## What kind of change does this PR introduce?
Studio UI cleanup.
## What is the current behaviour?
The SQL editor query warning modal repeats itself with an admonition, a
nested warning panel, and extra confirmation copy. Single-warning cases
are harder to scan than they need to be.
## What is the new behaviour?
The warning now uses `AlertDialog` and resolves each detected issue into
concise title/body copy. Single-warning cases show one short
description, while multi-warning cases show a compact list. The existing
RLS actions are preserved.
## Testing instructions
Manual SQL editor checks:
Open the Studio SQL editor, paste each snippet, click **Run**, verify
the warning copy, then click **Cancel**. These snippets are only
intended to trigger the warning UI, so do not confirm the dangerous
ones.
Destructive operation warning:
```sql
drop table if exists public.codex_warning_destructive;
```
UPDATE without WHERE warning:
```sql
update public.codex_warning_table set id = id;
```
Prevent database connections warning:
```sql
alter database postgres connection limit 0;
```
Missing RLS warning:
```sql
create schema if not exists codex_warning;
create table codex_warning.missing_rls (id bigint);
```
Multiple issues warning:
```sql
drop table if exists public.codex_warning_destructive;
update public.codex_warning_table set id = id;
create schema if not exists codex_warning;
create table codex_warning.missing_rls_multi (id bigint);
```
## Additional context
| Before | After |
| --- | --- |
| <img width="1024" height="759" alt="Codex Warning Table Maintenance
SQL Editor Hammer Toolshed Supabas-BDBD32C7-FCE8-4623-ACF2-D2554233EBB4"
src="https://github.com/user-attachments/assets/aaed16c2-9910-424a-8a3c-f9815139b1bf"
/> | <img width="1024" height="759" alt="Codex Warning Table Maintenance
SQL Editor Hammer Toolshed Supabas-C8964C98-1CF9-4992-89D6-86C081C884E8"
src="https://github.com/user-attachments/assets/d291c559-1e64-4c63-b918-b20b58d9a2a5"
/> |
| <img width="1024" height="759" alt="Codex Warning Table Maintenance
SQL Editor Hammer Toolshed Supabas-C341A032-B5B0-49A2-8EA2-E3E6EEC54E4F"
src="https://github.com/user-attachments/assets/667d9d1a-e34b-4411-9f91-4972ee8d1a23"
/> | <img width="1024" height="759" alt="Codex Warning Table Maintenance
SQL Editor Hammer Toolshed Supabas-FC66ADE9-6AF1-44D2-A6B6-F7B2FC935C0E"
src="https://github.com/user-attachments/assets/1348377e-6606-47c0-aa95-128d7f86ed56"
/> |
| <img width="1024" height="759" alt="Codex Warning Table Maintenance
SQL Editor Hammer Toolshed Supabas-43AAD9FA-7FAC-4DCE-A713-00E8FC76B343"
src="https://github.com/user-attachments/assets/bdadedc2-f17d-4011-ae67-5248097b3e92"
/> | <img width="1024" height="759" alt="Codex Warning Table Maintenance
SQL Editor Hammer Toolshed Supabas-279EC81D-31C7-49C7-B4A8-EEEF1738740A"
src="https://github.com/user-attachments/assets/0c178fff-ff49-4522-870d-7a3401c6af30"
/> |
| <img width="1024" height="759" alt="Codex Warning Table Maintenance
SQL Editor Hammer Toolshed Supabas-D405AED5-613F-4C78-909E-F718C67CF17E"
src="https://github.com/user-attachments/assets/a4399935-3596-471b-854a-c689e2e0df07"
/> | <img width="1024" height="759" alt="Codex Warning Table Maintenance
SQL Editor Hammer Toolshed Supabas-725FBCE6-5606-4BC3-B13F-6210DBADF6F2"
src="https://github.com/user-attachments/assets/0dcd08fc-cfb4-4d67-b167-eb6eaa768764"
/> |
| <img width="1024" height="759" alt="Codex Warning Table Maintenance
SQL Editor Hammer Toolshed Supabas-EA6563AF-DE7E-4AB8-9164-AC66164CA581"
src="https://github.com/user-attachments/assets/ef56fe0f-0243-4ff3-a2b2-ee8b3fe2330a"
/> | <img width="1024" height="759" alt="Codex Warning Table Maintenance
SQL Editor Hammer Toolshed Supabas-EC85EFB1-715E-4841-BBCA-51F88B539595"
src="https://github.com/user-attachments/assets/5be05527-920d-4f23-92eb-c7cd0bbff13e"
/> |
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Prevented unintended modal dismissal and duplicate handling when
confirming.
* **Refactor**
* Redesigned SQL editor warning modal with structured, consolidated
warnings, adaptive title/confirmation copy, and centralized handling of
missing-RLS table names.
* Added conditional "Run and enable RLS" confirmation when available.
* **Tests**
* Updated end-to-end tests to match the new modal headings and body
text.
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45912)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR migrates the whole monorepo to use Tailwind v4:
- Removed `@tailwindcss/container-queries` plugin since it's included by
default in v4,
- Bump all instances of Tailwind to v4. Made minimal changes to the
shared config to remove non-supported features (`alpha` mentions),
- Migrate all apps to be compatible with v4 configs,
- Fix the `typography.css` import in 3 apps,
- Add missing rules which were included by default in v3,
- Run `pnpm dlx @tailwindcss/upgrade` on all apps, which renames a lot
of classes
- Rename all misnamed classes according to
https://tailwindcss.com/docs/upgrade-guide#renamed-utilities in all
apps.
---------
Co-authored-by: Jordi Enric <jordi.err@gmail.com>
Adds a pre-execution warning in the SQL editor when a `CREATE TABLE`
statement is run without enabling Row Level Security on the new table.
Responds to the press call-out around SQL editor security.
<img width="708" height="498" alt="Screenshot 2026-04-18 at 4 31 07 PM"
src="https://github.com/user-attachments/assets/4f23ed5e-f32c-46f0-b0da-ac6d4c661c7c"
/>
**Added:**
- Pre-execution check in `executeQuery` that detects `CREATE TABLE`
statements without a matching `ALTER TABLE ... ENABLE ROW LEVEL
SECURITY` in the same submitted SQL.
- New "Run and enable RLS" action in the warning modal that rewrites the
SQL to append `ALTER TABLE [schema.]<table> ENABLE ROW LEVEL SECURITY;`
for each detected table before running.
- Link in the modal to the RLS docs.
**Changed:**
- `RunQueryWarningModal` now renders `Dialog` directly (instead of
`ConfirmationModal`) so it can show three buttons: Cancel / Run without
RLS / Run and enable RLS.
- `sqlEventParser` table-name regex now supports quoted identifiers
containing spaces (e.g. `"My Table"`) and escaped quotes (e.g.
`"user""table"`).
The check runs against the SQL that's actually submitted, so
partial-selection works correctly — selecting only the `CREATE TABLE`
portion will trigger the warning even if there's a matching `ENABLE RLS`
lower in the editor.
## To test
- Open the SQL editor and run `create table foo (id int8 primary key);`
→ modal should appear with the RLS warning bullet and three buttons.
- Click **Run and enable RLS** → query runs, table is created with RLS
enabled.
- Click **Run without RLS** → query runs as written, no RLS.
- Run `create table foo (id int8); alter table foo enable row level
security;` → no modal (RLS already enabled in same submission).
- Run `create table public.bar (id int8); create table baz (id int8);
alter table baz enable rls;` → modal flags only `public.bar`.
- Select only the `create table` portion of a snippet that also enables
RLS lower down and run the selection → modal should still fire.
- Run an existing destructive query (`drop table x`) → modal still works
as before with two buttons (Cancel / Run this query).
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* SQL editor now detects CREATE TABLE statements missing Row Level
Security (RLS) and shows counts and dynamic table/schema details in a
redesigned warning dialog with updated pluralization and a “Learn more”
link.
* New actions: “Run without RLS” and, when available, “Run and enable
RLS” which applies RLS and runs the query; editor can execute an
overridden SQL payload when applying RLS changes.
* **Tests**
* Added comprehensive unit and e2e tests covering RLS detection, SQL
augmentation, trigger handling, identifier parsing, and the “Run and
enable RLS” flow.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
## Context
Adds a warning if running an `ALTER DATABASE` command that prevents
connections to the database. This would lock the dashboard out of the
database, and re-configuring the setting will require a direct
connection to the DB
<img width="623" height="535" alt="image"
src="https://github.com/user-attachments/assets/4c388f4a-753b-4fd6-89c5-89dfaa52c859"
/>
## To test
- Could try running the following command in the SQL editor to check the
warning, this will show all the warnings
```
ALTER TABLE colors2 drop column sss;
update colors set name = 'test';
alter database postgres connection limit 0;
```
