container behavior for improved responsiveness and visual
alignment.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES/NO
## What kind of change does this PR introduce?
Bug fix, feature, docs update, ...
## What is the current behavior?
Please link any relevant issues here.
## What is the new behavior?
Feel free to include screenshots if it includes visual changes.
## Additional context
Add any other context or screenshots.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated contributor list.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR migrates the whole monorepo to use Tailwind v4:
- Removed `@tailwindcss/container-queries` plugin since it's included by
default in v4,
- Bump all instances of Tailwind to v4. Made minimal changes to the
shared config to remove non-supported features (`alpha` mentions),
- Migrate all apps to be compatible with v4 configs,
- Fix the `typography.css` import in 3 apps,
- Add missing rules which were included by default in v3,
- Run `pnpm dlx @tailwindcss/upgrade` on all apps, which renames a lot
of classes
- Rename all misnamed classes according to
https://tailwindcss.com/docs/upgrade-guide#renamed-utilities in all
apps.
---------
Co-authored-by: Jordi Enric <jordi.err@gmail.com>
## Summary
- Replaces the outdated command palette (`Authentication: Remove Dynamic
Authentication Providers`) troubleshooting step with the new Antigravity
flow: Agent Settings (Cmd+,/Ctrl+,) → Customizations tab → Authenticate
button next to the server.
<img width="1507" height="625" alt="image"
src="https://github.com/user-attachments/assets/b92e9fd2-5bc3-4bf5-a16e-1e241a10b2ec"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated Antigravity UI help text for authentication with clearer
step-by-step guidance to open Agent Settings and use the Authenticate
button for Supabase; included a screenshot showing where the button
appears.
* **Chores**
* Added support for PNG asset imports so image files used in the UI are
recognized and handled correctly.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Following up on #45361 — instead of keeping the control, we're baking in
the `multi_project` variant from the original A/B experiment (#44293) as
the new default for Pro/Team plan cards.
**Change:** On Pro and Team plan cards, the warning area now reads:
> First project included. Additional projects from \$10/mo.
> See how pricing scales →
Replacing the previous control copy (`plan.warning` + "Need more
compute?" link). Free and Enterprise plans still show their original
`plan.warning` text.
No A/B test infrastructure restored — the variant is the new default.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Updated pricing card messaging to display consistent information about
included projects and additional project pricing for premium plans
* Enhanced visibility of compute add-on scaling details with improved
link labeling
* Adjusted warning message display logic for standard plans
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## What kind of change does this PR introduce?
Studio UI copy and visual polish for the Stripe Projects connect flow.
- Resolves DEPR-428
- Resolves DEPR-429
## What is the current behaviour?
- The Stripe Projects connect flow copy is awkward in request, linked,
wrong-account, and success states.
- The API authorisation layout logo is slightly misaligned.
- The bundled Stripe icon is outdated.
## What is the new behaviour?
- Tightens Stripe Projects copy and CTA text around authorising the
request.
- Keeps the real `ar_id` account-request flow intact without local
preview shortcuts.
- Centres the logo link in `APIAuthorizationLayout`.
- Updates the Stripe icon SVG.
- Note that this affects other areas too, such as Stripe integrations
([more](https://supabase.slack.com/archives/C0429V78ACX/p1777268209661729)).
- Fixes CLI login copy capitalisation.
| Before | After |
| --- | --- |
| <img width="1380" height="856" alt="CleanShot 2026-04-29 at 15 10
26@2x"
src="https://github.com/user-attachments/assets/4ad242c2-1e9e-4128-9661-ef8deee111c1"
/> | <img width="1486" height="892" alt="CleanShot 2026-04-29 at 15 10
36@2x"
src="https://github.com/user-attachments/assets/f6aa4d0a-e5a7-40ff-87b7-845a22ef1c50"
/> |
## Verification
- `pnpm exec eslint pages/partners/stripe/projects/login.tsx`
- `git diff --check`
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
## What kind of change does this PR introduce?
Dashboard cleanup and docs update.
## What is the current behaviour?
Project Settings > General still shows a legacy "Project usage" section
explaining that usage statistics moved to organisation settings. One
troubleshooting page also links to the old project billing usage page.
## What is the new behaviour?
The legacy Project Settings usage callout is removed, while the existing
old usage route redirect remains in place for stale links. The MAU
troubleshooting page now points users to the organisation usage page and
tells them to select a specific project from the dropdown.
| Before | After |
| --- | --- |
| <img width="1450" height="1314" alt="CleanShot 2026-04-30 at 16 11
16@2x"
src="https://github.com/user-attachments/assets/3ad8c41f-2eab-406c-bfd8-f5737ae9a5a3"
/> | <img width="1474" height="1004" alt="CleanShot 2026-04-30 at 16 11
04@2x-7CACB175-B6A9-4811-968F-030745F685AE"
src="https://github.com/user-attachments/assets/f541ee60-0c24-49e4-9446-3bd58c516797"
/> |
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated Monthly Active Users (MAU) documentation to reflect accessing
usage data from the organization-level page instead of project settings
* **Refactor**
* Removed project-level usage viewing option from project settings
interface
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
docs update
## What is the current behavior?
I am not in the docs
## What is the new behavior?
I am in the docs
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated credits list to include a new contributor.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
add myself to humans.txt
## What is the current behavior?
doesn't have my name
## What is the new behavior?
has my name
## Additional context
just onboarding!
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated documentation contributors list.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated compute instance sizing guidance to clarify that scale-to-zero
pricing applies to Nano instances
* Refreshed documentation sections describing compute instance options
and pricing tiers
* Removed outdated information about Pico instance capabilities
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Wen Bo Xie <wenbox323@gmail.com>
## What kind of change does this PR introduce?
Minor UI and copywriting change.
## What is the current behavior?
- Vague dialog copy for pausing a project
- Plain pause icon looks like two Tim Tams
## What is the new behavior?
- Clearer dialog copy
- More standard pause button
## Additional context
| Before | After |
| --- | --- |
| <img width="912" height="502" alt="11317"
src="https://github.com/user-attachments/assets/55a64d01-8171-498e-a03f-2e0060995400"
/> | <img width="850" height="476" alt="67001"
src="https://github.com/user-attachments/assets/054a8ca0-e06c-417c-9668-c3847013bbe2"
/> |
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Enhanced pause project confirmation dialog to clearly communicate the
90-day resume timeframe and backup availability after this period.
* **Style**
* Updated pause icon display.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## What kind of change does this PR introduce?
Bug fix.
## What is the current behaviour?
The integrations listing links tiles to short partner URLs such as
`/partners/vercel`, while the canonical integration pages live at
`/partners/integrations/vercel`.
Those short URLs are handled by the legacy `/partners/[slug]` route,
which is meant to redirect technology partners to
`/partners/integrations/[slug]`. However, that route currently
pre-renders partner slugs and returns `notFound` when
`npm_lifecycle_event === 'build'`, which can bake and cache static 404s
for URLs that are meant to redirect.
This was reportedly working as recently as last week, and the relevant
partners page code has not changed recently. The most likely explanation
is that old legacy-route behaviour was surfaced by a recent production
build/deployment/prerender cache interaction, rather than a fresh change
to the integrations tile code itself.
## What is the new behaviour?
Integration tiles now link directly to the canonical
`/partners/integrations/[slug]` URL, so the listing no longer depends on
the legacy short-url redirect.
The legacy short partner URL route also no longer pre-renders partner
slugs as build-time 404s. It remains as a blocking fallback redirect for
old external links, bookmarks, search results, and historical references
that may still point at `/partners/[slug]`.
## Testing
This URL:
```
https://zone-www-dot-com-git-dnywh-fix-partner-integrat-b3fb68-supabase.vercel.app/partners/integrations/vercel
```
...should resolve to:
```
https://zone-www-dot-com-git-dnywh-fix-partner-integrat-b3fb68-supabase.vercel.app/partners/vercel
```
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Fix alignment
## What is the current behavior?
N/A
## What is the new behavior?
Align How To Enter section
## Additional context
N/A
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Adjusted the "How to enter" section layout to improve visual balance
and centering across breakpoints.
* Intro sentence and legal/CTA paragraph now centered for clearer
emphasis.
* Option and deadline blocks resized to remove forced full-width
styling, yielding a cleaner, more consistent flow.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Ana <ana1337x@users.noreply.github.com>
## What kind of change does this PR introduce?
Fixes FE-2526.
Adds a global Feature Preview badge to pages enabled via Feature
Previews, improving visibility and making it clearer to users that the
feature can be managed (or disabled) from the Feature Previews settings.
## Why
Previously, once a feature preview was enabled, there was no clear
indication within the UI that:
- the feature was still in preview, or
- where to go to disable it
This lead to confusion and made the feature feel “permanent”.
## What’s included
New FeaturePreviewBadge UI component
<img width="417" height="80" alt="CleanShot 2026-04-29 at 17 20 10"
src="https://github.com/user-attachments/assets/6fbc96e3-35ef-46d1-893a-2188c4d237a3"
/>
</br>
Added badge across pages enabled via Feature Previews:
- Webhooks
- Unified Logs
- JIT DB Access
- Column Privileges
- Policies
- Merge page
- Advisor Rules
Consistent placement and styling.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Feature preview badges now appear across the platform on preview
features, including Platform Webhooks, Database functionality, Unified
Logs, Advisor Rules, and other features, providing quick identification
and access to manage preview settings.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Fixing alignment on contest page
## What is the current behavior?
The "Both options must be completed by Monday, May 11, 2026 at 12:00 PM
PST." deadline note added in
https://github.com/supabase/supabase/issues/44861 renders centered
instead of left-aligned, because the <p> element doesn't have w-full and
the parent flex container uses items-center.
## What is the new behavior?
The deadline note is left-aligned, consistent with the Option 1 and
Option 2 blocks above it.
## Additional context
N/A
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Improved deadline message layout to utilize full available width for
optimal display.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: Ana <ana1337x@users.noreply.github.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Contest page update
## What is the current behavior?
N/A
## What is the new behavior?
Replaces the simple numbered list with Option 1 (Stripe Projects CLI)
and Option 2 (Stripe Sync Engine), including CLI commands code block and
link to the integrations dashboard.
## Additional context
N/A
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Reworked contest entry flow into two qualifying paths: "Stripe
Projects" (includes terminal provisioning steps and account-link note)
and "Stripe Sync Engine" (direct integration link).
* Updated page layout with centered, max-width container and
introductory line; contest deadline and rules/disclaimer remain
unchanged.
* **Documentation**
* Shortened SEO description to "Enter for a 1-in-10 chance…"
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Ana <ana1337x@users.noreply.github.com>
## Problem
The current
[multi-select](https://supabase.com/design-system/docs/fragments/multi-select)
does not work inside a dialog. The dropdown list is hidden.
## Solution
Fix it using the `Popover` component which also handle repositioning
above the input when there's not enough space below.
## How to test
- [Demo on
design-system](https://design-system-git-chore-fix-multi-select-supabase.vercel.app/design-system/docs/fragments/multi-select#inside-a-dialog)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **New Features**
* Added a new example demonstrating multi-select usage within a dialog
component with inline search capabilities.
* Enhanced multi-select component with improved stability and
interaction handling.
* **Documentation**
* Added "Inside a dialog" section to multi-select documentation with
usage guidelines for inline search in dialog contexts.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Joshen Lim