This PR disables the following features on Multigres projects
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Enhanced replication interface with improved visual states.
* **Bug Fixes**
* Added validation to prevent incompatible database configuration
combinations.
* **Changes**
* High Availability projects now display informational notices
indicating unavailable features: Realtime, Replication, and PITR
backups.
* **Removed**
* Removed redundant UI component from the application.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Gildas Garcia <1122076+djhi@users.noreply.github.com>
## Summary
Switches the two `instanceSizeSpecs[instanceSize]!.priceMonthly` lookups
(on the New Project page and its footer) to the existing
`monthlyInstancePrice` helper, which has a defensive fallback. Fixes a
render crash that fires when users switch between organizations of
different plan tiers via the OrganizationSelector dropdown.
Sentry:
[SUPABASE-APP-EJT](https://supabase.sentry.io/issues/SUPABASE-APP-EJT) —
339 occurrences, 312 users impacted.
Fixes FE-3481
## Test plan
- [x] On `/dashboard/new/<freeOrgSlug>`, open the org dropdown and
switch to a paid org — no crash
- [x] Verify the "Additional costs" total renders correctly once form
state syncs
- [x] `pnpm typecheck` passes
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Refactored pricing calculation logic across project creation
components for improved code organization.
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46395?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Bug fix.
## What is the current behavior?
This PR addresses three issues with the implementation of the
`dataApiRevokeOnCreateDefault` experiment
([GROWTH-858](https://linear.app/supabase/issue/GROWTH-858)) on the
frontend side:
1. The `project_creation_default_privileges_exposed` event payload
captures `dataApiEnabled`, which is the parent "Enable Data API" toggle.
That value defaults to `true` for everyone in both arms, which doesn't
help understand how people are interacting with the form.
2. The hook itself was gating on PostHog JS SDK values rather than our
backend server values being sent from `/telemetry/feature-flags`.
3. The form on `/new/[slug]` captures `dataApiDefaultPrivileges`
defaults once at mount via react-hook-form's `defaultValues`. If the
flag is still loading when the page mounts,
`useDataApiRevokeOnCreateDefaultEnabled()` returns `false` (coerced from
undefined), and the form locks the field to the legacy default of
`true`. The flag later resolving has no effect, and treatment users get
the legacy default visually and in the exposure event.
## What is the new behavior?
1. Main-surface payload now sends `dataApiDefaultPrivileges` — the form
field the experiment actually controls (`true` = legacy grants kept,
`false` = revoked on create). Post-fix data will let us read out whether
treatment users actually got the new default.
2. Hook is simplified: drop `orgCountReady`, drop the `onFeatureFlags`
subscription, drop the `posthogClient` import. It now fires once when
the flag resolves, period. Vercel surface is unchanged (still no
`dataApiDefaultPrivileges` since there's no user-facing toggle there).
Tests updated.
3. New useEffect in `/new/[slug]` watches the raw flag value and syncs
`dataApiDefaultPrivileges` to the correct experiment-driven default when
the flag resolves, gated on `getFieldState(...).isDirty` so we don't
clobber intentional user input.
## Additional context
Backend half of this fix is at supabase/platform#32933 (passes
`org_count` and `signup_timestamp` in `personProperties` so the audience
filter actually evaluates correctly). Both PRs are needed for the
experiment to bucket at 5% and be measurable.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Changes**
* Telemetry now records the selected default-privileges setting
(dataApiDefaultPrivileges) in project-creation events; the previous
dataApiEnabled field was removed.
* Project-creation flows apply the experiment-driven default for that
setting once the experiment resolves, but they do not overwrite
user-edited choices. Vercel new-project flow syncs with the experiment
until the user changes the checkbox.
* **Tests**
* Updated tests to validate tracking, deduplication, and sync/timing
behaviors for dataApiDefaultPrivileges.
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46085?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
The `_Shadcn_` suffix isn't needed anymore on `Select` components
## Solution
Remove it. No other changes
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Updated internal component architecture to standardize and simplify
the codebase. These changes improve code maintainability and consistency
across the application without affecting existing functionality or user
experience.
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45988)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
We have multiple Popover components
## Solution
- [x] migrate Popover usages to Shadcn components
- Migrated JSON and text editor in the `TableEditor` (inline row
edition)
- Migrated the template popover in the logs explorer templates page
- [x] remove `_Shadcn_` suffix from Popover components (renaming +
prettier)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Unified popover implementation across the app and design system;
dropdowns, calendars, menus and tooltips now use a consistent popover
API with no visual or interaction changes.
* **Chores**
* Minor prop typing update for the logs date-picker to align with the
consolidated popover content type.
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45980)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Context
Changes here aren't public facing - we're just shifting some internal
only fields on the new project page to consolidate them into the
"internal-only" collapsible
Mainly to improve clarity from our POV RE what fields do users see and
the general look of the new project form
<img width="727" height="558" alt="image"
src="https://github.com/user-attachments/assets/7d8f2915-3a81-4d9d-a067-cd45c1725726"
/>
So everything that's not within the collapsible are essentially fields
that users will see on prod. The changes here also subsequently
deprecates the use of 2 feature flags on the new project page:
- `showPostgresVersionSelector` -> replaced by new flag
`newProjectInternalOnlyConfiguration`
- `enableFlyCloudProvider` -> was used to control the visibility of the
cloud provider field, now replaced by
`newProjectInternalOnlyConfiguration`
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Reorganized project creation form layout and field ordering for
improved structure.
* Updated project resume flow with refined confirmation modal UI.
* Simplified cloud provider selection interface.
* Streamlined high-availability configuration presentation.
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45873)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
We have multiple `Collapsible` components.
## Solution
Reduce their number by using only the one from shadcn.
I haven't noticed any visual nor functional changes.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Migrated expandable/collapsible UI to a unified shadcn-based
implementation for more consistent expand/collapse behavior across the
app.
* **Style**
* Updated listbox check icon sizing and removed obsolete collapsible
open/close animations.
* **Chores**
* Removed deprecated collapsible variants and consolidated UI component
surface for simpler maintenance.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<img width="1289" height="863" alt="image"
src="https://github.com/user-attachments/assets/d661f107-b358-4894-8531-80441d60ab91"
/>
GitHub integration is now available on the free plan and so we'd like to
start promoting code-first workflows as much as possible. One way to do
that is to set the tone straight away by asking a user to connecting
their GitHub repository to a project as part of project creation.
This PR:
- decouples GitHub connection and repo selection into a separate
component we can make use of in integration settings and project
creation.
- Adds new GitHub fields to project creation form and sends them off to
project creation endpoint
- Pre-fills project name based on repo selection
To test locally:
- Ensure you have GitHub integration set up locally (using ngrok etc)
- Ensure you are on the connected platform branch
- Open create a new project page
- Connect GitHub as part of the creation form and select a repo
- Create the project and wait for status to be healthy
- Check project settings integrations page and ensure repo is connected
Note:
- this requires changes on the management api end to accept new GitHub
fields
- it might make sense to pull out GitHub connection/authorization from
GitHub repository selection but in the current state they are tied
together.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **New Features**
* GitHub repository selection now available during project creation with
integrated authorization flow
* GitHub connection status and compute availability indicators now
displayed on project dashboard
* Project name auto-populates from selected GitHub repository name when
available
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Gildas Garcia <1122076+djhi@users.noreply.github.com>
## Summary
- Adds a "Custom instance type" input on the new-project modal, rendered
directly below the existing custom Postgres version field and gated
behind the same non-prod check.
- Wires the value through
`custom_supabase_internal_requests.ami.instance_type`, merged with the
existing AMI search-tag payload so both can be set independently.
<img width="312" height="133" alt="Screenshot 2026-05-07 at 12 32 41 PM"
src="https://github.com/user-attachments/assets/d4190a0f-0a54-46e6-ac0b-967548a3903f"
/>
## Test plan
- [x] On a non-prod build, open the new-project modal and confirm the
"Custom instance type" field appears below "Custom Postgres version".
- [ ] Submit with only an instance type set and verify the request body
includes `custom_supabase_internal_requests.instance_type` and no `ami`
block.
- [x] Submit with both fields set and verify both `ami.search_tags` and
`instance_type` are sent.
- [x] Submit with neither set and verify
`custom_supabase_internal_requests` is omitted.
- [x] Verify the field is hidden in prod builds.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added instance type field to project-creation wizard.
* Added an internal-only configuration panel for advanced customization.
* **Refactor**
* Simplified Advanced Configuration panel layout and behavior.
* **Documentation**
* Updated documentation links to use internal reference URLs.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated UI labels and descriptions across the Data API settings to
clarify that default privileges apply to new tables only (removed
references to functions).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR migrates the whole monorepo to use Tailwind v4:
- Removed `@tailwindcss/container-queries` plugin since it's included by
default in v4,
- Bump all instances of Tailwind to v4. Made minimal changes to the
shared config to remove non-supported features (`alpha` mentions),
- Migrate all apps to be compatible with v4 configs,
- Fix the `typography.css` import in 3 apps,
- Add missing rules which were included by default in v3,
- Run `pnpm dlx @tailwindcss/upgrade` on all apps, which renames a lot
of classes
- Rename all misnamed classes according to
https://tailwindcss.com/docs/upgrade-guide#renamed-utilities in all
apps.
---------
Co-authored-by: Jordi Enric <jordi.err@gmail.com>
## Problem
With #45211 and #45218 merged, we don't need the `_Shadcn_` suffix
anymore
## Solution
- [x] Remove the `_Shadcn_` suffix
- [x] Update exports and imports
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Standardized UI component exports by removing legacy naming
conventions and providing direct imports for checkbox and radio group
components throughout the design system.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
We used to have a `_Shadcn_` suffix for all the shadcn form components
because we also had `formik` form components.
This is not needed anymore.
## Solution
- Remove the suffix
- Update all usages
<img width="783" height="414" alt="Screenshot 2026-04-20 at 3 02 37 PM"
src="https://github.com/user-attachments/assets/a353c35a-3de5-4bfa-ab31-829c79c43165"
/>
Adds a "Default privileges for new entities" checkbox under "Enable Data
API" in both the main create flow and the Vercel deploy-button flow.
Default checked (current behaviour). When unchecked, runs
`buildDefaultPrivilegesSql('revoke')` after the base init script so new
entities in `public` aren't auto-granted to `anon` / `authenticated` /
`service_role`.
This PR decouples the two surfaces:
- **`tableEditorApiAccessToggle`** — unchanged; still gates only the
integrations → Data API settings UI.
- **`dataApiRevokeOnCreateDefault`** (new) — controls only the default
state of the new checkbox at project creation. `true` → checkbox
unchecked by default (revoke runs); `false`/absent → checkbox checked by
default (no behaviour change).
The new flag is already live in PostHog at **0% rollout, off for
everyone**, so shipping this PR changes nothing until the flag is
explicitly flipped.
## Added
- `apps/studio/hooks/misc/useDataApiRevokeOnCreateDefault.ts` — reads
the new PostHog flag. Returns `false` in `IS_TEST_ENV` so existing E2E
flows don't silently change default behaviour.
- Checkbox UI in `SecurityOptions.tsx` (main flow) and
`pages/integrations/vercel/[slug]/deploy-button/new-project.tsx` (Vercel
flow), with copy matching the integrations → Data API settings page.
- Tooltip + dimmed state for the main-flow checkbox when "Enable Data
API" is unchecked (can't configure default privileges if Data API is
off).
- Telemetry: `dataApiDefaultPrivilegesGranted` (raw checkbox value) and
`dataApiRevokeOnCreateDefaultEnabled` (raw flag, conditionally included
using the existing raw-flag pattern so undefined flag state → omitted
property, not `false`).
- Vitest unit tests for the new hook.
## Changed
- `pages/new/[slug].tsx`: removed the `false &&` rollback guard. Revoke
SQL now runs only when `dataApi && !dataApiDefaultPrivileges`. Dropped
the now-unused `useDataApiGrantTogglesEnabled` import.
- `pages/integrations/vercel/[slug]/deploy-button/new-project.tsx`: this
flow was **never rolled back** — it still ran revoke whenever
`tableEditorApiAccessToggle` was on for a user. Now correctly gated on
the new flag + checkbox state.
- `packages/common/telemetry-constants.ts`: added the two new properties
and corrected the `tableEditorApiAccessToggleEnabled` docstring (it no
longer claims to control project-creation revoke behaviour).
## Kill switch
Flipping `dataApiRevokeOnCreateDefault` to off in PostHog fully disables
the revoke SQL for new projects without needing a redeploy — the
checkbox just defaults to checked again.
## Follow-ups (not blockers)
- joshenlim's review comments on PR 43704: (1) Auth Policies table row
incorrectly showing "exposed via Data API" based on schema-level check
instead of table-level at
`apps/studio/components/interfaces/Auth/Policies/PolicyTableRow/index.tsx:64`;
(2) Data API integrations page showing zero exposed tables even after
exposing one. Both unrelated to this PR but will be more visible once
the checkbox lands.
- Once this flag fully rolls out, the old `tableEditorApiAccessToggle`
docstring/comments elsewhere should stop claiming it controls project
creation.
## To test
- **Flag off (default state, simulates post-merge):** create a project
with and without "Enable Data API" checked. The new "Default privileges
for new entities" checkbox should default to **checked**. Submitting
should produce an identical result to today — new tables in `public` are
reachable via the Data API.
- **Flag on (simulate rollout):** override the flag locally. The
checkbox should default to **unchecked**. Creating a project with it
unchecked should run the revoke SQL; create a new table in `public`
afterwards and confirm it's not reachable via the Data API until grants
are added.
- **Enable Data API off:** the new checkbox should render disabled +
dimmed with a tooltip reading "Enable the Data API to configure default
privileges." The revoke SQL should not run in this case regardless of
checkbox state.
- **Vercel flow:** repeat at
`/integrations/vercel/<slug>/deploy-button/new-project` — verify both
checkbox states.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added an "Automatically expose new tables and functions" checkbox to
project creation and Vercel deploy flow; enabled only when Data API is
available (disabled with tooltip otherwise) and affects initial project
provisioning.
* **Telemetry**
* Tracks exposure of the default-privileges control and includes
checkbox state and feature-flag status on project-creation submissions.
* **Tests**
* Added tests for flag behavior, exposure tracking, deduplication, and
submission telemetry.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
Co-authored-by: Sean Oliver <882952+seanoliver@users.noreply.github.com>
When high availability is enabled during project creation, automatically
switch to AWS (Revamped) and disable other cloud providers –
multigres/HA is only supported on v3.
<img width="778" height="390" alt="Screenshot 2026-04-06 at 5 09 55 PM"
src="https://github.com/user-attachments/assets/c458f345-497e-4963-9c2f-b4b1eafd030b"
/>
**Changed:**
- Cloud provider selector now watches `highAvailability` form state
- Non-`AWS_K8S` providers (Fly.io, AWS, AWS Nimbus) are disabled when HA
is on
- Warning description shown in orange when HA restricts the provider
choice
**Added:**
- `useEffect` in project creation form to auto-switch cloud provider to
`AWS_K8S` when HA is toggled on
## To test
- Enable the HA toggle on the new project page (requires
`instances.high_availability` entitlement)
- Verify cloud provider auto-switches to AWS (Revamped)
- Verify other providers are greyed out in the dropdown
- Verify orange warning text appears below the cloud provider label
- Toggle HA off and confirm all providers become selectable again
- Ensure project creation still works for both HA and non-HA projects
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* When high availability is enabled, cloud provider selection is
restricted to AWS.
* A warning appears when high availability is enabled, noting AWS-only
support.
* The cloud provider selection automatically switches to AWS if high
availability is toggled on.
* **Bug Fixes**
* Improved form validation to prevent incompatible high-availability and
provider combinations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
## Problem
React Query cache keys for permissions and organizations are generic
(`['permissions']`, `['organizations']`) with no user identifier. When a
new session is established without going through the explicit sign-out
flow (e.g. clicking an email verification link while still logged in as
another account), stale data from the previous user persists in cache.
The new user ends up seeing the old user's permissions and org list,
which makes the project creation form appear enabled. When submitted,
the backend rejects with "not an owner" because the token belongs to the
new account which has no ownership of the old org.
A hard refresh clears the in-memory React Query state and forces a fresh
fetch, which is why it resolved the issue.
## Fix
Scope `permissionKeys.list` and `organizationKeys.list` by user ID so
different accounts never share the same cache slot. When a different
user logs in, their queries simply get fresh cache entries and never see
data from the previous session. Updated all invalidation and
`setQueriesData` call sites across 18 files to pass the current user ID.
## How to test
I don't think it can be tested in the preview environment sadly since
the request to verify has to go to auth.supabase.green instead of
vercel-ref.supabase.green
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This PR fixes some prettier issues:
- Bump and unify all prettier versions to 3.7.3 across teh whole repo
- Bump the SQL prettier plugin
- When running `test:prettier`, check `mdx` files also
- Run the new prettier format on all files
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
## Problem
The `projectCreationEnableRlsEventTrigger` A/B experiment tested showing
an opt-in "Enable automatic RLS" checkbox in the project creation flow,
which sets up a Postgres event trigger to auto-enable RLS on every new
table in the public schema. The test variant passed with a +3.3pp lift.
## Changes
- `SecurityOptions.tsx` — removed PostHog flag check, checkbox is now
always rendered
- `pages/new/[slug].tsx` — removed experiment flag reads, exposure
tracking (`useTrackExperimentExposure`), and the conditional
`rlsOptionVariant` telemetry property
The underlying feature logic (`enableRlsEventTrigger` form field,
`AUTO_ENABLE_RLS_EVENT_TRIGGER_SQL`, submission handling) is unchanged —
we're just removing the scaffolding that was gating it.
## Testing
Verified `pnpm typecheck` passes clean. The "Enable automatic RLS"
checkbox now shows unconditionally in the Security Options section of
project creation.
GROWTH-653
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Feature
## What is the current behavior?
Region-specific incidents are only shown in the global StatusPageBanner,
which doesn't clearly indicate that an incident only affects specific
regions during project creation.
## What is the new behavior?
Region-specific incidents are now displayed inline in the RegionSelector
with smart region matching to show which regions are affected. The
StatusPageBanner logic is updated to avoid duplicate incident notices
for region-specific incidents when creating projects.
## Additional context
<img width="1394" height="650" alt="CleanShot 2026-03-02 at 16 32 34@2x"
src="https://github.com/user-attachments/assets/fd3734dc-8049-4c24-82d8-456bfbdbd4fd"
/>
Resolves FE-2652
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
This PR removes the onboarding schema generation and visualization
feature from the project creation flow. This was part of an experiment
which has been tested and shut down.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Revert**
* Removed project creation workflow components and related UI surfaces
including the initial setup interface, project visual preview, and
schema generation assistant.
* Removed database schema visualization and diagram components.
* Cleaned up associated package dependencies.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Slightly modifies copy of data api warning during project creation
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Clarified the warning shown during project creation when configuring
the Data API: the message now explicitly states that disabling the Data
API prevents client libraries (e.g., supabase-js and similar) from
querying or mutating your database, making the setup impact clearer for
users.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
<img width="1196" height="427" alt="image"
src="https://github.com/user-attachments/assets/6784b5e9-99c8-4fc9-b9f5-49672ba6e768"
/>
This reworks the security section within our project creation form to
expose two options.
1/ Enable or disable Data API which is essentially the same as we had
previously, just reframed
2/ Enable auto RLS which creates an event trigger that enables RLS on
all tables created via public schema. This is the same as what we do via
the RLS banner in authentication pages.
Note that this also removes the option to disable Data API on public
schema and move to dedicated schema. The user can still do this post
project creation . Assumption is this is rarely changed on project
creation and adds complexity.
To test:
1. Create a new project
2. Enable Data API and enable RLS setting
3. After project creation, go to triggers -> event tab -> notice enable
rls trigger
4. Create project and disable Data API
5. After project creation , go to settings/api and make sure data api is
disabled
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added an optional automatic Row-Level Security (RLS) event trigger
option in project creation (toggleable via experiment).
* **Improvements**
* Security panel simplified to checkbox-based controls for Data API and
RLS.
* Project creation form now includes the enableRlsEventTrigger flag and
applies related setup when enabled.
* Telemetry records RLS experiment exposure, variant, and whether the
RLS trigger was enabled.
* Free-project messaging updated to consider user limits.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Charis Lam <26616127+charislam@users.noreply.github.com>
Co-authored-by: Sean Oliver <882952+seanoliver@users.noreply.github.com>
* chore(studio): feature flag for disabling oriole creation
* obey the ai overlords
* Use tooltip instead
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* Fix types and lint warnings for the password strength function.
* Simplify the form for creating project. Move the password warning into the form schema. Minor fixes.
* Fix the name of the field.
* Move the common behaviour in a function.
* Minor fixes.
* Bump the deps, refactor deprecated code.
* Migrate keepPreviousData usage.
* Migrate all uses of InfiniteQuery.
* Fix refetchInterval in queries.
* Migrate all use of isLoading to isPending in mutations.
* Fix accessing location in claim-project.
* Fix a bug in duplicate query keys.
* Migrate all queries to use isPending.
* Revert "Fix accessing location in claim-project."
This reverts commit 2a07df64b5.
* Revert the rss.xml file to master.
* init request upgrade plan modal
* Consolidate UpgradeToPro components across UI + use UpgradePlanButton, UpgradePlanButton determines whether to show request upgrade CTA
* Allow to pass icon to Admonition
* Tiny fix on upgrade plan button CTA to consider addons
* Hook up upgrade request endpoint
* Update API types
* remove hardcode
* Add request upgrade CTA in plan side panel
* Fix disk compute
* Show request upgrade button for change to large compute
* Nit
* Break down new project page into smaller components
* Fix types
* Address comments
* Add min length check for project name in project settings
* Fix tests
Adds a clean, type-safe wrapper for telemetry event tracking that automatically injects project and organization context.
- Export TelemetryGroups type from telemetry-constants
- Add useTrack() hook with full TypeScript event validation
- Refactor project creation events to use new API
- Reduces boilerplate from ~10 lines to ~2 lines per event
* cleanup(region selector): remove code from selected region
Selector looks a bit busy and you probably know the code if you've
already selected it, so removing it from the dropdown as suggested in a
previous PR.
* refactor(region selector): clean up unnecessary type checks
Co-authored-by: Ali Waseem <waseema393@gmail.com>
* ci: Autofix updates from GitHub workflow
---------
Co-authored-by: Ali Waseem <waseema393@gmail.com>
* feat(region selector): get region status by desired size
The available-regions endpoint now takes a desired_instance_size query
parameter to return more accurate status data.
* Align call of useOrganizationAvailableRegionsQuery in [slug] with RegionSelector, and rearrange some consts
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* basic fixes
* improve form contents
* fix border clipping
* remove redundant animation and classes
* polish confirm org
* improvements
* fix header rounding
* prevent password managers from appearing
* Fix the handling of token when redirecting back. Use nuqs for getting URL params. Simplify some logic.
* Minor fix to the useEffect for org name.
---------
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
* Update Supabase docs URLs to use env variable
Co-authored-by: a <a@alaisteryoung.com>
* Refactor: Use DOCS_URL constant for documentation links
This change centralizes documentation links using a new DOCS_URL constant, improving maintainability and consistency.
Co-authored-by: a <a@alaisteryoung.com>
* Refactor: Use DOCS_URL constant for all documentation links
This change replaces hardcoded documentation URLs with a centralized constant, improving maintainability and consistency.
Co-authored-by: a <a@alaisteryoung.com>
* replace more instances
* ci: Autofix updates from GitHub workflow
* remaining instances
* fix duplicate useRouter
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: alaister <10985857+alaister@users.noreply.github.com>
* chore: limit regions for nimbus
* fix logic
* Autoselect east US if cloud provider is nimbus
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* Refactor Drawer component and add date-fns dependency
Refactored the Drawer component for improved slot-based structure, updated styles, and added 'use client' directive. Added 'date-fns' as a dependency in design-system, updated tsconfig paths for icons, and marked ToggleGroup as a client component.
* nit: add env for svg path
* fix: instructions
* accent color docs and basic tidy
* copy value feature
* improve color contrast
* increase contrast on text-warning in light mode
* update changelog
* replace outdated text-warning utility classes
* remove redundant warning-600
* minor design-system docs updates
* docs updates
* remove unused brand-button class
* update docs
* fix: restore brand default
* update docs brand text color
* low hanging branded text fruit
* Nit refactor and clean up
* re-add Kemal’s README instructions for hot reload
---------
Co-authored-by: Jonathan Summers-Muir <MildTomato@users.noreply.github.com>
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
