## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs update
## What is the current behavior?
Currently, we have a doc that was created to provide details about
platform audit logs (organization level)
## What is the new behavior?
This adds a detail about account audit logs, which provide the same
details as the platform audit log. The difference is account audit logs
only show logs for the specific user account.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Enhanced Platform Audit Logs guide to clarify that each account has
access to separate Account Audit logs for tracking individual user
activity.
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46467?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Adds a consumer-side guide for hardening npm installs of @supabase/*
packages: lockfile hygiene, minimum-release-age quarantine across
pnpm/yarn/npm/bun, private registries, provenance verification,
lifecycle script controls, blocking exotic transitive refs, Edge
Functions specifics, and an incident-response checklist.
Lives at guides/security/ alongside platform-security and
product-security; filesystem-driven sidebar picks it up automatically.
Originally drafted in supabase/supabase-js#2382 and moved here per
review.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added an npm security hardening guide (lockfile & CI practices,
release-age quarantines, transitive/exotic dependency controls,
provenance verification, lifecycle-script hardening, package-manager
pinning, CI/lockfile hygiene, Deno/Edge guidance, incident-response
checklist).
* Added a navigation entry for the new guide.
* Note: guide frontmatter contains unresolved merge-conflict markers.
* **Chores**
* Expanded spelling allowlist to include common tech terms (e.g.,
lockfile, sigstore, postinstall).
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46384?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
### Summary
Changed the Supabase email domain in public facing docs `security.txt`
and `security-testing.mdx`
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated the official security contact email address across security
documentation, testing guidelines, and policy resources to ensure users,
security researchers, and developers have accurate contact information
for reporting vulnerabilities and coordinating responsible disclosure
efforts.
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45772)
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Corrected internal documentation links across auth guides (Custom
Access Token Hooks), database hit-rate guides (Disk IO / compute
anchors), functions deployment (Dashboard quickstart), and product
security (Realtime authorization) for proper targets and path
formatting.
* Updated Storage page doc links for analytics and vector introductions.
* Updated Database page “Supabase ETL” docs link to the replication
guide.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Updates our documentation pages around the Data API to include
instructions on how to grant the necessary privileges across API roles
across tables and functions. Current behaviour means this is largely
unnecessary as privileges are granted by default on public schema, but
adding instructions will help cover scenarios where this isn't the case
and expose some of the underlying magic happening.
## To test:
- These updates refer to new settings that are added to the data api
that give more visibility and control over what tables and functions are
accessible via the api.
- To view these settings you'll need enable `tableEditorApiAccessToggle
` feature flag
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added a new "Data API" guide and removed the old "Hardening the Data
API" page
* Updated navigation links to surface the new Data API guide
* Expanded quickstarts, SDK install pages, and security guides with
step‑by‑step Data API exposure, default‑privileges, RLS guidance, and
SQL GRANT examples (including function EXECUTE notes)
* Updated troubleshooting references and added redirects for legacy
documentation paths
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: SaxonF <1072756+SaxonF@users.noreply.github.com>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
*Summary*
- reorganize the navigation menu to highlight modules, consolidate API
security content, and move guide entries (auto-generated docs, type
generation, security topics) to the intended sections
- relocate the Data API hardening and custom claims RBAC guides into the
API subtree, updating internal references and redirects, and fixing
cross-links (including adjusting the Security reference order)
- adjust data API topic references (e.g., securing guide and role
management) to point to the new paths and ensure the helper link
ordering follows the requested layout
*Testing*
- Not run (not requested)
Change 1
<img width="1286" height="576" alt="image"
src="https://github.com/user-attachments/assets/d903e9b0-bbfc-403f-bcb9-eee540e466db"
/>
Change 2
<img width="1176" height="666" alt="image"
src="https://github.com/user-attachments/assets/82b3ea4c-b8d4-4cb9-ad90-6c39c8a1a997"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Reorganized API documentation structure, consolidating REST and
GraphQL API guides under a dedicated API section.
* Moved security-related guides to API documentation paths for better
organization.
* Implemented automatic redirects for old documentation links to new
locations.
* Updated navigation menu to reflect the restructured documentation
layout.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
New Go landing page for the upcoming Bolt webinar. This is where we will
direct customers who want to learn more to go to request a meeting.
---------
Co-authored-by: Alan Daniel <stylesshjs@gmail.com>
fixing doc inconsistencies: privatelink is in beta not alpha, and read
replicas can be requested by contacting account rep.
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs Update.
## What is the current behavior?
Inconsistent docs.
---------
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
- Move from Audit Trail naming to more explicit "Auth Audit Logs" / "Platform Audit Logs" (we were throwing in the term trails on the pricing page but using logs in dashboard and docs)
- New Platform Audit Logs docs under security
- Moved Platform Audit Logs under Security on pricing page given it is not just for dashboard (previous category), but also for API
- Added tooltips for both on pricing page
* fix: rewrite relative URLs when syncing to GitHub discussion
Relative URLs back to supabse.com won't work in GitHub discussions, so
rewrite them back to absolute URLs starting with https://supabase.com
* fix: replace all supabase urls with relative urls
* chore: add linting for relative urls
* chore: bump linter version
* Prettier
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
* chore: new security page without flag
Remove feature flag for new security page
* chore: add additional docs
* chore: prettier
* chore: move mfa enforcement page
* fix: link fixes
* feat: add SOC 2 page to docs
* feat: more linking
* fix: make linters happy
* fix: prettier
* chore: make security page available
* typo: sp
* publish security
* chore: publish new security section
* change mobile menu to show Security on Security section
---------
Co-authored-by: Charis Lam <26616127+charislam@users.noreply.github.com>
