## Summary
Adds the first batch of keyboard shortcuts for the SQL editor, following
the registry pattern established for the table editor.
## Shortcuts
| Shortcut | Action | Notes |
| --- | --- | --- |
| `Esc` | Blur the SQL editor | Registered as a Monaco command with a
context-key precondition so inline widgets keep owning `Esc` (suggest,
find, parameter hints, snippet/rename mode, accessibility help, inline
suggestions, and selection cancellation). |
| `Shift+E` | Focus the SQL editor | Pairs with `Esc` for mouse-free
round-trip. |
| `Alt+Shift+F` | Prettify SQL | Now wired through the registry; the
tooltip and dropdown badge in `UtilityActions` read the keybind from the
same source of truth. Works from inside the editor (Monaco action) and
from anywhere on the page (`useShortcut`). |
| `Mod+Shift+Enter` | Run EXPLAIN ANALYZE | Routes results into the
Explain tab. Surfaces in the Monaco context menu next to "Run Query". |
| `Shift+N` | Open a new SQL snippet | Navigates to `/sql/new?skip=true`
to avoid the redirect-to-last-visited effect that fires on plain
`/sql/new`. |
All entries appear in the command menu (`Mod+P`) under "Shortcuts" while
their host components are mounted. None are surfaced in Account →
Preferences → Keyboard shortcuts yet (`showInSettings: false`), matching
how the table editor shortcuts shipped.
## Notes
- The blur shortcut intentionally lives on the Monaco instance rather
than the document-level hotkey listener — the document listener can't
preempt Monaco's own `Esc` handling. Other shortcuts that need to fire
while the editor has focus (run, save, format, explain) are registered
as Monaco actions; everything else uses `useShortcut`.
- Format and explain are double-registered (Monaco action +
`useShortcut`) so they fire whether the editor is focused or not. The
Monaco actions don't read the user's enable/disable preference yet —
same asymmetry as the existing run/save actions.
- `Shift+N` is scoped to the SQL editor route. To make it work globally
we'd register it at a higher layout level.
## Test plan
- [x] Inside editor: `Esc` blurs; suggest/find/parameter hints still
close on `Esc`; multi-cursor selection collapses on first `Esc`, blurs
on second.
- [x] Outside editor: `Shift+E` returns focus to the editor.
- [x] `Alt+Shift+F` formats from inside and outside the editor; tooltip
+ dropdown badge show the correct keybind.
- [x] `Mod+Shift+Enter` runs EXPLAIN ANALYZE and switches to the Explain
tab.
- [x] `Shift+N` opens a fresh snippet without bouncing back to the
previous one.
- [x] All five shortcuts appear in `Mod+P` with the right badges.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Keyboard shortcuts for SQL editor: format SQL, run EXPLAIN ANALYZE,
focus/blur editor, and open a new SQL snippet.
* Added "Prettify SQL" and "Run EXPLAIN ANALYZE" actions to the editor
context menu with shortcuts.
* Centralized registration of SQL editor shortcuts so they appear across
the app.
* **UX Improvements**
* Escape key blurs editor focus when appropriate to allow easy exit
without disrupting editor widgets.
* **Style**
* Adjusted success toast capitalization for copied Markdown.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Danny White <3104761+dnywh@users.noreply.github.com>
- change changelog.md formatting
- make changelog entries slugs more descriptive (eg
/changelog/123-new-change)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Updated changelog entry URLs to use slug-based identifiers instead of
numeric IDs for improved readability and SEO-friendliness, with
automatic redirects for existing links.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Reverts the pricing page flexibility/visibility A/B experiment from
#44293. We decided to keep the control (original pricing page).
**Changes:**
- `PricingPlansSection.tsx`: removed all experiment logic (PostHog flag
evaluation, exposure tracking, flexibility section)
- `PricingContent.tsx`: removed `PricingPageExperimentVariant` type
export
- `PricingPlans.tsx`: removed `experimentVariant` prop and all
variant-conditional rendering
- `telemetry-constants.ts`: removed `PricingPageExperimentExposedEvent`
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Consolidated pricing page component variants and simplified the
component hierarchy by removing conditional experiment-dependent UI
branches.
* Removed pricing page experiment tracking and associated telemetry
event definitions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Replaced legacy "Anon"/"Service Role" key terminology with
"Publishable Keys" and "Secret Keys" across Edge Functions guides
* Updated authentication examples and request headers (client-side vs
server-side) to reflect publishable/secret key usage
* Standardized environment-variable examples to use parsed secret-key
maps with a selectable default
* Removed guidance for bypassing JWT verification via the deprecated CLI
flag
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Kalleby Santos <kalleby_santos@hotmail.com>
Splits the Edge Function secrets page into two sections so reserved
Supabase env vars are always visible, even on new projects without any
user secrets created.
<img width="1605" height="1006" alt="Screenshot 2026-04-29 at 12 20
43 PM"
src="https://github.com/user-attachments/assets/fc74f10e-557d-45bb-b0f0-66a706a9facb"
/>
**Added:**
- `DefaultEdgeFunctionSecrets` component — a read-only reference list
(Name + Description) of every `SUPABASE_*`, `SB_*`, and `DENO_*` env var
available in every project, sourced from [the
docs](https://supabase.com/docs/guides/functions/secrets#default-secrets)
- `isInternalEdgeFunctionSecret` helper used to filter the custom
secrets table
**Changed:**
- The custom secrets section now renders first (more actionable), with
the educational default secrets section below it
- Custom secrets table now filters out anything matching `SUPABASE_*` or
any of the hardcoded default names
**Removed:**
- `isReservedSecret` regex check + its tooltip branches in
`EdgeFunctionSecret.tsx` — dead code now that the custom table never
receives an internal secret
Addresses
[FE-3096](https://linear.app/supabase/issue/FE-3096/split-edge-function-secrets-into-internal-and-user-defined-views).
## To test
- Open `/project/_/functions/secrets` on a fresh project (no custom
secrets)
- "Default secrets" section is visible and lists all 9 env vars with
descriptions
- "Custom secrets" section shows the empty state
- Create a custom secret — appears in the Custom section, not the
Default section
- Edit/delete dropdown still works on custom secrets
- Search input only filters the custom secrets table
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a "Default secrets" section showing built-in edge-function
secrets with names, descriptions, and a "Deprecated" badge where
applicable.
* Secret names are clickable to copy to clipboard with a success
notification; secret names/values use inline code styling.
* UI now separates "Custom secrets" and "Default secrets" with distinct
empty states.
* **Bug Fixes**
* Edit/Delete controls reflect actual permission state (no longer
disabled for default/reserved secrets).
* **Tests**
* Added tests for default-secret detection and visibility rules.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs update
## What is the new behavior?
Updates troubleshooting guide with additional context on why database
region change involves creating a new project and migrating data.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Enhanced troubleshooting documentation to clarify that Supabase
projects are region-bound at the infrastructure level.
* Updated guidance on changing project regions to align with the
standard project migration workflow.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Fixes two indefinite-article grammar errors where 'an' is used before a
consonant-starting word:
-
`apps/docs/content/troubleshooting/how-postgres-chooses-which-index-to-use-_JHrf4.mdx`:
"an traversable" → "a traversable"
- `apps/docs/content/guides/ai/examples/nextjs-vector-search.mdx`: "an
remote procedure" → "a remote procedure"
Pure docs grammar fix — no functional changes.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Fixed a grammar typo in the AI vector search guide to improve clarity
in the “Perform similarity search” step.
* Normalized trailing whitespace in the PostgreSQL indexing
troubleshooting guide’s “Postgres internals” table to tidy formatting
and ensure consistent display.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Updates humans.txt to include my name.
## What is the current behavior?
N/A
## What is the new behavior?
N/A
## Additional context
N/A
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Added new team member to the contributor list.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Instructed granting least-privilege table permissions for anon,
authenticated, and service roles prior to enabling Row Level Security
across multiple guides and quickstarts.
* Clarified SQL examples and inline comments, added explicit GRANT steps
and RLS SELECT policies, rephrased policy guidance, and adjusted example
ordering and section numbering for clearer setup and testing.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Updates the Auth Signing Keys and JWTs pages to align on the new keys
while still leaving the relevant information about the legacy keys until
post-deprecation.
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Updates the marketplace DB query to use the new `publish_dashboard`
column that was added in https://github.com/supabase/marketplace/pull/49
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated internal marketplace integration query and database type
definitions to streamline listing management logic.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
- Add `SUPABASE_JWKS` to the default secrets list, noting it matches the
public JWKS endpoint
- Update the example in "Accessing environment variables" to use
`SUPABASE_PUBLISHABLE_KEYS` / `SUPABASE_SECRET_KEYS` (matches the
pattern in `functions/auth.mdx`)
- Add an inline note that `'default'` can be swapped for another key
name
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **Documentation**
* Updated Edge Functions secrets guide with improved code examples.
* Introduced `SUPABASE_JWKS` environment variable for JWT verification.
* Enhanced examples demonstrating environment variable configuration and
Supabase client initialization.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## What kind of change does this PR introduce?
Cleanup.
## What is the current behavior?
Temporary access still has a couple of leftover JIT fallback messages
and an unnecessary local unavailable-reason type after the Platform
response types were split into `JitAccessResponse` and
`JitStateResponse`.
## What is the new behavior?
Studio relies on the generated `JitStateResponse` discriminated union
for the toggle warning and uses temporary access copy consistently in
the remaining fallback toasts.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Improvements**
* Refined error messaging for temporary database access grant and revoke
operations.
* Enhanced condition detection for toggle failure warnings in database
access configuration.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<img width="2652" height="830" alt="image"
src="https://github.com/user-attachments/assets/3c3921e7-c255-4e59-a9c3-c5f97da87788"
/>
Adds a full screen alert behind a feature flag `projectNeedsSecuring`
that prompts for fixing RLS issues.
Adjusts a few other small styles to add more prominence to critical
advisor issues.
To test:
- Enable the flag
- Make sure you have a table with RLS disabled
- Open project home and note the fade in of full page review
- Click "copy prompt" or "fix" and note the prompt
- Click skip to home and refresh the page, note it doesn't appear
anymore
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Project-level security gate on project home with AI assistant prompts,
table details, per-project dismissible notice, and a new telemetry event
for CTA interactions.
* **Improvements**
* Stronger visual treatment for critical advisor items and advisor CTA
when critical issues exist.
* Assistant dropdown supports a copy-prompt callback; added
local-storage key and utilities/types to support project security
workflows.
* **Tests**
* Added tests covering gate behavior, navigation, and dismissal logic.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
The Realtime policies editor was showing a warning banner on
`realtime.messages` saying the schema isn't exposed through PostgREST.
This is incorrect — the `realtime` schema is intentionally excluded from
PostgREST (it's in `INTERNAL_SCHEMAS` and filtered out of the exposed
schema picker), so the warning is always false in this context.
**Changed:**
- Removed `useProjectPostgrestConfigQuery` from `RealtimePolicies` — it
was only used to derive `exposedSchemas`
- Hardcode `exposedSchemas` as `['realtime']` since this editor is for
Realtime auth, not PostgREST access
## To test
- Go to the Realtime policies editor (`/project/_/realtime/policies`)
- Confirm the yellow "schema not exposed" warning banner no longer
appears on `realtime.messages`
- Confirm policy rows still render correctly and other admonitions (e.g.
publicly-readable if RLS is off) still show as expected
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved stability of Realtime Policies schema handling by simplifying
configuration logic to consistently use the realtime schema.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
## Summary
Wires up database advisor rule `0012_auth_allow_anonymous_sign_ins` in
the Studio Linter so it shows up with the right title, icon, action
link, and docs link instead of falling back to a generic display.
The rule entry navigates to `/auth/providers` (where the "Allow
anonymous sign-ins" toggle lives), modeled after rule 0019
(`auth_otp_long_expiry`) which uses the same target.
## Test plan
- [x] Trigger rule 0012 on a test project (enable anonymous sign-ins on
a project with RLS-protected tables)
- [x] Verify the lint appears in Security Advisor with title "Anonymous
Sign-Ins Allowed" and User icon
- [x] Verify the "View settings" CTA navigates to
`/project/<ref>/auth/providers`
- [x] Verify the "Learn more" link points to the 0012 docs section
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a new authentication lint rule that identifies anonymous sign-in
configuration issues and provides integrated guidance to the auth
providers settings page with relevant documentation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Refactor of the pg-meta test setup scripts.
## What is the current behavior?
The test command runs multiple sequential npm-run-s scripts (`db:clean`,
`db:run`, `test:run`, `db:clean`) with a hardcoded port 5432, causing
container name and port collisions when running tests across multiple
git worktrees in parallel.
## What is the new behavior?
A single `test/run-tests.sh` wrapper script handles the full test
lifecycle: it finds an available port dynamically (scanning 5432–5531),
sets a unique Docker Compose project name based on a hash of the package
directory path, starts the DB, runs the test command, and tears down on
exit. This allows pg-meta tests to run in parallel across multiple
worktrees without conflicts.
## Additional context
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Streamlined test execution to centralize setup and teardown for
reliable runs.
* Made the test database port configurable with automatic local port
discovery and fail-fast behavior.
* Created isolated test environments per workspace to avoid
container/name collisions and improve cleanup.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the CONTRIBUTING.md file.
YES
## What kind of change does this PR introduce?
Bug fix
## What is the current behavior?
When updating a table with `replica_identity = 'INDEX'`, it is possible
to omit the `replica_identity_index`.
This results in invalid SQL being generated:
`REPLICA IDENTITY USING INDEX`
PostgreSQL requires an index name for this operation.
No existing issue found. This PR fixes a validation gap discovered
during development.
## What is the new behavior?
- Throws an error if `replica_identity` is set to `INDEX` without
providing `replica_identity_index`
- Ensures generated SQL is always valid
## Additional context
- Added validation in `pg-meta-tables.ts`
- Added test case to verify an error is thrown when the index name is
missing
This aligns pg-meta behavior with PostgreSQL requirements for `REPLICA
IDENTITY USING INDEX`.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **Bug Fixes**
* Enhanced validation for database replica identity configuration to
prevent incomplete or invalid configurations.
* **Tests**
* Added test coverage for replica identity validation scenarios.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
Fixes
[FE-3095](https://linear.app/supabase/issue/FE-3095/compute-size-hover-card-shows-badge-and-cpumemory-from-out-of-sync).
The compute size hover card on the project home dashboard was sourcing
its badge and its CPU/memory rows from two different cached responses,
which can disagree:
| Field shown | Previous source |
|---|---|
| Badge ("XLARGE") | `project.infra_compute_size` (project-detail query)
|
| Cores / memory | `selected_addons[compute_instance].variant.meta`
(project-addons query) |
A customer reported seeing an **XLARGE** badge next to **2-core ARM
(Shared) / 1 GB** — the micro-tier specs — and asked whether their
upgrade had actually been applied. The upgrade was applied; only the
rendered card was contradictory.
## Fix
Source both the badge and the CPU/memory rows from the same logical
fact: look up the variant in `available_addons` whose identifier matches
`ci_${infra_compute_size}` and read its `meta`. `available_addons` is
essentially a static catalog of variant specs, so once it's loaded the
card cannot show specs that disagree with the badge.
This also collapses the special-cased `INSTANCE_MICRO_SPECS` fallback
into the existing `getAvailableComputeOptions` helper (which already
provides micro/nano fallbacks). The nano UX text ("Shared / Up to 0.5
GB") is preserved by switching that JSX branch to key on `computeSize
=== 'nano'`.
## Out of scope
- `useProjectAddonUpdateMutation` does not invalidate
`projectKeys.detail`. That's hygiene worth doing later, but
project-detail has a 30s `staleTime` and the resize already drives 5s
polling via the `RESIZING` status path, so the badge refreshes naturally
and this fix doesn't depend on it.
## Test plan
- [ ] Hover the compute badge on a project at each compute size (nano,
micro, small, ..., 16xlarge) and confirm CPU and memory rows match the
badge.
- [ ] Resize a project from micro → large; on completion, confirm the
hover card shows large specs (no transient micro values).
- [ ] Open the dashboard for a free-tier project on micro that has no
`compute_instance` entry in `selected_addons` and confirm the card still
shows micro specs (i.e. `getAvailableComputeOptions` micro fallback is
engaged).
- [ ] Confirm the "Unlock more compute" CTA still appears for
non-highest sizes and disappears at the highest size.
## Context
As per PR title - will make the RLS tester available for CLI / self-host
(still as a feature preview)
## To test
- [x] Verify briefly locally that the RLS tester is available for use,
and works as expected
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved user search error handling to display appropriate failure
messages when search encounters issues.
* **Refactor**
* Simplified RLS Tester feature availability logic by consolidating
enablement checks across components and removing redundant feature flag
dependencies.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs update
## What is the current behavior?
Current docs are wrong and yield `ERROR: parameter "pg_net.ttl" cannot
be changed now`
## What is the new behavior?
Additional permissions required, setting should be at the system level
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated pg_net setup guidance to require system-level configuration,
added note that changing pg_net parameters requires superuser privileges
(with grant example), and clarified applying parameter changes via
system-level set followed by restarting the pg_net background worker.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Nimbus search is broken because it expects the page section to be joined
with the page table, but this table is called page_nimbus in Nimbus
mode.
Resolves AI-682
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Fixed source reference attribution to use the correct path when using
the alternate search index option.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Feature — a second batch of table editor shortcuts, stacked on top of
#45178.
## What is the current behavior?
Inserts / filters / sort / refresh are all mouse-only. No keyboard
access, and no affordance for discovering what keybinds might exist.
## What is the new behavior?
### New shortcuts
| Keybind | Action | Surface |
|---|---|---|
| `I` then `R` | Insert row | hotkey + Cmd+K + inline keybind in Insert
dropdown |
| `I` then `C` | Insert column | hotkey + Cmd+K + inline keybind in
Insert dropdown |
| `I` then `U` | Import data from CSV | hotkey + Cmd+K + inline keybind
in Insert dropdown |
| `Shift+F` | Focus filters | hotkey + Cmd+K — focuses the new filter
bar's freeform input |
| `F` then `C` | Clear filters | hotkey + Cmd+K — gated on
`filters.length > 0` |
| `S` then `C` | Clear sort | hotkey + Cmd+K — gated on `sorts.length >
0` |
| `Shift+R` | Refresh table | hotkey + Cmd+K + hover tooltip on the
Refresh button |
All are `ignoreInputs: true` so they don't fire while typing. The insert
/ clear-filters / clear-sort shortcuts use two-step chords so they don't
clobber single-letter keys users might reach for elsewhere; Focus
filters and Refresh keep their Shift-prefixed single-step bindings.
### Infrastructure
- **New `<ShortcutBadge>`** (`components/ui/ShortcutBadge.tsx`) — inline
keybind display. Reads the sequence straight from the registry, so the
ID is the single source of truth. Renders multi-step chords with a
"then" separator between steps. Defaults to `variant="inline"` (the flat
`text-foreground/40` style used across the app in `RunButton`,
`ActionBar`, `OperationQueueSidePanel`, etc.) with `variant="pill"`
available if someone needs the boxed style.
- **Insert dropdown restyled** — each `DropdownMenuItem` in
`HeaderNew`'s Insert menu now shows its keybind inline on the right
(centered vertically, with `pr-4` + `shrink-0` so long table names in
the description never crowd the badge).
- **`RefreshButton`** swapped from `ButtonTooltip` to `<Shortcut>` so
the keybind tooltip renders automatically from the registry.
- **`FilterPopoverPrimitive` untouched** — the old filter bar is being
deleted, so Shift+F is scoped to the new filter bar only. The handler
focuses `[data-testid="filter-bar-freeform-input"]` (the existing
freeform input in the ui-patterns `FilterBar` → `FilterGroup`).
## Additional context
Stacked on #45178 (FE-3057 — initial table editor shortcuts). Rebase
after that one merges.
### Test plan
- [x] Open a table → Insert dropdown shows keybind to the right of each
item, no wrap encroachment even with long table names
- [x] `I` then `R` opens the Row editor; `I` then `C` opens the Column
editor; `I` then `U` opens the CSV import flow
- [x] `Shift+F` focuses the new filter bar's freeform input
- [x] Add a filter → `F` then `C` clears it; shortcut disabled in Cmd+K
when no filters are applied
- [x] Sort a column → `S` then `C` clears sort; shortcut disabled when
no sorts
- [x] `Shift+R` refreshes the table (spinner shows on the Refresh
button); hover the button → keybind tooltip
- [x] All seven new entries show up in Cmd+K when their gates are
satisfied
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added keyboard shortcuts for table actions: insert row, insert column,
import CSV, refresh, focus filters, clear filters, and clear sorts.
* Shortcuts are available in the command menu and show visual keyboard
hints.
* **UI**
* Menu entries now display shortcut badges.
* Refined dropdown spacing/layout and updated the refresh control to
surface its shortcut.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
Improve the "Errors since last deploy" panel on the new edge function
overview page.
- **Error column**: stop showing the function URL. Pull the actual error
from the related runtime logs, trim the stack trace to a one-line
summary, and use that for the cell text and tooltip.
- **Troubleshoot column**: rename "Assistant" to "Troubleshoot" and add
a "View troubleshooting guide" item to the dropdown that opens
`supabase.com/docs/guides/troubleshooting` prefilled with `edge function
<ErrorType> <statusCode>`.
- **Runtime log block**: restyle the expanded per-row log section.
Monospace rows with structured timestamp / level badge / count /
message, a divider between entries, and destructive tinting only on
error rows. The previous layout ran text together with no separation.
## Test plan
- [x] `pnpm test:studio` for `EdgeFunctionRecentErrors.utils.test.ts`
(10 passing, including new cases for `summarizeErrorMessage`,
`getDisplayErrorMessage`, and `buildTroubleshootingDocsUrl`)
- [x] `pnpm typecheck` clean
- [x] `eslint` clean for changed files
- [ ] Visual check of the panel: Error cell shows the runtime error
summary, Troubleshoot dropdown opens docs in a new tab, log rows render
with the new structure
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a "View troubleshooting guide" action that opens a
status-code-specific docs page for each recent error.
* Errors now show level badges and repetition counts in the logs for
clearer scanning.
* **Bug Fixes**
* Error text is summarized and normalized for concise, single-line
display with clearer per-line styling.
* **Tests**
* New tests validate error-summary, display-fallback, and
troubleshooting-URL behaviors.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Feature — a set of new keyboard shortcuts for the table editor, along
with infrastructure to register, gate, and surface them.
## What is the current behavior?
Clicking into the grid "traps" the keyboard: Escape doesn't pop out,
there are no shortcuts for row selection / deletion / navigation, and
the search-tables input grabs focus on page load.
## What is the new behavior?
### New shortcuts (all scoped to the table editor)
| Keybind | Action | Surface |
|---|---|---|
| `Esc` | Exit grid selection — clears the highlighted cell and drops
focus back to the page | hotkey |
| `↑` / `↓` | Start grid navigation from the first cell when no cell is
selected | hotkey |
| `Shift+Space` | Toggle selection on the current row | hotkey +
checkbox tooltip |
| `Mod+A` | Toggle selection on all displayed rows (matches Excel) |
hotkey + header-checkbox tooltip + Cmd+K |
| `Mod+Shift+A` | Toggle selection on all rows in the table | hotkey +
"Select all rows in table" button tooltip + Cmd+K |
| `Mod+Backspace` | Delete selected rows | hotkey + delete-button
tooltip + Cmd+K |
### Infrastructure
- **Split registry** — table-editor shortcuts moved to
`state/shortcuts/registry/table-editor.ts`, spread into `SHORTCUT_IDS`.
Makes it easy to scope a runtime check to a specific surface.
- **`eventMatchesAnyShortcut`** (`state/shortcuts/matchEvent.ts`) —
queries the hotkey library's live `SequenceManager` so gated shortcuts
(`enabled: false`) are correctly excluded. Covered by
`matchEvent.test.ts`.
- **`handleCellKeyDown`** now calls `event.preventGridDefault()`
whenever the keystroke matches an active table-editor shortcut, so rdg's
"start editing on key press" default doesn't compete with shortcut
actions (e.g. typing `Shift+X` no longer opens edit mode with `X` as
input).
- **`<Shortcut>` / `<ShortcutTooltip>`** used on the header checkbox,
the per-row checkbox, the "Select all rows in table" button, and the
delete button — keybinds show up on hover (Linear-style) so users can
discover them without reading docs.
- **CSS** — `.rdg:not(:focus-within) .rdg-cell[aria-selected='true']`
drops the selected-cell outline whenever focus leaves the grid,
reinforcing the "you're out" feedback after `Esc`.
- **`useShortcut`** wraps the Cmd+K-registered action to close the
command menu after firing (previously menu stayed open after selecting
an action).
- **Search-tables input** no longer auto-focuses on load, so arrow
shortcuts work immediately without clicking out first.
## Additional context
Linear: FE-3057
### Test plan
- [x] Open any table → `↓` selects the first cell; subsequent arrows
navigate rows
- [x] `Esc` drops focus out of the grid and re-enables `↓` to re-enter
- [x] Click a cell → `Shift+Space` toggles that row's selection
(checkbox)
- [x] `Mod+A` toggles all displayed rows
- [x] With pagination + some rows selected → `Mod+Shift+A` toggles
"Select all rows in table"
- [x] With rows selected → `Mod+Backspace` deletes them (existing
confirmation flow)
- [x] Hover the header checkbox / per-row checkbox / delete button →
keybind tooltip after ~500ms
- [x] Cmd+K with selection → the relevant action shows up; selecting it
closes the palette and runs
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added table editor keyboard shortcuts for navigation, row selection,
and cell actions, with command-menu integration and visible shortcut
tooltips.
* **Improvements**
* Better keyboard handling in grid cells allowing external shortcuts to
override default behavior.
* Select-all/deselect-all toggle and improved select-row UX;
selected-cell styling no longer shows when grid loses focus.
* Command menu now reliably closes before executing shortcut actions.
* Removed autofocus on the table editor search input for consistent
focus behavior.
* **Tests**
* Added unit tests covering shortcut matching and command-menu shortcut
behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
humans.txt update
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated team roster information.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: Ryan Senior <ryan@Ryans-MacBook-Pro.local>
Fixes two small duplicate-word typos in troubleshooting guides:
-
`apps/docs/content/troubleshooting/using-google-smtp-with-supabase-custom-smtp-ZZzU4Y.mdx`:
"easy to to figure out" → "easy to figure out"
-
`apps/docs/content/troubleshooting/why-is-my-service-role-key-client-getting-rls-errors-or-not-returning-data-7_1K9z.mdx`:
"for for service role" → "for service role"
Pure docs typo fix — no functional changes.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Documentation
* Corrected grammatical errors in troubleshooting guides for Google
Workspace SMTP configuration and service-role key errors.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Fixes the same duplicate-word typo ("support support") in two quickstart
guides:
- `apps/docs/content/guides/auth/quickstarts/react.mdx`
- `apps/docs/content/guides/getting-started/tutorials/with-nextjs.mdx`
Both occurrences are in the "Customize email template" / "Email
template" sections:
> Before proceeding, change the email template to support ~~support~~ a
server-side authentication flow that sends a token hash:
Pure docs typo fix — no functional changes.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Corrected typographical errors in authentication guides to improve
clarity and readability.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Adds a worked example for combining a vector similarity search with a
filter on another column from the JS client, and a short note explaining
how filtering interacts with HNSW indexes (including iterative index
scans introduced in `pgvector` 0.8.0). The new `match_documents` variant
takes a typed filter parameter so the planner can apply the predicate
during the index scan, and a jsonb `@>` variant covers the
metadata-column case. Cross-links between `semantic-search`,
`vector-columns`, and `vector-indexes/hnsw-indexes` so readers land on
the answer regardless of which page they start on.
Closessupabase/supabase-js#896
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added guidance for filtering vector and semantic search results by
metadata, with JS client examples.
* Explained how filters affect vector (HNSW) queries and planner choice
between index and sequential scans.
* Clarified that selective filters can reduce returned matches and
documented pgvector 0.8.0 controls for iterative/index scan behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Jeremias Menichelli <jmenichelli@gmail.com>
Update humans.txt
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated team roster information
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
New blog post to announce the OSSCAR Index.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Introduced the OSSCAR Index: a quarterly ranking of fastest-growing
open-source organizations measured by stars, contributors, and package
downloads.
* Added downloadable badges for ranked projects.
* **Documentation**
* Published the OSSCAR Index announcement with methodology, scoring
rules, Q1 2026 highlights, and links to full scoring details and
repository.
* Updated site RSS feed to include the new announcement.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
A little bit of tidy up here so the header area of unified logs isn't so
dominant. Moved actions to the same line as search bar and made other
parts a little more subtle, so the focus reamains on the logs
themselves.
| Before | After |
|--------|--------|
| <img width="980" height="213" alt="Screenshot 2026-04-27 at 11 47 37"
src="https://github.com/user-attachments/assets/ae22e7dd-272f-4433-a270-67b550a00536"
/> | <img width="893" height="153" alt="Screenshot 2026-04-27 at 12 27
17"
src="https://github.com/user-attachments/assets/87b8cfc9-66a4-4634-a3c6-c45e4b8fc486"
/> |
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Keyboard shortcut to toggle filter visibility in logs.
* Consolidated top bar with refresh, view options, download, and live
controls—desktop and mobile optimized.
* **Style**
* More compact, organized header with tooltips showing live status and
shortcut hints.
* Reduced filter input typography and streamlined mobile filter trigger.
* **Other**
* Side panel sizing and logs area layout refined for clearer visuals and
consistent header/body styling.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Context
Just merging the callouts - only show one at a time, instead of both
### Before
<img width="610" height="518" alt="image"
src="https://github.com/user-attachments/assets/58567f7e-99bf-4c84-8392-35573c646af6"
/>
### After
<img width="605" height="428" alt="image"
src="https://github.com/user-attachments/assets/975a5a30-2b36-4602-af8f-b79c2383f38b"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Enhanced RLS Tester to prevent conflicting policy status messages from
appearing simultaneously. The interface now properly displays only the
relevant message about policy configuration and evaluation status,
improving clarity when reviewing row-level security results.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR preps the monorepo for a migration to Tailwind v4:
- Bump all Tailwind dependencies and libraries to the latest possible
version, while still compatible with Tailwind 3.
- Cleans up obsolete Tailwind 3 specific options and configs.
- Cleans up unused CSS files and fixes the CSS imports.
- Migrates all `important` uses in `@apply` lines to using the `!`
prefix.
- Move `typography.css` to the `config` package and import it from the
apps.
- Migrated all occurrences of `flex-grow`, `flex-shrink`,
`overflow-clip` and `overflow-ellipsis` since they're deprecated and
will be removed in Tailwind 4.
- Make the default theme object typesafe in the `ui` package.
- Migrate all `bg-opacity`, `border-opacity`, `ring-opacity` and
`divider-opacity` to the new format where they're declared as part of
the property color.
- Bump and unify all imports of `postcss` dependency.
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Bug fix. Resolves DEPR-511.
## What is the current behavior?
Paused projects in `Project Settings > General > Project availability`
still present restart/pause maintenance controls, but no resume
affordance. That makes the resume path hard to discover from Settings
and pushes users back to the project dashboard to find the correct
action.
The paused state also keeps showing a redundant disabled `Pause project`
row, and the pause confirmation uses a more flexible modal than this
flow needs.
DEPR-519 already covered the unhealthy-project restart guard, but not
this paused-project discoverability path.
## What is the new behavior?
Project Settings is now paused-project aware. It shows a shared `Resume
project` action when the project can still be restored, falls back to
the project dashboard when the restore window has expired or pause
status cannot be confirmed, and reuses the same resume flow, permission
checks, and free-tier guardrails as the paused dashboard.
While a project is already paused, the redundant `Pause project` row is
hidden so the section stays focused on the real next action. For active
projects, the pause row remains in place, including the useful disabled
tooltip states for plans that cannot pause.
The pause confirmation now uses `AlertDialog` with shorter, more
accurate copy about the restore window, and the restart controls now
behave more consistently on smaller breakpoints. The Project Settings
command-menu entry is also searchable via `resume project`.
| Before | After |
| --- | --- |
| <img width="1602" height="566" alt="CleanShot 2026-04-24 at 18 05
25@2x"
src="https://github.com/user-attachments/assets/bd8f4095-0360-443c-a179-185da69eb9e8"
/> | <img width="1538" height="408" alt="CleanShot 2026-04-24 at 18 06
12@2x"
src="https://github.com/user-attachments/assets/7ac26529-4b54-460e-89c3-927891d873d8"
/> |
| <img width="1524" height="524" alt="CleanShot 2026-04-24 at 18 08
53@2x"
src="https://github.com/user-attachments/assets/f3c49c46-b389-4324-b982-f557b159623e"
/> | <img width="1528" height="550" alt="CleanShot 2026-04-24 at 18 08
30@2x"
src="https://github.com/user-attachments/assets/4021e2bb-f22f-40db-be43-de6d0fb571b3"
/> |
| <img width="896" height="558" alt="CleanShot 2026-04-24 at 17 41
40@2x"
src="https://github.com/user-attachments/assets/31569aec-89a6-4984-8011-39d8b102c90f"
/> | <img width="912" height="502" alt="CleanShot 2026-04-24 at 18 10
34@2x"
src="https://github.com/user-attachments/assets/f19dcd27-12e6-4a2f-8eed-ca709e77dfa1"
/> |
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a tooltip-enabled "Resume project" button that handles
permissions, free-plan member gating, optional Postgres version
selection, and navigates to the project after restore.
* **UX**
* Pause confirmation migrated to an alert-style dialog with updated copy
and disabled controls during pausing.
* Restart controls updated for improved responsive layout and refreshed
button visuals.
* Project settings now show appropriate resume/dashboard actions based
on pause/restore eligibility.
* **Tests**
* Added tests for active, resumable-paused, and non-resumable-paused
states.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
## Context
Adds a banner on the auth policies page for the new RLS tester feature
preview
<img width="307" height="310" alt="image"
src="https://github.com/user-attachments/assets/6864c2cb-c3b8-4c1f-8dce-57411425e17d"
/>
Also adds a Give feedback button in the RLS Tester sheet footer
<img width="616" height="73" alt="image"
src="https://github.com/user-attachments/assets/64755f56-4e27-4b54-92b2-a894badc0b88"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* RLS Tester preview banner added to the policies page with animated
content and a locally persisted dismissed state.
* Enabling the RLS Tester via the preview also dismisses and records the
banner dismissal.
* New feedback link added to the RLS Tester UI that opens in a new tab.
* **Layout/Providers**
* Banner stack context moved so banner state is available more broadly
across the app.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
prolly Introduced in:
- #45130 &
- Closes#45301
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated guides for Realtime Broadcast and Presence features with
simplified API key retrieval links. The revised documentation now
provides a more streamlined path to access the configuration dialog for
retrieving API credentials, enhancing clarity and reducing setup
friction for real-time functionality.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Why
Two auto-generated files have been tracked in git but the committed
copies are stale because every Vercel deploy overrides them in the build
artifact. Both have misled at least one investigation into thinking
production was out of date.
| File | Generator | Live (prod) | Committed (master) |
|---|---|---|---|
| `apps/www/public/sitemap_www.xml` | `pnpm postbuild` ->
`internals/generate-sitemap.mjs` | 704 URLs, `last-modified` matches
latest deploy | 604 URLs, last touched 2025-09-30 (`cb66b6b6`) |
| `apps/ui-library/public/llms.txt` | `pnpm build:llms` ->
`scripts/build-llms-txt.ts` (wired into `build`) | 57 entries, `Last
updated: 2026-04-27` | 56 entries, `Last updated: 2026-02-20` (last
touched 2026-03-17, `9bf981f3`) |
Production has been correct the whole time. The git copies just look
authoritative when they aren't, and they show up in audits and code
searches as if they were the live data.
The same gitignore pattern is already applied to
`apps/www/public/sitemap.xml` at `apps/www/.gitignore:29` — this PR
extends the pattern to two more files that should never have been
committed.
Discovered while investigating AI-bot crawl optimization for
`supabase.com/llms-full.txt`. An audit initially flagged "sitemap is
stale, missing 44 blog posts" — that turned out to be entirely about
reading the dead git file. Same kind of false signal would happen for
anyone inspecting the ui-library llms.txt locally.
## What changes
**`apps/www`:**
- Add `public/sitemap_www.xml` to `apps/www/.gitignore`.
- `git rm --cached apps/www/public/sitemap_www.xml`.
- Updated the gitignore comment to mention the regeneration path.
**`apps/ui-library`:**
- Add `public/llms.txt` to `apps/ui-library/.gitignore` (with a comment
pointing at the generator).
- `git rm --cached apps/ui-library/public/llms.txt`.
Both files remain on disk locally; their respective build steps
regenerate them as before.
## What does NOT change
- Production behavior for either file: postbuild / build:llms remain
authoritative.
- Generator code: `apps/www/internals/generate-sitemap.mjs` and
`apps/ui-library/scripts/build-llms-txt.ts` are untouched.
- robots.txt, sitemap index, docs sitemap: unchanged.
- `apps/learn/public/llms.txt`: left tracked. Its generator
(`apps/learn/scripts/build-llms-txt.ts`) is **not** wired into the
`build` script, so it's manually generated and committed — different
pattern, leave alone.
## Test plan
- [ ] After merge, trigger or wait for next prod deploy. Confirm
`https://supabase.com/sitemap_www.xml` still serves a fresh ~700-URL
response with current `last-modified` header.
- [ ] Confirm `https://supabase.com/ui/llms.txt` still serves a fresh
response with `Last updated:` matching the deploy date.
- [ ] Confirm `git ls-files apps/www/public/ apps/ui-library/public/` no
longer lists either file.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Improved handling of auto-generated sitemap files so they are no
longer tracked in the repo after builds.
* **Documentation**
* Removed the published auto-generated LLMs reference page from the UI
library to avoid shipping stale documentation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
Adds `/<page>.md` routes for 10 marketing/product pages (homepage, auth,
database, edge-functions, realtime, storage, vector, pricing,
modules/cron, modules/queues) so AI agents can fetch clean markdown
instead of parsing JS-rendered HTML. Also advertises the markdown
alternate via `<link rel="alternate" type="text/markdown">` on marketing
and docs pages so agents can discover it.
Pricing is generated dynamically via `generatePricingContent()` (single
source of truth with `/llms.txt` and `/llms-full.txt`); the other nine
slugs are bundled at build time from `content/md/*.md` into a
`MD_CONTENT` map.
Supersedes #44891 (rebased fresh off current master to avoid a 9-commit
replay over rename/rename conflicts created by #44897).
## Changes
- New `/api-v2/md/[...slug]` route handler returns the bundled markdown
(or dynamic pricing) with `Content-Type: text/markdown`,
`X-Content-Type-Options: nosniff`, and appropriate cache headers
- Middleware rewrites `/<slug>.md` and `Accept: text/markdown` to the
API route for the `MD_PAGES` allowlist; trailing-slash variants
(`/auth/`) are normalized so they resolve the same as `/auth`
- Build-time codegen `scripts/generateMdContent.mjs` scans `content/md/`
and emits `app/api-v2/md/content.generated.ts` exporting both
`MD_CONTENT` (Map) and `MD_PAGES` (Set, incl. dynamic `pricing`). Fails
the build on slug collision between `content/md/` and `DYNAMIC_SLUGS`.
Adding a new marketing `.md` is just dropping a file in `content/md/`
(also update `PRODUCT_OVERVIEW_LINKS` in `/llms.txt` since that list is
editorial).
- 8 permanent redirects `/llms/<product>.txt` → `/<product>.md` so
legacy URLs in caches and downstream `llms.txt` copies keep working
- `/llms.txt` product overview now references `.md` URLs (incl.
`modules/cron`, `modules/queues`); `/llms-full.txt` iterates
`MD_CONTENT.values()` (homepage first, then alphabetical) and appends
dynamic pricing
- `/llms/[slug]` route slimmed to proxy SDK reference files (`js.txt`,
`dart.txt`, etc.) since redirects handle product slugs and pricing;
pricing branch retained as fallback in case redirects are bypassed
- `apps/www/pages/_app.tsx` injects the alternate link conditionally
based on `MD_PAGES`; `/pricing` (app router) sets it via page metadata
- `apps/docs/app/page.tsx` (the `/docs` root) sets the text/markdown
alternate to `/llms-full.txt`; per-guide pages override with their
specific `.md` URL via `genGuideMeta` in `GuidesMdx.utils.tsx`. Other
docs pages (reference, troubleshooting) inherit nothing.
- `apps/www/.vercelignore`: replaces the prior `*.md`/`README.md` rules
with `*.md` + `!content/md/**/*.md` so Edge Function READMEs and future
scratch `.md` files aren't silently shipped to the build artifact
- Drops `apps/www/data/llms/*.txt` and the related
`outputFileTracingIncludes`
- Test coverage for the new middleware branches: `.md` suffix rewrite
(allowlisted vs. fall-through), `Accept: text/markdown` content
negotiation, trailing-slash normalization
## Testing (Vercel preview)
Local dev server smoke tests passing on `:3771` after each iteration.
Re-verified on the preview URL after the latest hardening commit:
- [x] `curl -I https://<preview>/llms/auth.txt` — expect `308 Permanent
Redirect` to `/auth.md`
- [x] `curl https://<preview>/auth.md | head -3` — expect `# Supabase
Auth`
- [x] `curl https://<preview>/pricing.md | head -3` — expect `# Supabase
Pricing` with current tier values
- [x] `curl https://<preview>/modules/cron.md | head -3` — expect `#
Supabase Cron`
- [x] `curl -H 'Accept: text/markdown' https://<preview>/ | head -3` —
expect `# Supabase` (homepage.md)
- [x] `curl https://<preview>/llms.txt` — Product Overview section lists
`.md` URLs and includes Cron + Queues
- [x] `curl https://<preview>/llms-full.txt | grep -E '^# Supabase
(Cron\|Queues\|Pricing)'` — Cron and Pricing each match once; Queues
matches twice (marketing module + existing docs guide)
- [x] View source on `/`, `/pricing`, `/database` — expect `<link
rel="alternate" type="text/markdown" href="/<slug>.md">`
- [x] View source on `/docs` — expect `<link rel="alternate"
type="text/markdown" href="/llms-full.txt">`
- [x] View source on a docs guide page (e.g., `/docs/guides/auth`) —
expect per-guide `.md` alternate; reference/troubleshooting pages should
NOT emit a markdown alternate
- [x] `curl -I https://<preview>/auth.md` — expect
`X-Content-Type-Options: nosniff`
- [x] `curl -I -L -H 'Accept: text/markdown' https://<preview>/auth/` —
should resolve to markdown content (trailing-slash normalization, with
Vercel's auto-redirect)
## Linear
- fixes GROWTH-760
## Follow-up (separate PR)
GROWTH-760 also asks about extending `.md` to blog/customers/events.
Different mechanism (path-prefix middleware, MDX read at request time
via `gray-matter`) so it deserves its own review. Will open a follow-up
PR after this lands.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Serve prebuilt and dynamic Markdown docs via new markdown endpoints
and routing; pages now advertise markdown alternates (including
pricing).
* Added Cron and Queues module documentation pages.
* **Documentation**
* Minor formatting tweaks to Realtime and Storage docs.
* **Chores**
* Added build-time Markdown content generation and adjusted
ignore/deploy rules for generated files.
* Added redirects from legacy text-based product URLs to new markdown
pages.
* **Tests**
* Expanded tests for markdown routing and content-negotiation behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## What kind of change does this PR introduce?
UI and copywriting improvements for temporary access.
## What is the current behavior?
The temporary access UI still used older JIT/ephemeral naming in some
places, did not clearly explain the setup requirements, and had to infer
unavailable states from Platform error message text.
## What is the new behavior?
The settings UI now uses temporary access naming consistently, explains
that temporary access uses short-lived tokens for manual database
connections, and renders clearer unavailable states for projects that
require either a Postgres upgrade or a platform migration.
The Studio query now consumes Platform’s structured `unavailableReason`
contract instead of parsing human-readable error strings, so the UI owns
the copy while Platform owns the eligibility reason.
Validation:
- `pnpm eslint
components/interfaces/Settings/Database/JitDatabaseAccess/JitDbAccessConfiguration.tsx
data/jit-db-access/jit-db-access-query.ts`
- `pnpm tsc --noEmit --pretty false`
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* IP range input now supports one CIDR range per row with add/remove
rows and form integration.
* **Documentation**
* Replaced “JIT” wording with “Temporary” / “Ephemeral token-based”
access across UI, dialogs, toasts, and help links.
* Added minimum PostgreSQL version requirement (17.6.1.081+).
* **Improvements**
* Per-row CIDR validation with precise nested error messages.
* Refined layout spacing and moved the temporary-access configuration
earlier in Database settings.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Etienne Stalmans <etienne@supabase.io>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
Ali Waseem