Closes#45847.
## Summary
`ProjectNeedsSecuringView.tsx` built the `View policies` href on the
first-time security gate by interpolating `table.schema` and
`table.name` directly into the URL. A table or schema containing `&`,
`=`, `+`, or `#` corrupted the destination and routed the user to the
wrong policies filter on what is meant to be a guided onboarding flow.
Extracts the URL into `getTablePoliciesHref` in
`ProjectNeedsSecuring.utils.ts` with `encodeURIComponent` wraps, and
replaces the inline interpolation. Same pattern as #45385.
## Test plan
Added `ProjectNeedsSecuring.utils.test.ts` covering
`getTablePoliciesHref` (plain values, special chars in name, special
chars in schema, both, undefined inputs) and pulling in the
previously-untested `getTableKey`, `formatRlsDescription`, `sortTables`,
and `buildSecurityPromptMarkdown` utilities. Ten tests total.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Tests**
* Added comprehensive test coverage for security utilities, including
URL construction, formatting, sorting, and markdown report generation.
* **Refactor**
* Extracted URL building logic into a centralized utility function for
improved consistency and maintainability.
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45849)
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<img width="2652" height="830" alt="image"
src="https://github.com/user-attachments/assets/3c3921e7-c255-4e59-a9c3-c5f97da87788"
/>
Adds a full screen alert behind a feature flag `projectNeedsSecuring`
that prompts for fixing RLS issues.
Adjusts a few other small styles to add more prominence to critical
advisor issues.
To test:
- Enable the flag
- Make sure you have a table with RLS disabled
- Open project home and note the fade in of full page review
- Click "copy prompt" or "fix" and note the prompt
- Click skip to home and refresh the page, note it doesn't appear
anymore
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Project-level security gate on project home with AI assistant prompts,
table details, per-project dismissible notice, and a new telemetry event
for CTA interactions.
* **Improvements**
* Stronger visual treatment for critical advisor items and advisor CTA
when critical issues exist.
* Assistant dropdown supports a copy-prompt callback; added
local-storage key and utilities/types to support project security
workflows.
* **Tests**
* Added tests covering gate behavior, navigation, and dismissal logic.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
