Small docs update on new postgres logs behaviour
part of O11Y-1519
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added a "Limits and Caveats" section clarifying Supabase
Platform-specific behavior for PostgreSQL RAISEd log messages: platform
log events are truncated at 100,000 characters (no truncation for
self-hosting), and certain internal PostgreSQL connection logs generated
by infrastructure services are omitted (these omissions do not apply to
self-hosted deployments).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
docs update
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated authentication guide for Turnstile CAPTCHA setup with
simplified, more direct instructions for configuring the widget and
obtaining keys.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
This PR syncs the latest troubleshooting guides from the
supabase/troubleshooting repository.
Co-authored-by: github-docs-bot <github-docs-bot@supabase.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
docs update
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated the Figma OAuth social login setup guide with corrected links
to the Figma Developers portal for accurate authentication
configuration.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
- Fix `secret_access_key` value as publishableKey is not currently
supported
- Add variable values for local dev
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Enhanced S3 authentication guide with local development setup details
and credential examples for access-key and session-token flows
* Added environment-specific configuration notes for local and
self-hosted deployments
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## TL;DR
fixes cron losing http body/headers when values contain backslashes,
broken by:
- #45560
parser now handles escape-string literals (`E'...'`) emitted by
`literal()`
## ex:
Before:
https://github.com/user-attachments/assets/9f7c3c13-5c49-448d-aac1-b64e27e269f4
After:
https://github.com/user-attachments/assets/2c517c4d-9eaa-412f-9b40-5eaacc2c2b2d
## ref:
- closes https://github.com/supabase/supabase/issues/45674
- broken by / adds upto: #45560
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **Bug Fixes**
* Improved reliability of cron job HTTP POST request parsing when using
special characters and escape sequences in headers and body parameters.
* Enhanced support for extracting headers from cron job commands
configured with escaped SQL literals.
* **Tests**
* Added test coverage for HTTP cron job command parsing with escaped SQL
string literals and special character handling.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Adding Michelle :)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated project team member documentation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
- Adds a hardcoded `BANNER_EXPIRES_AT` constant to `NoticeBanner` so
long-lived tabs running an old client bundle stop displaying outdated
notices once the relevant date passes.
- Self-suppresses on every bundle that ever shipped — no server-side
flag flip, no refresh, no over-suppression on unrelated deploys.
- The existing `showNoticeBanner` ConfigCat boolean stays in place as
the emergency kill-switch.
For future banners, set `BANNER_EXPIRES_AT` to the time the notice
should stop rendering (e.g. end of a maintenance window, or a generous
tail after a TOS effective date).
Closes
[FE-3175](https://linear.app/supabase/issue/FE-3175/suppress-stale-maintenance-banner-on-old-client-bundles).
## Test plan
- [x] Locally set `BANNER_EXPIRES_AT` to a past date and confirm the
banner does not render.
- [x] Set it to a future date and confirm the banner renders as before.
- [x] Confirm flipping `showNoticeBanner` off in ConfigCat still hides
the banner.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added automatic expiration for notice banners, ensuring outdated
notices no longer display after a specified date.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
We run the e2e tests across two shards to reduce their duration.
However, one takes longer than the other.
## Solution
Use a currently hidden Playwright feature to balance their load
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Upgraded Playwright test dependency to a newer version for refreshed
test tooling and fixes.
* Adjusted end-to-end test shard weighting to rebalance distribution
across parallel runs.
* **Tests**
* Stabilized several end-to-end editor interactions to make E2E flows
more reliable.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
We have lots of duplicated/deprecated components.
## Solution
- Migrate to new ones
- Fix invalid HTML
## Screenshots
Before (translate the hovered card up, first item in the screenshot):
<img width="2842" height="1178" alt="image"
src="https://github.com/user-attachments/assets/298b51ba-2f4e-4caa-888e-d0de7b22eb7f"
/>
After (same as the features page):
<img width="2824" height="954" alt="image"
src="https://github.com/user-attachments/assets/b34637a7-ed6f-4997-8bb1-a133d4a736ac"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Updated the Company page layout with modernized UI components and
simplified markup structure for improved clarity and consistency across
the Team, Investors, and Press sections.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Clarified anonymous-account linking guide: example now explicitly
checks that the current session is anonymous and exits early if not,
preventing unintended linking steps.
* Enhanced resumable uploads guide: added a note explaining why the
example reads the local session token to forward it for server-side
validation when interacting with direct storage endpoints.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Updates the documented CPU time limit from 200ms to the correct value of
2000ms (2 seconds) for Edge Functions in the shutdown guide.
**References:**
- Source:
https://github.com/supabase/edge-runtime/blob/main/.cargo/config.toml#L7
- Docs: https://supabase.com/docs/guides/functions/limits#runtime-limits
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated edge function shutdown reasons documentation to reflect an
increased CPU time limit of 2000 milliseconds (previously 200
milliseconds).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
docs update
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated custom OAuth provider quota documentation to clarify
plan-based limitations. Free plan projects can add up to 3 custom
providers, while Pro plan and above have unlimited providers.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the CONTRIBUTING.md file.
YES
## What kind of change does this PR introduce?
Docs update
## What is the current behavior?
- The React quickstart example does not handle errors when fetching
data.
- The local development guide uses inconsistent capitalization for
"docker".
## What is the new behavior?
- Adds basic error handling (`error` check) in the React quickstart
example to improve reliability.
- Fixes capitalization from "docker" → "Docker" for consistency with
official naming.
## Additional context
These are small improvements to enhance clarity and developer experience
in the docs.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Enhanced React quickstart guide with error handling for database
queries to prevent invalid data processing
* Corrected capitalization in local development guide
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
- Adds a "Custom instance type" input on the new-project modal, rendered
directly below the existing custom Postgres version field and gated
behind the same non-prod check.
- Wires the value through
`custom_supabase_internal_requests.ami.instance_type`, merged with the
existing AMI search-tag payload so both can be set independently.
<img width="312" height="133" alt="Screenshot 2026-05-07 at 12 32 41 PM"
src="https://github.com/user-attachments/assets/d4190a0f-0a54-46e6-ac0b-967548a3903f"
/>
## Test plan
- [x] On a non-prod build, open the new-project modal and confirm the
"Custom instance type" field appears below "Custom Postgres version".
- [ ] Submit with only an instance type set and verify the request body
includes `custom_supabase_internal_requests.instance_type` and no `ami`
block.
- [x] Submit with both fields set and verify both `ami.search_tags` and
`instance_type` are sent.
- [x] Submit with neither set and verify
`custom_supabase_internal_requests` is omitted.
- [x] Verify the field is hidden in prod builds.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added instance type field to project-creation wizard.
* Added an internal-only configuration panel for advanced customization.
* **Refactor**
* Simplified Advanced Configuration panel layout and behavior.
* **Documentation**
* Updated documentation links to use internal reference URLs.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
## Summary
Emits `BreadcrumbList` JSON-LD on every `/docs/guides/*` page served by
`GuideTemplate`. Search engines and AI crawlers get an explicit
hierarchical signal for the docs site (the marketing site already
shipped JSON-LD via #45451). The chain prepends `Docs > Guides` to the
existing resolver output, so a page like `/docs/guides/auth/passwords`
produces a 5-level chain with the leaf URL set per Google's spec.
## Changes
- New `apps/docs/lib/breadcrumbs.ts`: pure pathname → chain resolver,
server-safe. Extracted from the existing client `useBreadcrumbs` hook so
the same logic runs in both contexts.
- New `apps/docs/lib/json-ld.ts`: `serializeJsonLd` +
`breadcrumbListSchema` mirroring `apps/www/lib/json-ld.ts`.
- `Breadcrumbs.tsx` (visual) now delegates to the shared resolver —
single source of truth for visual + SEO chains.
- `GuideTemplate` takes a required `pathname` prop and emits `<script
type="application/ld+json">` next to `<Breadcrumbs />`. Skipped when the
chain is empty (e.g., page not in nav menu). Middle items without URLs
(e.g., the "Auth" section root) omit `item`, matching the visual
breadcrumb.
- 8 explicit-prop callers updated; `[[...slug]]` callers already spread
`data` (which carries `pathname`).
## Scope
**Out of scope:**
- `/docs/reference/*` (SDK reference) — no breadcrumbs rendered today,
would need separate traversal over spec JSON.
- `/guides/troubleshooting/*` — uses its own template, not
`GuideTemplate`.
- `TechArticle` per-page schema — high maintenance for marginal value.
## Testing (Vercel preview)
```bash
curl -s https://<preview>/docs/guides/auth/passwords | grep -oE '<script type="application/ld\+json"[^>]*>[^<]+</script>'
```
Expect a script tag with the chain `Docs > Guides > Auth > Flows
(How-tos) > Password-based`, leaf URL
`https://supabase.com/docs/guides/auth/passwords`.
- [x] `/docs/guides/auth/passwords` — 5-item chain, leaf URL present
- [x] `/docs/guides/getting-started/features` — 4-item chain, all items
have URLs
- [x] `/docs/guides/getting-started/ai-prompts/<slug>` — special-case
chain (`Getting started > AI Tools > Prompts > <slug>`), leaf URL falls
back to pathname
- [x] `/docs/guides/database/database-advisors` (explicit-prop caller) —
chain renders
- [x] Visual breadcrumb on the same pages still renders correctly
- [ ] Validate output through [Google Rich Results
Test](https://search.google.com/test/rich-results) on a deployed preview
URL
- [x] `/docs/guides/troubleshooting/<slug>` — no JSON-LD emitted
(different template, intentional)
## Linear
- fixes GROWTH-820
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added JSON-LD breadcrumb markup to guide pages to improve
search/discovery.
* **Improvements**
* Centralized breadcrumb generation for consistent, accurate breadcrumbs
across guides.
* Multiple guide pages updated to ensure breadcrumbs and page context
display correctly.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES/NO
## What kind of change does this PR introduce?
Bug fix, feature, docs update, ...
## What is the current behavior?
Please link any relevant issues here.
## What is the new behavior?
Feel free to include screenshots if it includes visual changes.
## Additional context
Add any other context or screenshots.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated team roster information.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
- Add `npm:` in code blocks targeting Edge Functions.
- Remove unnecessary import lines.
## What is the current behavior?
Some code blocks targeting Edge Functions are missing this prefix.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated code examples in the Supabase Server blog post to reflect
current import specifications.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## What kind of change does this PR introduce?
feature
## What is the new behavior?
Update dashboard templates to use new `@supbase/server` SDK
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Updates**
* Standardized edge function templates to use a unified request handler
with built-in Supabase context, improved secret-based flows, and
consistent handling of OPTIONS, streaming, binary, and websocket
responses.
* Unified error handling to return consistent JSON error and simplified
success/unauthorized payloads across AI, database, storage, webhook,
email, image, and websocket templates.
* **Documentation**
* Guide examples and text updated to use the revised auth mode naming
(ctx.authMode).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## What kind of change does this PR introduce?
UI styling consistency for table grid frozen-column borders
## What is the current behavior?
The custom style targeted a non-existent React Data Grid class
(`.rdg-cell-frozen-last`), so the frozen column divider was not visible.
## What is the new behavior?
- Frozen-column divider now targets the actual rendered structure:
- body: `.rdg-row .rdg-cell-frozen:nth-last-child(1 of
.rdg-cell-frozen)`
- header: `.rdg-header-row .rdg-cell-frozen:nth-last-child(1 of
.rdg-cell-frozen)`
- Header bottom border remains consistent on the last frozen column.
- Dark mode now applies a balanced divider contrast using
`border-r-strong` for the last frozen divider (header + body), avoiding
both faint and overly harsh appearance.
| Before | After |
| --- | --- |
| <img width="1167" height="690" alt="colors Table Editor Chisel
Toolshed Supabase-A1CB0078-936B-4213-B931-B2D23C5FCCA9"
src="https://github.com/user-attachments/assets/1f2c89c0-55d0-4fc9-9d9a-c66cda66ec4b"
/> | <img width="1167" height="690" alt="colors Table Editor Chisel
Toolshed Supabase-4E3F8C10-0E40-4035-8D5F-1BCDD0AF75D3"
src="https://github.com/user-attachments/assets/55a3053b-c30b-441b-a3f2-98bc403fdf27"
/> |
| <img width="1167" height="690" alt="colors Table Editor Chisel
Toolshed Supabase-7BFFFBC0-8F9A-4895-B141-275AFF206CAB"
src="https://github.com/user-attachments/assets/faa50426-7547-4986-bf25-5c1c39199b72"
/> | <img width="1167" height="690" alt="colors Table Editor Chisel
Toolshed Supabase-C179A558-89BA-4913-993B-1C7DFDBC5299"
src="https://github.com/user-attachments/assets/a6f8bf17-b061-4079-b471-ad26be277470"
/> |
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Enhanced the visual appearance of frozen grid columns with refined
border styling for the last frozen column, ensuring improved consistency
across both light and dark themes.
* Optimized frozen column header and cell styling for better visual
presentation across all color schemes, delivering a more polished and
cohesive user interface experience.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Add myself to humans.txt
## What is the current behavior?
My name is not in humans.txt
## What is the new behavior?
My name will be in humans.txt
## Additional context
None
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Added "David Whittington" to the public HUMANS team list in the
documentation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Tiny grammar followup
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Documentation
* Updated blog post with clearer explanations of Supabase Server
functionality and improved TypeScript usage examples.
* Enhanced environment variable guidance for local development and
platform configuration.
* Refined migration guidance with updated terminology and more
consistent phrasing throughout the post.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
- Converts ~27 `executeSql` call sites in `apps/studio/data/**` to build
SQL through `safeSql` / `ident` / `literal` / `keyword` /
`joinSqlFragments` instead of raw template-string interpolation.
- Tightens the `useDatabaseCronJobCreateMutation` and
`useDatabaseEventTriggerCreateMutation` `sql`/`query` parameter types
from `string` to `SafeSqlFragment` (callers already produce one).
- Updates `getDeleteEnumeratedTypeSQL` in `packages/pg-meta` to return
`SafeSqlFragment`.
- Fixes a bug noticed while testing where Queues integration does not
correctly handle queues with uppercase names.
## Pages to manually test
- Integrations > Cron Jobs
- Integrations > Queues
- Database > Triggers > Event Triggers
- Database > Indexes
- Reports > Query Performance
- Storage
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **Bug Fixes**
* Queue lookups now correctly handle case-insensitive queue names.
* Queue table references are now properly managed and consistently
applied throughout the queue management interface.
* Improved queue name display normalization in the user interface.
* **Chores**
* Enhanced SQL query safety across the database layer through
parameterized query construction and safer templating approaches.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
The connect button was missing its text
Before:
<img width="833" height="244" alt="Screenshot 2026-05-06 at 17 46 23"
src="https://github.com/user-attachments/assets/c03e972f-bef6-4bd7-8819-dd51509c58eb"
/>
After:
<img width="678" height="208" alt="Screenshot 2026-05-06 at 17 46 58"
src="https://github.com/user-attachments/assets/5b020017-133e-47c3-8138-925c27299665"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved screen reader accessibility in the Connect button by refining
how text visibility is handled based on button display mode.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
Clicking button does nothing. toggling back to enable shows error
related to pool size
## Solution
Fix the form validation schema
## How to test
- Go to Realtime Settings `/realtime/settings`
- Try disabling it
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Two-step save: clicking Save opens a confirmation before changes are
applied.
* Warning displayed when database pool size exceeds 50% of max
connections (max shown dynamically).
* **Improvements**
* Form adapts to suspended vs. active realtime states with fewer
required fields when suspended.
* Better field labeling and accessibility; form resets and consistent
feedback after successful updates.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Context
As per PR title - just updates the NoticeBanner component for TOS update
information
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a Terms of Service update notification banner to inform users
about recent policy changes.
* Notification includes a dialog/modal with full update details, links,
and effective date; it replaces the previous maintenance notification so
users receive clear, actionable information.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
- Adds a reusable `<LegalDocVersions />` component (dropdown below the
page header) that swaps the active legal doc version inline via shallow
query-param routing (`?version=v1`).
- Converts `/terms` and `/enterprise-terms` from MDX to TSX pages and
moves their content into versioned MDX under
`apps/www/data/legal/<doc>/v1.mdx`.
- Seeds `v2.mdx` for both docs as a copy of v1 with the effective date
bumped to 6 May 2026 — the actual v2 language edits from legal will land
in a follow-up commit.
## Behavior
- `/terms` and `/enterprise-terms` default to v2 (latest); search
engines and bare URLs always see the latest.
- `/terms?version=v1` (and equivalent for enterprise) renders v1.
- Selecting a version updates the URL via `router.replace({ shallow:
true })` — no full page reload, browser back/forward works.
- Selecting the latest version clears the `version` query param.
- Existing `/docs/company/terms → /terms` redirect still works.
`noindex/nofollow` preserved on `/enterprise-terms` (both via meta and
the existing header rule).
## Out of scope
- The 5 v2 provision edits per agreement (lands in a follow-up once
Legal hands over the final language).
- `/privacy` and other legal pages — those keep their current pattern.
Linear:
[FE-3121](https://linear.app/supabase/issue/FE-3121/update-legal-terms-pages-and-add-version-selector)
## Test plan
- [ ] Visit `/terms` — defaults to v2, dropdown shows "Version 2 — May
6, 2026" and "Version 1 — July 11, 2025"
- [ ] Visit `/terms?version=v1` — renders v1
- [ ] Select v1 from the dropdown — URL becomes `?version=v1`, content
swaps without full page reload (no document request in Network tab)
- [ ] Select v2 — URL drops the `version` param, latest renders
- [ ] Browser back/forward steps through prior selections
- [ ] Repeat the above on `/enterprise-terms`
- [ ] Confirm `/enterprise-terms` is still `noindex, nofollow`
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Version selector and new Terms & Enterprise Terms pages allowing users
to switch between historical agreement versions.
* MDX-based legal documents now render as components for improved
content loading.
* **Documentation**
* Added v2 Terms and v2 Enterprise subscription agreements; v1 documents
adjusted and typography normalized for consistency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Tidying up the bottom panel in unified logs. Taking care of some visual
quirks etc. Also preparing this area to house some other future concepts
via tabs.
| Before | After |
|--------|--------|
| <img width="828" height="384" alt="Screenshot 2026-04-30 at 11 24 09"
src="https://github.com/user-attachments/assets/804bdf1c-7cdb-4dd8-bf1e-31c434ef1436"
/> | <img width="830" height="407" alt="Screenshot 2026-04-30 at 11 22
53"
src="https://github.com/user-attachments/assets/28555efe-f893-4bae-bcb0-284e6db733e6"
/> |
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Redesigned service flow panel with Overview and Raw JSON tabs
* Added Previous/Next navigation controls with Arrow Up/Down keyboard
support
* New detail components and section headers with icons for clearer
organization
* Improved Postgres detail view and message/session display
* **Bug Fixes / Changes**
* Removed legacy header UI and related controls
* **UI / Style**
* Enhanced copy-to-clipboard feedback animation
* Updated "Load more" button styling
* Adjusted panel sizing for improved resizing behavior
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Ali Waseem <waseema393@gmail.com>
Prevents the AI assistant from helping with local git/filesystem
operations, and adds explicit warnings before irreversible database
operations (DROP TABLE, DELETE without WHERE, etc.).
Adds a `safetyScorer` and eval cases to cover these behaviours.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a Safety metric to evaluations so assistant responses are scored
for safe handling of destructive or risky requests
* Assistant guidance updated to refuse destructive local VCS/filesystem
actions and require clear warnings for irreversible database operations
* **Tests**
* Added evaluation cases covering safe refusals, clear warnings, and
correct handling of destructive or risky prompts
* **Chores**
* Enabled Safety metric in online evaluation manifests/handlers
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
- Adds a note explaining that skills install at **project scope by
default** (committed to git, shared with team and cloud agents) and that
`--global` installs across all projects
- Mentions `--all` for users who work across multiple AI agents
- Cross-links the [Supabase agent
plugin](/docs/guides/getting-started/plugins) from both the agent skills
and MCP docs for users who want the MCP server and skills in a single
install
Closes
[AI-672](https://linear.app/supabase/issue/AI-672/add-other-plugins-to-docs-with-clearer-project-vs-global-level)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated AI skills installation guide with detailed instructions for
project-scoped, global, and multi-agent installation options
* Enhanced MCP setup guide with recommendation to install the Supabase
agent plugin for streamlined configuration
* Added direct link to the skills npm package for improved resource
accessibility
* Refined compatibility information in AI skills guide
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Jeremias Menichelli <jmenichelli@gmail.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Clarified API key changes (new publishable/secret scheme, where to
obtain each, legacy keys valid through end of 2026) and updated many
getting-started tutorials with clearer setup, flow, and auth guidance.
* **New Features**
* Added/expanded profile photo/avatar upload and account integration
steps across multiple tutorials.
* **Guides**
* Added guidance on auth helper methods and when to use them.
* **Examples**
* Example app updated to use token claims for auth state.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Katerina Skroumpelou <mandarini@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Logo field now accepts/editable logo URL, plus a new storage-based
Logo Picker to select or remove images from project storage.
* Full storage picker: browse buckets, columns/list views, search,
drag‑and‑drop uploads, file previews (image/audio/video), and
single-file selection with responsive mobile/desktop layouts.
* **Refactor**
* Logo submission streamlined to send the provided URL directly (legacy
file-read/upload flow removed).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
We want to upgrade to react 19. However some libraries aren't compatible
with it. Besides, `next-mdx-remote` is now archived and not maintained
anymore.
## Solution
The [NextJS
documentation)[https://nextjs.org/docs/15/app/guides/mdx#remote-mdx]
suggest using
[`next-mdx-remote-client`](https://github.com/ipikuka/next-mdx-remote-client)
which was a fork of `next-mdx-remote`.
- [x] migrate `apps/www` from `next-mdx-remote` to
`next-mdx-remote-client`
- [x] migrate `apps/www` from `next-mdx-remote` to
`next-mdx-remote-client`
I haven't noticed any change in the pages.
When upgrading to react 19, we'll have to use v2 of
`next-mdx-remote-client`.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Switched MDX rendering/serialization to a newer client-focused
implementation across docs and site for improved compatibility.
* **Bug Fixes**
* Improved handling of serialization errors so MDX failures render clear
fallback messages instead of breaking pages.
* **Chores**
* Updated local environment template value for the public anonymous key.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
The Supabase CLI sometimes fails to start because the postgres port is
already used:
> failed to start docker container: Error response from daemon: failed
to set up container networking: driver failed programming external
connectivity on endpoint supabase_db_supabase
(10587f26e7287c8086fd27db12be7aac4afe1f3fc521c9d7a8dfe109993c995d):
failed to bind host port for 0.0.0.0:54322:172.18.0.2:5432/tcp: address
already in use
## Solution
None yet, debugging
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Enhanced end-to-end test workflow with added pre-start and failure
diagnostics for better observability and troubleshooting of test runs.
* Updated the e2e setup CLI script to skip certain local services by
default and clarify script formatting for maintainability.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## TL;DR
The edge function tester was sending service role tokens even when
anonymous was selected,
Fixed by moving the role context provider to wrap both the selector and
the submit handler
## sol:
| Before | After |
|--------|-------|
| <img width="589" alt="Service role JWT sent when Anonymous selected"
src="https://github.com/user-attachments/assets/f4072838-4031-4325-9fd6-7519e50bd080"
/> | <img width="471" alt="Anon JWT correctly sent when Anonymous
selected"
src="https://github.com/user-attachments/assets/86160946-398e-456e-9585-66e3e49f16ed"
/> |
| Selecting "Anonymous" had no effect, always sent `service_role` |
Selecting "Anonymous" correctly sends it now |
## ref:
- Closes https://github.com/supabase/supabase/issues/45619
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Internal code structure improvements to enhance maintainability and
component organization.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
The dashboard renders all timestamps in the browser's local timezone.
When debugging app issues, users often want to see logs and timestamps
in a different timezone (e.g. their app's deployment region) without
changing their OS clock.
## Fix
- New Timezone submenu in the user-avatar dropdown, sitting next to the
existing Theme picker. Search-as-you-type combobox over the full IANA
catalog plus an Auto detect option.
- Selection persists in localStorage (`supabase-ui-timezone`) and
survives `clearLocalStorage()`. No backend schema change.
- New `lib/datetime.tsx` exposes pure timezone-aware formatters
(`formatDateTime`, `formatDate`, `formatTime`, `formatFromNow`,
`toTimezone`) plus a `TimezoneProvider` and matching React hooks
(`useTimezone`, `useFormatDateTime`, ...). The pure functions take `tz`
explicitly so they're easy to unit test (17 vitest cases covering DST
transitions, multi-tz formatting, unix-micro/Date inputs, invalid-tz
fallback).
- The selected timezone propagates to every existing `<TimestampInfo>`
in Studio via a new `TimestampInfoProvider` context exported from
`ui-patterns`. No per-callsite changes needed for those ~20+ surfaces.
- The `UnifiedLogs` date column migrates off `date-fns` to the new
`useFormatDateTime` hook (the rest of the date-fns callers stay as-is,
since they're either internal range math or non-display).
- `ALL_TIMEZONES` (~600 entries) moves out of `PITR.constants.ts` into a
shared `lib/constants/timezones.ts`. PITR keeps a re-export shim so its
callers don't move. New `TIMEZONES_BY_IANA` dedupes the catalog by
primary IANA name (the original list contains both PDT and PST rows for
`America/Los_Angeles`, etc.) and `findTimezoneByIana` provides reverse
lookup.
- Telemetry: `timezone_picker_clicked` PostHog event with
`previousTimezone`, `nextTimezone`, `isAutoDetected` properties.
Notes for reviewers:
- Bare `dayjs(x).format(...)` calls (~157 files) intentionally still
render in browser-local time. Surfaces opt in by switching to the new
wrappers, so this PR is the abstraction plus logs adoption; broader
migration is a follow-up.
- Two `// prettier-ignore` lines (`apps/studio/pages/_app.tsx`,
`apps/studio/components/interfaces/UnifiedLogs/UnifiedLogs.fields.tsx`)
work around a pre-existing local-tooling issue where
`prettier-plugin-sql-cst` strips angle-bracket type arguments under
certain conditions. Project's pinned prettier (3.8.1) does not strip;
the issue surfaces with a globally-installed prettier. Worth tracking
separately.
- Hydration: `guessLocalTimezone()` and `useLocalStorageQuery` are
client-only. Studio is mostly CSR via the Pages Router, but any SSR'd
`<TimestampInfo>` may briefly render in the server's tz before client
hydration. Existing behavior already had this mismatch with `.local()`;
this PR does not regress it.
- Backend timestamps round-tripped through query params and mutations
stay UTC. The picker is display-only.
## How to test
- Run `pnpm dev:studio`, sign in.
- Open the user avatar dropdown (top right). Hover Timezone.
- Search for "tokyo", pick `(UTC+09:00) Osaka, Sapporo, Tokyo`.
- Open any project, navigate to Logs (e.g. `Project > Logs > Edge
Functions`). Hover a log row's timestamp; the popover should show UTC,
the chosen tz (`Asia/Tokyo`), and the relative time. Visible cell text
should be in JST.
- Visit any page that uses `<TimestampInfo>` (Database > Backups,
Project Pause state, Edge Function details). Same tooltip should reflect
Asia/Tokyo.
- Refresh the page; timezone is still Asia/Tokyo.
- Reopen the picker, choose Auto detect; timestamps revert to browser
local.
- Run `pnpm --filter studio test lib/datetime.test.ts`. 17 tests should
pass.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Timezone selector added to the user menu with auto-detect and manual
override
* App-wide timezone provider and hooks plus a shared timezone catalog
for consistent timezone-aware display
* Timestamp components accept an optional timezone prop and respect user
preference (persisted)
* **Bug Fixes / Improvements**
* Logs and timestamp displays now use the new timezone formatting hooks
* **Tests**
* Added comprehensive datetime and timezone catalog tests
* **Telemetry**
* Telemetry event added for timezone picker interactions
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
Two visual regressions surfaced after the Tailwind v4 migration
(#45318):
1. The Postgres upgrade-failed banner used the deprecated `Alert`
component, whose `warning` variant relies on custom `amber-1100` /
`amber-1200` color tokens that no longer resolve. The title rendered as
near-white on the yellow background.
2. The sonner toast close button forced `bg-transparent!
hover:bg-transparent!`, letting the library's default translucent circle
bleed through against the toast's overlay background on hover.
## Fix
- Migrate `ProjectUpgradeFailedBanner` to `Admonition` (the recommended
replacement per the deprecation note on `Alert`), which uses semantic
`warning-*` tokens defined in the theme.
- Drop the transparent-bg overrides on the sonner close button and give
it a proper `hover:bg-surface-200` with a fixed `size-6` hit area so the
X has a clean hover target.
## Before
<img width="2940" height="338" alt="image"
src="https://github.com/user-attachments/assets/2cf2cf52-cdf2-429d-b50c-5dc4e5b9c84b"
/>
## After
<img width="1642" height="506" alt="CleanShot 2026-05-06 at 11 14 03@2x"
src="https://github.com/user-attachments/assets/b6c9b3e2-9d3e-437d-92a6-95d12730e842"
/>
## Testing
- [ ] Trigger a failed Postgres upgrade state and confirm the banner
title/description/actions are all readable on the amber background.
- [ ] Fire a toast and hover the close button — the hover should show a
subtle square background, not a translucent circle.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fix**
* Project upgrade failure banner now only appears when an upgrade has
failed and no longer supports dismissing.
* **Style**
* Replaced the warning banner UI with a streamlined admonition that
shows only a “Contact support” action.
* Improved toast close-button styling for clearer sizing, color, and
interaction states.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated core SDK dependencies to latest compatible versions for
improved system stability and security.
* Enhanced workspace dependency configuration management by expanding
and reorganizing package constraints to optimize compatibility across
all modules and reduce potential build conflicts.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs update to add additional guidance when Edge Functions service shows
unhealthy.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added troubleshooting guide for Edge Functions unhealthy state,
including steps to verify functions, check invocation logs, and
potential solutions for resolving the issue.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
