Extends the SQL editor's destructive query detection to catch dangerous
operations (DROP, DELETE, TRUNCATE) hidden within dynamic SQL execution
patterns like `EXECUTE`, `EXECUTE format()`, `OPEN cursor FOR EXECUTE`,
and `RETURN QUERY EXECUTE`.
Previously, only direct statements like `DROP TABLE users` triggered
warnings. Dynamic SQL inside PL/pgSQL blocks bypassed detection
entirely.
Closes FE-3603 and https://github.com/supabase/supabase/issues/46876
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved detection of potentially destructive SQL across many
execution styles, including DROP/DELETE/TRUNCATE, ALTER ... DROP COLUMN,
and dynamic/executed or string-constructed queries to reduce missed
destructive cases.
* **Tests**
* Expanded test coverage for SQL validation with extensive positive and
negative scenarios covering dynamic execution patterns (EXECUTE
variants, concatenation, dollar-quoted and escaped strings) to reduce
false positives and negatives.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Update to support text area for functions
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Secret inputs now accept and preserve multi-line values and
auto-resize to fit content.
* Secret values can be masked/unmasked via a show/hide toggle with
tooltip; masking uses styled concealment.
* Per-secret controls refined: clearer row layout, dedicated remove
icon, and add/save controls moved to the card footer.
* **Tests**
* Added tests validating multi-line secret entry and that submitted
payloads include embedded newlines.
* Updated tests to assert masking/unmasking behavior via visual security
styling.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: kemal <hello@kemal.earth>
<img width="1521" height="967" alt="image"
src="https://github.com/user-attachments/assets/8d7bed1f-3ed8-4311-bd4b-92345ae02a52"
/>
Updates project settings integration page to more aligned with our
updated layout guidance (as defined in layout.mdx in design system).
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Refined the integrations settings page layout and visual design across
AWS PrivateLink, GitHub, and Vercel integration sections for improved
consistency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Makes it possible to reset password from the connect sheet. Once reset
the password is shown temporarily in the connection string for copy. The
copy prompt action does not copy the password.
<img width="1043" height="953" alt="image"
src="https://github.com/user-attachments/assets/fe1a33bb-839f-47e3-b07f-7a5fa1df2b8d"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Session Pooler notice for direct connections on IPv4 networks
* Option to show a temporary database password during direct-connection
setup
* **Improvements**
* New password reset dialog with strength checks and generation
* Connection-copy behavior now redacts temporary passwords and produces
cleaner copy prompts
* **Tests**
* Added tests covering connection-string password insertion/replacement
and copy-prompt behavior
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Bug fix
## What is the current behavior?
returnTo is not correctly validated
## What is the new behavior?
returnTo is validated
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved validation of redirect URLs used after organization creation;
when a return URL is provided it is now validated before redirecting,
while auth-related query parameters are still preserved.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Bug fix
## What is the current behavior?
Closes#46824
In the Studio table editor, when inserting a new row into a table with
an auto-generated primary key (or any non-text column with a default
value), clearing the field after editing it sends an empty string `""`
in the insert payload. This causes Postgres to reject the insert with:
```txt
ERROR: 22P02: invalid input syntax for type bigint: ""
```
## What is the new behavior?
When inserting a new row, cleared fields that are
identity/default-backed and non-text are now omitted from the insert
payload, so Postgres applies the column default or identity generation
instead of receiving an empty string.
For example:
- id bigint generated by default as identity cleared → omitted, Postgres
auto-generates id.
- created_at timestamptz default now() cleared → omitted, Postgres
applies now().
- name text cleared → preserved as "", because empty string is a valid
explicit text value.
## Additional context
After the fix:
https://github.com/user-attachments/assets/78e9eb9c-9518-4894-8547-d18ffa78869a
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* New-record saving now respects column defaults and identity behavior:
empty inputs for identity or defaulted non-text columns are omitted so
defaults are applied, while intentional empty strings for text fields
are preserved.
* **Tests**
* Added test coverage validating new-row creation behavior with
default/identity handling and empty-text preservation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: Ali Waseem <waseema393@gmail.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Bug fix.
## What is the current behavior?
Closes#46829.
When a cron job's command uses `jsonb_build_object(...)` header syntax,
`parseCronJobCommand` captures the argument list with `([^)]*)`
(stopping at the first `)`) and splits it on every `,`. A header name or
value that legitimately contains a comma or parenthesis is split into
the wrong pairs, shifting every following header and leaving a trailing
header with an undefined value. Because the edit sheet rebuilds the
command from these parsed fields, saving a job (even just changing its
schedule) silently rewrites its stored headers.
## What is the new behavior?
The `jsonb_build_object` argument list is parsed with a scanner that
respects single-quoted SQL literals (`''` escapes) and nested
parentheses, splitting only on top-level commas. Header names and values
containing commas or parentheses now round-trip unchanged. Added four
regression tests in `CronJobs.utils.test.ts`.
## Additional context
Verified locally: `vitest` cron suite 48/48 pass (the 4 new tests fail
without the fix), `tsc --noEmit` clean, ESLint clean, Prettier clean,
and `next build` succeeds.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Corrected HTTP header parsing in cron jobs so header values with
commas, parentheses, escaped quotes, or escape-string prefixes are
preserved and don't corrupt adjacent arguments.
* Ensured commas inside header values no longer swallow following body
arguments.
* **New Features**
* Added robust SQL-literal and JSONB-argument parsing to reliably
extract name/value pairs from JSONB-style headers.
* **Tests**
* Added tests covering complex header value cases and
whitespace/escaping edge cases.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
- closes https://github.com/supabase/supabase/issues/46818
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved truncation detection in the table row editor to consider
column data formats, yielding more accurate handling of JSON and array
field values and avoiding incorrect truncation/skipped updates.
* **Tests**
* Updated and added tests to validate format-aware truncation behavior,
including multidimensional array cases.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR improves the replication UI in the following ways:
- Adds a new selecion picker for destinations which is split by the
destination location and it's clearer and can scale more when we add
more destinations.
- Adds a much improved section on lag, highlighting new metrics that
could help debug issues more easily.
- Improves the copy across the whole code.
- Fixes the 2d topological view of replication with better status
handling.
### Screenshots
<img width="1270" height="777" alt="image"
src="https://github.com/user-attachments/assets/0ffc890e-2f80-47e5-bdb1-75071adda024"
/>
<img width="1665" height="656" alt="image"
src="https://github.com/user-attachments/assets/23a27a02-acb2-4891-af95-5bc1d6ec7bfe"
/>
<img width="1454" height="247" alt="image"
src="https://github.com/user-attachments/assets/c8799983-aa63-42b2-9370-ae4e009c1573"
/>
<img width="1120" height="340" alt="image"
src="https://github.com/user-attachments/assets/20a18ad6-e5a9-40ec-80d4-42d6f783d868"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Live slot health indicators, legend, and connection badges.
* Grouped destination type dropdown with alpha badges.
* **Improvements**
* Clearer UI copy for external destinations, alpha disclaimers, and
onboarding flows.
* Consolidated "n/a" handling for lag displays and richer metric
tooltips.
* Simplified replication diagram visuals and clearer table/row
status/lag presentation.
* Replication status responses now include expanded slot health and lag
metrics.
* **Tests**
* New test suites covering destination selection and destination row
states.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
Follow-up to the upgrade CTA placement experiment (#45858). The
`PlanUsageCard` count metrics (Monthly active users) were abbreviated to
`50k`, which reads ambiguously. This shows them in full with thousands
separators (`50,000`) to match the pricing page.
- `Monthly active users` row now renders e.g. `8,200 / 50,000` instead
of `8.2k / 50k`.
- Collapses the two count formatters (`formatCount` /
`formatCountLimit`) into one `toLocaleString()` call so the current
value and limit always use the same format.
- GB metrics (Egress, Database size, File storage) are unchanged.
## Test plan
- [ ] On the org projects page with the `org_projects_list` variant, the
Monthly active users row shows full numbers (`0 / 50,000`).
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Updated plan usage display formatting to show full numbers with
thousands separators instead of abbreviated notation, improving clarity
when viewing usage limits.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Details of change
Adds Snowflake to the Studio replication destination flow:
- destination selection and display
- create/edit form fields
- validate/create/update payload serialization
- generated Platform API types
Snowflake remains gated behind `etlEnableSnowflakePrivateAlpha`.
**Note:** I have configured `etlEnableSnowflakePrivateAlpha` in
ConfigCat ("all" in staging and tied to my own org id in prod).
## Details of Verification Process
- Studio focused Vitest coverage for form serialization and diagram
mapping
- Studio typecheck
- ESLint on changed Studio replication files
- Local `mise fullstack:dev` smoke test to confirm the Snowflake form
renders ok.
<img width="937" height="569" alt="image"
src="https://github.com/user-attachments/assets/8d6b3a87-1f9d-4a59-91da-be719714ea49"
/>
Full create/validate E2E depends on the Platform PR and ETL runtime
rollout.
## Review Requests
Please check the Snowflake wire payload matches the Platform/ETL
contract and that gating/edit/display behavior follows the existing ETL
destination patterns.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Snowflake added as a supported replication destination (private-alpha
gated), including UI for selecting and configuring connection and auth
(account, user, database, schema, role, private key, optional
passphrase).
* **Validation**
* Form validation and submission now handle Snowflake-specific
required/optional fields.
* **Tests**
* Unit tests added for Snowflake form behavior and replication-type
detection.
* **API**
* Destination create/update/validate flows extended to accept Snowflake
payloads.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Reword the "I'm purchasing as a business" tooltip to frame it around
needing a tax ID rather than being "tax-registered."
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated payment method setup guidance to clarify when to enable tax ID
information and confirm receipts remain available regardless of this
setting.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Previously the `overflow-hidden` on the custom report charts container
was cutting off the tooltip within the card bounds. This PR introduces
`PortalChartTooltip` here so the tooltip is able to appear outside of
the bounding area. It is still directionally aware, just relative to the
page viewport as opposed to bounding box.
| Before | After |
|--------|--------|
| <img width="376" height="341" alt="image"
src="https://github.com/user-attachments/assets/4a85901c-6b68-4f02-a13f-d2e261267348"
/> | <img width="466" height="324" alt="Screenshot 2026-06-09 at 11 45
38"
src="https://github.com/user-attachments/assets/0071c670-ef12-4df5-90fc-79df19ce98ca"
/> |
If you want to test quickly but have no data, you can ask Claude to
generate you a dummy custom report chart and then move it around, test
the long tooltips.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Tooltips can now render in a dedicated layer to improve visibility and
avoid clipping.
* Option added to enable portal-rendered tooltips in condensed/snippet
views.
* **Bug Fixes**
* Improved tooltip positioning to prevent overflow outside the viewport.
* Corrected percentage label suffixes in chart tooltips.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
Replaces the header upgrade CTA (PR #44494, which design team wanted to
iterate on) with a placement experiment that tests three non-chrome
surfaces for the free-plan "Upgrade to Pro" CTA.
PostHog flag `upgradeCtaPlacement` (free-plan users only) with four
arms:
| Variant | Surface |
| --- | --- |
| `control` | No CTA (baseline cohort, still tracked) |
| `user_dropdown` | Full-width button pinned in the account dropdown |
| `org_projects_list` | Project-card-shaped usage tile, first card in
the org project grid |
## Details
### `user_dropdown`
- Full-width `Upgrade to Pro` button in `UserDropdown`, gated to
org-scoped routes only (`/project/*`, `/org/*`) so the org-billing CTA
never shows on `/account`, `/organizations`, etc. — addresses the scope
concern raised in review.
- Dropdown uses controlled `open` state so it closes before navigation
(it lives in the global layout, so a route change alone wouldn't dismiss
the overlay).
### `org_projects_list`
- `PlanUsageCard` renders as the first `<li>` in the project grid (via
`ProjectList`'s `prependCard`), matching `ProjectCard` shape so it reads
like another project tile. Also renders during the project-list loading
state to avoid pop-in.
<img width="3804" height="1494" alt="Arc 2026-06-08 20 02 54"
src="https://github.com/user-attachments/assets/09c2218c-43d1-49ce-bae7-5075c9750d72"
/>
### Shared card styling
- Metric rows (Egress, Database size, Monthly active users, File
storage) show `current / limit` with a progress ring; ring/value turn
warning at ≥80% and over at ≥100%.
- Rows are clickable deep-links to `/org/[slug]/usage#<anchor>` with a
hover chevron and dashed separators; the same row component is used by
both the embedded and project-card variants.
- Skeleton placeholder renders from first paint so the card reserves
layout while `useOrgUsageQuery` resolves.
- Exposure is fired optimistically while the org query loads (skeleton
shows immediately), but the experiment exposure event only fires once
free-plan is confirmed.
### Telemetry
- `upgrade_cta_clicked` with `placement: user_dropdown | home_usage_card
| org_projects_list`.
- `upgrade_cta_placement_experiment_exposed` with `variant` — the custom
exposure event (snake_case experiment id `upgrade_cta_placement`; the
flag key stays camelCase `upgradeCtaPlacement`).
### Header CTA sunset
- `HeaderUpgradeButton` and its wiring in `LayoutHeader` /
`MobileNavigationBar` removed (master's #46144 already removed the
button; this branch drops the remaining `header_upgrade_cta_clicked`
event).
## Before merging
- [x] Create the `upgradeCtaPlacement` flag + experiment in PostHog (4
variants, free-plan targeting, custom exposure event
`upgrade_cta_placement_experiment_exposed`).
- [x] Archive the now-orphaned `headerUpgradeCta` flag.
## Test plan
- [x] Override the flag per variant via the dev toolbar on staging;
confirm each surface renders and `upgrade_cta_clicked` fires with the
right `placement`.
- [x] `control` shows no CTA but still emits the exposure event.
- [x] Paid-plan org and self-hosted (`IS_PLATFORM=false`) show nothing.
- [x] Clicking a metric row deep-links to the matching usage section;
clicking Upgrade routes to billing.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Experimentally surface an “Upgrade to Pro” CTA in the user dropdown
and on the projects page for eligible free-plan orgs.
* Added a Plan Usage card showing free-plan metrics and upgrade prompts
on the organization projects page; hides when irrelevant or errored.
* Project list and its loading view support inserting a custom/prepend
card in card mode.
* **Telemetry**
* Added tracking for CTA clicks and experiment exposure; placement is
persisted per org.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: kemal <hello@kemal.earth>
## Problem
The unified logs view was missing three log sources that the backend
already returns: Realtime (`realtime_logs`), Supavisor
(`supavisor_logs`), and PgBouncer (`pgbouncer_logs`). Users had no way
to filter or view logs from these services in the unified view.
## Fix
- Added `realtime`, `supavisor`, and `pgbouncer` to `LOG_TYPE_PREDICATE`
and `LOG_TYPE_EXPR` in the OTEL query builder so rows from these sources
are matched and labeled correctly.
- Added the three types to `LOG_TYPES` so filter chips appear in the UI.
- Added icons (`Realtime` from the icons package, `Cable` from
lucide-react for both pooler types) in `LogTypeIcon.tsx`.
- Added display labels in `formatServiceTypeForDisplay` (`Realtime`,
`Supavisor`, `PgBouncer`).
- Fixed a pre-existing unsafe cast in `ServiceFlowPanel.tsx` where any
log type not in the service flow allow-list (like the new types) would
produce a truthy `serviceFlowType` and trigger a runtime error on row
click. The fix checks against `SERVICE_FLOW_TYPES` before casting.
Note: `pg_cron_logs` is not included because the backend otel query does
not yet return that source.
## How to test
1. Open unified logs for a project that has Realtime activity.
2. In the log type filter, confirm `realtime`, `supavisor`, and
`pgbouncer` chips are visible.
3. Toggle on `realtime` and confirm Realtime logs appear with the
correct icon.
4. Click a realtime log row and confirm the detail panel opens on the
raw JSON tab without a runtime error.
5. Toggle on `supavisor` or `pgbouncer` and confirm pooler logs appear
if the project has connection pooler activity.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added support for three new log types — Realtime, Supavisor, and
PgBouncer — in Unified Logs with display labels, icons, and
filtering/viewing support.
* **Bug Fixes / UI Behavior**
* Service Flow “Overview” tab now only shows when the service type is
recognized, preventing irrelevant overview content for unsupported log
sources.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
> [!CAUTION]
> This new SSO field is UI-only until `oidc_issuer` is added to the
`config` object.
## What kind of change does this PR introduce?
Feature
## What is the current behavior?
The SAML SSO provider config form has no way to supply an OIDC Issuer
URL, which is required for enterprise-managed MCP authentication.
## What is the new behavior?
- Adds an **OIDC Issuer URL** field to the SAML SSO provider config form
(`/org/_/sso`) inside an "Advanced settings" collapsible.
- Minor UI touch-ups to that SSO form.
| After |
| --- |
| <img width="1434" height="2458" alt="94962"
src="https://github.com/user-attachments/assets/e56f83cd-6e30-4a3f-a78d-330fc053953a"
/> |
The `oidcIssuer` field is UI-only right now; it renders but does not
write. Before merging:
1. Add `oidc_issuer` to the SSO config API type (removes the `as any`
cast in `SSOConfig.tsx:219`)
2. Add `oidc_issuer: values.oidcIssuer || undefined` to the `onSubmit`
payload at `SSOConfig.tsx:183`
3. Wire the backend endpoint to persist and return the field
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* SSO settings now include an "Advanced settings" collapsible with an
OIDC issuer field.
* **UX / Bug Fixes**
* Small UI/description refinements in SSO forms and attribute-mapping
layouts.
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46187?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Cemal Kilic <cemalkilic96@gmail.com>
Co-authored-by: Cemal Kılıç <cemalkilic@users.noreply.github.com>
The usage page link in the UpcomingInvoice billing breakdown used the
incorrect path, resulting in a 404. Corrected to to match the rest of
the app.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Corrected the usage page link shown in the billing breakdown tooltip
for non-compute items so it now points to the proper /org/... URL,
ensuring users are taken to the correct usage page from billing
documentation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
- API may return a non-array shape that can crash `getKeys` because of
an hard coded cast
- getting API keys is cumbersome as consumers have to call two functions
## Solution
- consolidate `useAPIKeysQuery` + `getKeys` into a single `useAPIKeys`
hook
- guard `getKeys` so that it doesn't crash if passed a non array value
- update usages
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Unified how project API keys are retrieved across the studio,
resulting in more consistent loading/error handling and slight
responsiveness improvements when showing keys and related command
snippets. UI and permissions behavior remain unchanged for end users.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
Since the refactor done in #43900, the
`<PreventNavigationOnUnsavedChanges>` does not bring much value.
## Solution
Remove `PreventNavigationOnUnsavedChanges` and update consumers to
leverage `usePreventNavigationOnUnsavedChanges` and
`DiscardChangesConfirmationDialog`
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Improved the architecture of unsaved-changes navigation handling
across multiple features. Components now use a more modular hook-based
approach for better code organization and consistency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
- fix install badge state in wrappers detail page
- add "Install" button in top action bar
- "Install wrapper" if required extensions _aren't_ installed
- "Add new wrapper" if required extensions _are_ installed
- make wrappers "one-click install" by
- showing the required extensions in the CreateWrappersSheet
- and automatically installing them on wrapper submission
Only available behind `isMarketplaceEnabled` flag at the moment.
https://github.com/user-attachments/assets/38f5549d-938e-4e2f-a723-53b9a028e9dc
When a user has sorted by some column in the Table Editor and the column
is deleted, the sort data is wrong so it causes issues. In the general
view in the Table Editor, the error is handled by removing the sort key
when a specific error is detected but it can still happen in
ForeignRowSelector.
To test:
1. Have 2 tables with references between them.
2. In the `sessionStorage`, under the `supabase_grid-<ref>` key, update
the sort key to a non-existant column for a table.
3. Try to open the `ForeignRowSelector` for that table by clicking on a
cell in the referencing column.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Sorting now validates referenced columns and ignores invalid sort
entries.
* Local sort restoration and UI sort application now derive sorts from
the original table context for more consistent behavior across editors
and popovers.
* Prefetch logic uses the resolved table context when falling back to
saved sorts.
* **Tests**
* Added cases for malformed and out-of-scope sort parameters to prevent
regressions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
Project log drains had no way for users to verify a destination
connection before relying on it. Audit log drains already have a "Test
connection" action, and the management API exposes the equivalent
endpoint for project log drains (`POST
/platform/projects/{ref}/analytics/log-drains/{token}/test`).
## Fix
- Add `useTestLogDrainMutation`
(`apps/studio/data/log-drains/test-log-drain-mutation.ts`), mirroring
`useTestAuditLogDrainMutation`.
- Wire the already-present `onTestDrain` action in `LogDrains` to the
new mutation, so the "Test connection" item now appears in the project
log drains row menu.
- On success it shows a confirmation toast; failures surface the API
error message.
## Testing
- Added `apps/studio/data/log-drains/log-drains.test.tsx` covering the
test mutation hitting the project-scoped path.
- Manual: open Project Settings -> Log Drains, open a drain's menu,
click "Test connection".
Closes DEBUG-132
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a test capability for log drain connections. Users can now
validate that their log drain configurations are functioning correctly
before deployment to ensure proper log collection and data integrity.
The system provides immediate confirmation when tests succeed and
detailed error messages when issues occur, enabling users to quickly
troubleshoot and resolve connectivity problems.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
## Problem
1. Users can't resync/rebase production branches but those could get
stuck too
2. We currently check for branches health state to allow resync/rebase,
preventing to unblock some cases
## Solution
1. Add an menu item to resync/rebase production branches
2. Remove the unnecessary health checks
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added resync/retrigger for production (main) branches with a
confirmation dialog and loading state.
* **Improvements**
* Simplified and clarified branch action tooltip messaging.
* Refined availability and disabled logic for branch actions (permission
and in-flight handling).
* Improved UX for switching between preview and persistent branches,
including adjusted messaging for upgrade entitlements.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
smol fix :D
- closes https://github.com/supabase/supabase/issues/46730
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Corrected table count in footer to show the proper number and
singular/plural wording when pagination is active.
* Ensured table lists refresh correctly after deleting a table so
paginated/infinite lists update properly.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
The org Audit Log Drains page fires the same
`log_drain_save_button_clicked` and `log_drain_removed` telemetry events
as the project Log Drains page, even though they are distinct features
(project product logs vs. the org audit log). Org-scoped events should
have their own names and drop the project group.
## Fix
Add dedicated org-scoped events and use them in the org container:
- `audit_log_drain_save_button_clicked`
- `audit_log_drain_removed`
Both declare `groups: Omit<TelemetryGroups, 'project'>` (no project
group), matching the convention used by other org-scoped events (e.g.
the documents page events). The project Log Drains page keeps the
original `log_drain_*` events unchanged.
## How to test
- Open `/org/{slug}/audit-log-drains` (with the `auditLogsLogDrain` flag
enabled).
- Create a drain and confirm `audit_log_drain_save_button_clicked` fires
(with the destination type, org group, no project group).
- Delete a drain and confirm `audit_log_drain_removed` fires.
- Confirm the project Log Drains page still fires `log_drain_*` events.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated internal telemetry tracking for audit log drain operations to
improve monitoring and analytics of system behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
## Problem
The PostgREST observability page crashes for some projects with
`URIError: URI malformed`. The route renderer calls `decodeURIComponent`
directly on the request query string, which is user-controlled. A
malformed percent-sequence (for example a literal `%` in
`?discount=100%`) makes `decodeURIComponent` throw during render, taking
down the whole page via the global error boundary.
Tracked in Sentry issue 7536581822.
## Fix
Add a `safeDecodeURIComponent` helper that wraps `decodeURIComponent` in
a try/catch and falls back to the raw string on failure. Use it in the
route renderer. The sibling `queryParamsToObject` call is unaffected
since `URLSearchParams` already tolerates malformed escapes.
## How to test
- Open a project's PostgREST observability report
(`/project/[ref]/observability/postgrest`).
- Ensure a request with a malformed query string (e.g. a path containing
a bare `%`) appears in the data.
- Expected result: the row renders with the raw search string instead of
crashing the page.
- Unit tests for `safeDecodeURIComponent` cover valid decode, malformed
input, and empty string.
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Refactored the Database Create Index side panel to align with the
recommended Studio form patterns.
## What is the current behavior?
The side panel was using a legacy layout that did not follow the common
Studio form patterns.
It's also not a real form.
## What is the new behavior?
The Create Index side panel in the Database section is now consistent
with the Studio form patterns.
It's now a real form using `react-hook-form`
## Additional context
Before:
<img width="668" height="855" alt="image"
src="https://github.com/user-attachments/assets/d15ee63c-8d03-4780-8945-1792f0493133"
/>
After:
<img width="606" height="856" alt="image"
src="https://github.com/user-attachments/assets/78e0269c-e79c-42d1-a2c2-9465c0b0c46a"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **UI Improvements**
* Reworked index-creation panel into a validated, form-driven workflow
with clearer field interactions, multi-column selector, live read-only
SQL preview, and updated submit/cancel behavior.
* Footer actions: Cancel resets the form and closes the panel; Create
triggers form submission and reflects loading state.
* **Tests**
* Updated end-to-end flow to click "Select a table" (replacing "Choose a
table") during index creation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Gildas Garcia <1122076+djhi@users.noreply.github.com>
## Problem
Clicking a checkbox in the logs filter sidebar (Log Type, Status,
Method, etc.) doesn't do anything. The box ticks, but the log list and
counts don't change. Only the search bar at the top actually filters. On
top of that, opening a URL that already has filters renders the sidebar
checkboxes unticked, so the active filters are invisible.
## Solution
The top search bar and the sidebar each store a selected filter in a
different internal format. A recent change taught the query builder
(`columnFiltersToLogsFilters`) to understand only the search bar's
wrapped `{ operator, values }` format, so anything clicked in the
sidebar (a bare `string[]`) was thrown away before it reached the query,
and nothing refetched.
- Accept the sidebar's bare format, treating it as a plain "equals"
filter (which is exactly what a checkbox means). Sidebar clicks apply
immediately again.
- Seed the sidebar checkboxes from the URL: equality filter groups are
seeded as a bare `string[]` (the shape the checkbox reads), so they
render ticked on load. Non-eq groups (neq/ilike from the top bar) stay
wrapped so their operator survives a round-trip.
- Keep the time-range picker out of the `filter` URL param so it doesn't
get swept in by mistake.
- Extracted the URL-building (`buildFilterSearchUpdate`) and URL-seeding
(`logsFiltersToColumnFilters`) into pure helpers so the click-to-query
and URL-load wiring are unit tested, not just the transform.
## How to test
Open Unified Logs and click a Log Type / Status / Method checkbox in the
left sidebar. The list and counts should update right away, without
touching the top search bar. Reload the page (or open a shared URL with
filters): the matching sidebar checkboxes should be ticked.
`UnifiedLogs.filters.test.ts` covers both filter formats, the time-range
exclusion, cleared filters, the click-to-URL wiring, and the URL-load
round-trip (including that a neq filter is not downgraded to eq).
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Tests**
* Added coverage for filter ↔ URL conversions, checkbox grouping,
operator preservation, null/cleared handling, and timerange routing.
* **Bug Fixes**
* Consistently normalize and serialize varied filter input shapes.
* Omit non-allowlisted columns from URL filters.
* Ensure timerange uses its dedicated URL key and is removed when
cleared.
* **Refactor**
* Centralized filter serialization/deserialization and simplified URL
update wiring.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Bug fix
## What is the current behavior?
Scoped PAT access message checks `organization_slugs`/`project_refs` to
determine display text. This breaks when an org/project is deleted; its
tuple is removed and consequently from the token's slugs/refs, causing a
scoped token to incorrectly show "This token has access to all
resources."
## What is the new behavior?
Check the `token.scope` directly:
- `user` → "This token has access to all resources."
- `organization` → "This token has access to specific organizations."
(or "This token has no accessible organizations." if all scoped orgs
were removed)
- `project` → "This token has access to specific projects." (or "This
token has no accessible projects." if all scoped projects were removed)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved clarity of access token scope messaging. The resource access
information now displays more specific and accurate details based on
token type, distinguishing between organization-level, project-level,
and user-level access permissions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
When trying to create a new wrapper from the integrations page and no
wrappers exist yet, then the sheet is not closable unless you submit the
form or refresh the page.
https://github.com/user-attachments/assets/7d46cce3-0a0f-4efd-ba98-d141cfcfe31c
## After
- The sheet is closable with confirmation modal
- added nuqs to open "new" wrapper form via `new=true` params
https://github.com/user-attachments/assets/36c4ae9e-7aa8-430c-9741-6d84978997f1
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Improved state management for the wrapper creation dialog, enabling
state persistence through URL parameters for better shareability and
navigation consistency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Fixes DOCS-651
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
This adds a non-null assertion to a Supabase method that expects
non-null.
Additionally, it updates a label from 'Remix' to 'React Router'.
## What is the current behavior?
Two issues:
- Following the Auth client steps with React Router creates a
`deprecation` error and downstream Typescript errors.
- 'Remix' is renamed to 'React Router'.
> Remix and React Router are the same thing, made by the same people.
Remix was simply renamed React Router Framework Mode starting in version
7 of React Router.
- [Blog
Source](https://reacttraining.com/blog/remix-vs-react-router-framework)
<img width="894" height="754" alt="Screenshot 2026-06-04 at 4 00 45 PM"
src="https://github.com/user-attachments/assets/33dc5d89-4a76-44b6-a5c3-39a30dca3b57"
/>
<img width="604" height="464" alt="Screenshot 2026-06-05 at 11 21 54 AM"
src="https://github.com/user-attachments/assets/10ea458f-22e5-498c-b43a-df13f7902a17"
/>
## What is the new behavior?
- Adding a non-null assertion clears up all error. Running the
application does not produce errors.
- Changing the label from "Remix" to "React Router" updates the dropdown
name to match the rebrand. Now, it does not look outdated and matches
the docs.
<img width="609" height="519" alt="Screenshot 2026-06-05 at 11 22 48 AM"
src="https://github.com/user-attachments/assets/c18ee5b7-4693-40c9-9c20-8f95756c8298"
/>
## Additional context
The task was to clarify our documentation on this page: [Create a
Client](https://supabase.com/docs/guides/auth/server-side/creating-a-client?queryGroups=framework&framework=react-router&queryGroups=environment&environment=react-router-loader#create-a-client)
However, the code sample in the docs is correct; the documentation in
**Dashboard** produced the errors.
## Future improvements
- To make this more robust, the code could have a single source of
truth.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Clarified generated Supabase server client template text to improve
type/reference safety in the Remix integration guide.
* **UI**
* Renamed framework label from "Remix" to "React Router" across the
Connect interfaces for clearer framework identification.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Miranda Limonczenko <mirandalimonczenko@Mirandas-MacBook-Pro.local>
- Fetch additional project data needed to determine marketplace
integration installation status
- Consolidate logic to ensure consistency between left-hand nav and
overview tab
- Add special-case handling of new integrations to give us more granular
control of their behavior
Adds an info tooltip next to the "I'm purchasing as a business" checkbox
explaining that it's for tax-registered businesses and requires a tax
ID.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a help icon with tooltip next to the "I’m purchasing as a
business" checkbox. The tooltip clarifies when to select the business
option and notes that tax ID entry is required only for tax‑registered
businesses, reducing confusion and helping users provide correct billing
information.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
Webhook log drains (project and org/audit) deliver requests with a
malformed, duplicated `Content-Type: application/jsonapplication/json`
header. On at least some receivers this breaks body parsing, so the
delivered body appears empty even though it is present (confirmed with
gzip both on and off).
Root cause: the create form seeds a default `Content-Type:
application/json` header for webhook drains, and the logflare webhook
adaptor's `Tesla.Middleware.JSON` also sets `content-type:
application/json` when it encodes the body. Both are sent, and the
receiver concatenates the two same-named headers.
## Fix
Stop seeding `Content-Type` in the webhook default headers
(`getDefaultHeadersByType`). The delivery side already sets it, so a
single clean header is sent. OTLP keeps its `application/x-protobuf`
default because the OTLP delivery path uses `json: false` and does not
set a content type itself.
Updated the form tests that assumed the seeded header (the added-header
row is now index 0 instead of 1, and the duplicate-header test now adds
two explicit rows).
## How to test
- Create a webhook (Custom Endpoint) audit log drain pointing at a
request bin.
- Trigger an audit event and inspect the delivered request:
`Content-Type` should be a single `application/json`, and the JSON body
should be visible.
## Note
This fixes the common case (the seeded default). A user who manually
adds a `Content-Type` header to a webhook drain would still hit the
duplication; the robust cross-team fix would be for the logflare webhook
adaptor to drop an incoming `content-type` before its JSON middleware
sets one. Flagging for the logs team.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Log Drain header handling corrected: webhook drains no longer add a
default Content-Type; other drain types retain their appropriate
defaults. Empty header rows are no longer submitted.
* **Tests**
* Updated tests to match new header indexing, validation behavior, and
submission expectations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Adds the final set of keyboard shortcuts to the Unified Logs page and
converts the last hardcoded `keydown` listener (detail-panel prev/next)
to the shared shortcut registry. Each action also surfaces its keybind
in a registry-driven tooltip.
Closes FE-3415.
## Shortcuts
| Action | Shortcut | Notes |
| --- | --- | --- |
| Refresh logs | `Shift+R` | new |
| Download logs | `Shift+E` | new — opens export dropdown |
| Focus filter bar | `Shift+F` | new |
| Clear filters | `F` then `C` | new |
| Copy selected as JSON | `Mod+Shift+J` | new — reuses
`results.copy-json` |
| Copy selected as Markdown | `Mod+Shift+M` | new — reuses
`results.copy-markdown` |
| Previous / next log (detail panel) | `↑` / `↓` | converted from
hardcoded listener |
| Close details panel | `Escape` | new |
Existing shared `data-table.*` shortcuts kept as-is: toggle sidebar
(`Mod+B`), live mode (`Mod+J`), reset filters (`Mod+Esc`), reset columns
(`Mod+U`), reset focus (`Mod+.`).
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added keyboard shortcuts for Unified Logs: copy selected rows as
JSON/Markdown, navigate rows, refresh, clear/reset filters, download,
and focus filter — shortcuts show in the command menu and display
badges/hints in menus and buttons.
* **Refactor**
* Shortcut handling unified across log controls; shortcuts
enable/disable based on context and a new "Logs" group appears in the
shortcut reference.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Adds a short intro line above the suggested support articles list in the
new support case form so it's clearer that the items are clickable
links. Resolves FE-3548.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Documentation suggestions now include a short introductory message
above results and place recommendations inside a clearer grouped
container with improved spacing, enhancing readability while preserving
subtle dimming for older suggestions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Extracts the Cancellation Flow from the subscriptions side panel and
adds a new button that initiates the flow (old journey is still
possible):
(screenshots see below)
Verified manually:
- ✅ confirmed the old downgrade flow works, Team -> Pro; Pro -> Free
- ✅ confirmed the new downgrade flow works
- ✅ button does not show up when on free plan; no flicker
- ✅ button does not show up on enterprise/platform plan
- ✅ verified button is disabled when managed by AWS marketplace
(hardcoded in `useSelectedOrganizationQuery`)
- ✅ verified button is disabled if `canUpdateSubscriton` is false,
hardcoded in `useAsyncCheckPermissions`
- ✅ modal for exceeding-free-projects shows up
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a guided subscription cancellation flow with confirmation steps,
member/usage checks, and an exit survey.
* Exposed a visible "Cancel Subscription" control in billing settings,
enabled/disabled with contextual tooltip messaging.
* **Improvements**
* Downgrade/exit survey confirm action can be disabled when appropriate;
exit survey confirm label updated to "Downgrade Now".
* **Chores**
* Added frontend telemetry for cancellation button interactions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
Log drains were only available per project. Organizations had no way to
export their platform audit logs to a third party destination, which had
to be set up manually through the API.
## Fix
Add a self-serve "Audit Log Drains" page under Organization Settings
(Compliance section) that reuses the existing log drains destination UI
at the org scope.
- Extract a presentational `LogDrainsList` shared by the project and org
containers, with no behavior change to the project page.
- Make `LogDrainDestinationSheetForm` presentational via
`existingDrainNames` and `onSaveClick` props, removing its project-only
data and telemetry coupling.
- Add org-scoped data hooks (list, create, update, delete, test
connection) calling
`/platform/organizations/{slug}/analytics/audit-log-drains`, gated by
the `audit_log_drains` entitlement.
- Add the page, nav entry and a keyboard shortcut, all gated behind the
`auditLogsLogDrain` feature flag and `IS_PLATFORM`.
The org audit log drain endpoints are not yet present in the generated
API types, so the new hooks use a localized `// @ts-ignore` (matching
the existing project log drain hooks) until the types are regenerated.
## How to test
- Open `/org/{slug}/audit-log-drains` on an org with the
`audit_log_drains` entitlement.
- Create an S3 and a webhook destination, confirm the cost dialog, then
delete one and test a connection.
- Confirm the list refreshes and that the existing project Log Drains
page is unchanged.
- Confirm the page and nav entry are hidden when the flag is off.
## Notes
- Verified locally: org data hook tests and the org settings nav
shortcut tests pass. Full typecheck, lint and the component test suite
should be run in CI, since this sandbox has an incomplete dependency
install.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Audit Log Drains management in organization settings: add, update,
test, and delete destinations; new Audit Log Drains page and navigation
shortcut.
* **Improvements**
* New consolidated list view with clearer loading, error, empty and
populated states.
* Feature-flag driven display of available drain types.
* Form validation prevents duplicate names and supports save callbacks
with telemetry on save.
* **Tests**
* Added tests covering listing, create/update/delete, testing, and form
validation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Mirrors the recent invite drawer change (#46515) on the edit access
drawer. Each role option now describes its permissions via the shared
\`ROLE_DESCRIPTIONS\` map instead of showing just the role name.
Closes FE-3524.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Role selection in Team Settings now shows full, role-specific
permission descriptions and appends any disabled-reason details for
clarity.
* **Tests**
* Added integration tests covering the role panel UI: role listing,
selected role label, documentation link, role-specific descriptions, and
an admin-safety notice; includes test environment compatibility stubs
for animations and routing.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
- Noticing our code we have many patterns of calling localstorage and
handling those errors
- We should add those in a single well tested file
- Handle those errors in the singleton which makes it easier for us to
debug customer issues. Logger is outputing local storage warnings for
feature we expose
- Side effect of this is random crashes on studio when local storage
isn't available or handled correctly
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Improved browser storage handling across the app for more reliable
persistence and graceful behavior in restricted or non-browser
environments (settings, previews, charts, tabs, sign-in/session flows,
integrations, and UI state).
* **New Features**
* Introduced a safe storage layer to standardize and harden
local/session persistence.
* **Tests**
* Added comprehensive tests covering the new safe storage behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
