## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Include the v2 mgmt API spec in the official docs. This PR merges the v1
and v2 specs when generating the reference, with v2 taking precedence on
conflicts.
Fixes API-1215
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Docs now include API v2 reference: log-drain management
(list/create/update/delete) and project transfer (preview/transfer).
* **Documentation**
* Generated API reference now merges v1 and v2 specs so both appear in
the docs and section listings.
* New v2 operations added to Analytics and Projects documentation
sections.
* **Chores**
* Docs generation pipeline updated to accept and process multiple API
spec inputs.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
# Second try of making a new better process for SDK automation
Instead of building a new pipeline. We will take the lessons learned
form round 1, plus the good design and improvement on DX quality for
drop-in file as a single step required from SDK team and produce almost
identical set of files as used right now to render using the current
pipeline.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* New reference-content pipeline producing per-library reference
artifacts and integrating into prebuilds, search ingestion, and
rendering (type-aware examples).
* **Documentation**
* Added comprehensive JavaScript SDK v2 reference content and partials
(Auth MFA, passkeys, admin, TypeScript support, filters, modifiers,
Installing, Initializing, Buckets, etc.).
* **Tests & CI**
* Added regression snapshot test and updated workflows to refresh
reference snapshots and ensure spec downloads.
* **Chores**
* Updated ignore rules, build scripts, Makefile targets, and package
lifecycle hooks.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Katerina Skroumpelou <mandarini@users.noreply.github.com>
Co-authored-by: Katerina Skroumpelou <sk.katherine@gmail.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs update.
## What is the current behavior?
No docs for client-side trace propagation with the JS SDK. Users with
OpenTelemetry-instrumented apps had no way to find out that supabase-js
can attach W3C Trace Context headers and that `trace_id` shows up in API
Gateway and Edge Function logs.
## What is the new behavior?
New guide at `/guides/telemetry/client-side-tracing` covering
requirements, opt-in setup (`tracePropagation: true`), advanced options,
domain scoping, where `trace_id` appears in Supabase logs, and
troubleshooting. Linked from the Logging & observability nav.
Preview:
https://docs-git-docs-otel-sdk-supabase.vercel.app/docs/guides/telemetry/client-side-tracing
## Additional context
First of several planned SDK tracing guides. When the next SDK gets one
we'll restructure into a shared `tracing/` folder.
## Summary by CodeRabbit
* **Documentation**
* New comprehensive guide for client-side trace propagation with the JS
SDK: explains W3C Trace Context header behavior, requirements, setup
steps, opt-in examples, advanced configuration, domain/security notes,
and troubleshooting when trace IDs are missing.
* Added a new "Tracing with the JS SDK" entry in the Logging &
observability navigation for easy access to the guide.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* New comprehensive guide for client-side trace propagation with the JS
SDK: explains W3C Trace Context header behavior, requirements, setup
steps, opt-in examples, advanced configuration, domain/security notes,
and troubleshooting when trace IDs are missing.
* Added a "Tracing with the JS SDK" entry under Logging & observability
for quick access.
* Documentation metadata updated to reference the latest source
snapshots.
* Lint rules updated to allow "OpenTelemetry", "Zipkin", and "noop".
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46218?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
## Summary
Updates reference docs based on recent **stable** releases across
supabase-js, supabase-flutter, and supabase-py. Only changes that landed
in a stable tag are documented.
## Changes analyzed
| SDK | Repo | Stable tag range | Notes |
|-----|------|-----------------|-------|
| js | supabase/supabase-js | `v2.105.0` → `v2.105.3` | Bug fixes and
type improvements; no doc-worthy API changes |
| dart | supabase/supabase-flutter | → `supabase_flutter-v2.13.0` |
`anonKey` deprecated → `publishableKey` |
| py | supabase/supabase-py | `v2.29.0` → `v2.30.0` | New: `.select()`
chaining on write builders |
| swift | supabase/supabase-swift | `v2.46.0` | Dependency bumps only |
| kt | supabase-community/supabase-kt | `3.6.0` | Test coverage
improvements only |
| csharp | supabase-community/supabase-csharp | `v1.1.2` | No changes |
> **Note**: The JS `storage.from().exists()` breaking behavior change
and `PostgrestError instanceof` fix were intentionally excluded — they
are only in the `v3.0.0-next` pre-release branch, not in any stable
`v2.x` tag.
## Documentation updates
### `apps/docs/spec/supabase_dart_v2.yml`
- Rename `anonKey` parameter → `publishableKey` in
`Supabase.initialize()` to match the deprecation in
[supabase-flutter#1360](https://github.com/supabase/supabase-flutter/pull/1360)
(landed in `supabase_flutter-v2.13.0`)
- Update Flutter example to use `publishableKey:` named argument
- Note that `anonKey` is still accepted but deprecated
### `apps/docs/spec/supabase_py_v2.yml`
- Add `.select()` chaining examples to `insert()`, `update()`,
`upsert()`, and `delete()` write builders, newly supported in
[supabase-py v2.30.0](https://github.com/supabase/supabase-py/pull/1383)
- Add notes to each write method mentioning select chaining capability
---
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **Documentation**
* Dart SDK: Updated client initialization to use `publishableKey`
parameter; deprecated `anonKey` remains supported for backward
compatibility.
* Python SDK: Added examples demonstrating how to chain `.select()` with
write operations (`insert()`, `update()`, `upsert()`, `delete()`) to
retrieve specific columns from modified rows.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
## Description
Replaces legacy `anon` / `service_role` key references with the new
`publishable` / `secret` naming across SDK spec files under
`apps/docs/spec/`. Mirrors the rename table established by
[supabase-js#2280](https://github.com/supabase/supabase-js/pull/2280),
so the auto-generated reference docs at
supabase.com/docs/reference/{js,dart,kotlin,python,swift} stay
consistent with the SDK source.
## Files changed
| File | Highlights |
| --- | --- |
| `supabase_js_v2.yml` | Rename example vars `anon_key` →
`publishable_key`, `service_role_key` → `secret_key`; admin notes use
`secret`. |
| `supabase_dart_v2.yml` | Rename `anonKey` param → `publishableKey`
(matches the live Flutter SDK — see
[supabase-flutter/supabase.dart#L81](https://github.com/supabase/supabase-flutter/blob/main/packages/supabase_flutter/lib/src/supabase.dart#L81));
update call-site; example var `serviceRoleKey` → `secretKey`; admin
notes use `secret`. |
| `supabase_kt_v2.yml`, `supabase_kt_v3.yml` | Replace
`'publishable-or-anon-key'` placeholders with `'your-publishable-key'`;
admin notes use `secret`; fix `importAuthToken(\"service_role\")` →
`importAuthToken(\"your-secret-key\")` (the Kotlin SDK's
`importAuthToken(accessToken: String, …)` takes a JWT, not a role name).
|
| `supabase_py_v2.yml` | All `service_role` references → `secret`;
example var `service_role_key` → `secret_key`. |
| `supabase_swift_v2.yml` | Replace placeholders with
`'your-publishable-key'`; admin notes use `secret`; example var
`serviceRoleKey` → `secretKey`. |
| `storage_v0_config.yaml` | Rewrite `ANON_KEY` / `SERVICE_KEY` env var
**descriptions** in publishable/secret terms. **Env var names kept** —
see below. |
## Why the storage env var names are unchanged
`storage_v0_config.yaml` documents the env vars used to configure the
storage server (multi-tenant deployments). The `id` and `title` fields
must match the actual env var names the binary reads. The storage server
still reads its config from env vars literally named `ANON_KEY` and
`SERVICE_KEY`:
-
[`storage/src/config.ts#L614`](https://github.com/supabase/storage/blob/master/src/config.ts#L614)
— `getOptionalConfigFromEnv('SERVICE_KEY')`
-
[`storage/src/config.ts#L625`](https://github.com/supabase/storage/blob/master/src/config.ts#L625)
— `getOptionalConfigFromEnv('ANON_KEY')`
There is no `PUBLISHABLE_KEY` / `SECRET_KEY` reader on master. Renaming
the doc IDs would break self-hosted deployments — users following the
docs would set the wrong env var and the storage server would silently
fall back to generating its own JWT. Until the storage server itself
adds publishable/secret env support, only descriptions can be updated.
(Same reasoning for not bumping `storage_v0_config.yaml` →
`storage_v1_config.yaml`: the `_v0_` tracks the storage server's own API
version, paired with `storage_v0_openapi.json` downloaded from
`supabase.github.io/storage/api.json`. The server hasn't shipped a v1
API.)
## What we deliberately did NOT rename
Per the same rules established in supabase-js#2280:
- **JWT role claims** like `role: 'anon'` / `role: 'service_role'` —
these are functional Postgres role names in JWT payloads, not key
labels.
- **Real SDK identifiers** that haven't been renamed in the source (we
only rename in the doc when the underlying SDK rename has shipped). The
Dart `anonKey` rename was safe to apply because the Flutter SDK already
ships `publishableKey` as the preferred named parameter (with `anonKey`
`@Deprecated`).
## Out of scope
- **All `*_v1.yml` SDK spec files** (`supabase_js_v1`,
`supabase_dart_v1`, `supabase_kt_v1`, `supabase_swift_v1`). Older SDK
versions, not worth churning.
- **`cli_v1_commands.yaml`**. This file is auto-generated by the CLI
repo's release workflow
([`cli/tools/bumpdoc/main.go`](https://github.com/supabase/cli/blob/develop/tools/bumpdoc/main.go))
and the example outputs come from
[`cli/docs/templates/examples.yaml`](https://github.com/supabase/cli/blob/develop/docs/templates/examples.yaml)
— embedded in the CLI binary at build time. Any edits we make here would
be clobbered by the next CLI release. The fix needs to land upstream in
the CLI repo (note: the CLI itself already ships publishable/secret
naming in \`supabase status\` output — see
[`cli/internal/status/status.go#L40-L44`](https://github.com/supabase/cli/blob/develop/internal/status/status.go#L40-L44)
— but the doc-generation template is stale).
- **`supabase_csharp_v0.yml` / `supabase_csharp_v1.yml`** — checked,
already neutral. Both files use a generic `SUPABASE_KEY` env var with no
`anon` / `service_role` references.
- **Renaming the legacy Dart `anonKey` parameter itself** — that's an
SDK-side change. The Flutter SDK already exposes `publishableKey` as the
preferred parameter; full removal of `anonKey` will happen in a future
major version per the SDK's own deprecation comment.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Standardized API key naming across SDK docs: use publishable (client)
and secret (server/admin) key terminology
* Updated server-side admin examples and warnings to require secret keys
and emphasize never exposing them in client code
* Unified initialization examples across JavaScript, Dart, Kotlin,
Python, and Swift
* Corrected Storage spec metadata to point to the proper configuration
file
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Replaces "stored procedures" with "functions" for everything related to
the Data API.
## Additional context
It's not accurate to call database functions "stored procedures". It may
have been that way before Postgres 11, but now it causes confusion
because PostgREST allows functions and not stored procedures.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Standardized terminology across docs, SDK guides, CLI/config specs,
examples, UI, and config comments to use "database functions" instead of
"stored procedures".
* Updated API docs, CLI/config descriptions, Studio UI labels, help
text, empty-state and navigation copy, RPC documentation, and example
text for consistency.
* Adjusted explanatory text and error/help messages to reflect the
revised terminology.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
- Adds a warning note to `onAuthStateChange()` that an `onError` handler
is **required**
- Updates all three Dart code examples (spotlight, specific-event,
unsubscribe) to include `onError`
## Background
Network errors (e.g. a token refresh attempted while the device is
offline) are emitted as stream errors on `onAuthStateChange`. If no
`onError` handler is provided, Dart rethrows them as unhandled zone
exceptions, crashing the app.
This is tracked in supabase/supabase-flutter#1281. The SDK itself
already handles this internally (`supabase_auth.dart` has its own
`onError`), but user-facing code that calls `.listen()` without
`onError` is still vulnerable.
The companion SDK fix (example app + doc comment in
`gotrue_client.dart`) is in a separate PR in
`supabase/supabase-flutter`.
## Test plan
- [ ] Review the rendered diff in the Dart reference docs
(`/docs/reference/dart/auth-onauthstatechange`)
- [ ] Confirm all three code examples now show `onError`
- [ ] Confirm the new note is visible in the Notes section
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Clarified auth-state change docs to require explicit error handling in
listeners and updated all examples to show an error callback to avoid
unhandled exceptions.
* Updated the documented list of auth event names to the new set
(including initialSession and mfaChallengeVerified) and adjusted
examples accordingly.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs - [CLI Config
Reference](https://supabase.com/docs/guides/local-development/cli/config#auth.mfa.totp.enroll_enabled)
## What is the current behavior?
Default values in the cli config reference for mfa totp are set as
`true` which is not correct.
## What is the new behavior?
Changed to use `false` and match the default `config.toml`.
<img width="868" height="723" alt="Screenshot 2026-04-01 at 15 53 54"
src="https://github.com/user-attachments/assets/5e3e33a0-5edb-44d6-a013-4327aef537b4"
/>
## Additional context
Fixes: https://github.com/supabase/cli/issues/3737
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated CLI configuration defaults for TOTP multi-factor
authentication. TOTP enrollment and verification are now disabled by
default. Users relying on these features may need to manually enable
them in their configuration if required.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs update
## What is the new behavior?
- Added docs for analytics and vector buckets
- Added missing docs for some storage bucket methods
- Improved OAuth / OTP guide
- Small fixes
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Documentation
- Updated Kotlin authentication guides with improved examples, API
naming consistency, and comprehensive Kotlin Multiplatform support
- Added documentation for identity linking with ID tokens
- Expanded Storage API documentation with new file operation methods
(`exists()` and `info()`)
- Added extensive vector storage bucket operations and management
documentation
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
## Summary
The CLI now collects usage telemetry (supabase/cli#5019) with opt-out
via `supabase telemetry disable` or `SUPABASE_TELEMETRY_DISABLED=1`. The
self-hosting docs previously stated "no telemetry" without
distinguishing Docker from the CLI. This PR discloses CLI telemetry
across docs and regenerates the CLI reference spec to include the new
telemetry commands.
## Changes
- Update self-hosting telemetry section: Docker has no telemetry, CLI is
separate with opt-out instructions and link to full telemetry docs
- Regenerate `cli_v1_commands.yaml` from CLI v2.88.0, adding
consolidated `supabase telemetry` reference page
- Add Telemetry category to `common-cli-sections.json` for CLI reference
nav
- Add telemetry section to CLI getting-started guide with opt-out
commands and env vars
## Testing
Tested on Vercel preview:
- [x] `/docs/guides/self-hosting#telemetry` renders with CLI telemetry
note and link to full docs
- [x] `/docs/reference/cli/supabase-telemetry` renders single
consolidated reference page
- [x] `/docs/guides/local-development/cli/getting-started#telemetry`
shows opt-out section
## Linear
- fixes GROWTH-754
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Bug fix.
## What is the current behavior?
Running `make` in `apps/docs/spec` (used by the `docs-js-libs-update`
workflow) fails with:
```
ERR_PNPM_RECURSIVE_EXEC_FIRST_FAIL Command "redocly" not found
make: *** [Makefile:56: dereference.api.v1] Error 254
```
This regression was introduced in #44428, which removed `@redocly/cli`
from `packages/generator/package.json` as an "unused" dependency. It was
previously placed there because the Makefile ran `cd packages/generator
&& pnpm exec redocly` — but that directory had no logical ownership of
the dependency.
## What is the new behavior?
- `@redocly/cli` is now a devDependency of `apps/docs`, which is the
package that owns the spec generation workflow.
- The Makefile no longer `cd`s into `packages/generator` for the redocly
calls. It runs `pnpm exec redocly` directly from `apps/docs/spec`, where
the binary is now available.
- The `tsdoc:dereference` targets are unchanged and still `cd` into
`packages/generator` to run scripts defined there.
## Additional context
The `cd packages/generator` pattern for redocly was introduced in #42987
to fix a peer dependency resolution issue with `npx @redocly/cli`. The
fix was correct but placed the dependency in the wrong package. This PR
moves it to its logical home.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Added documentation processing tool as a development dependency.
* Updated documentation generation configuration to optimize command
execution paths.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
