## What
Migrates the Edge Functions **documentation** from the legacy
`Deno.serve` + manual `createClient` pattern to the
[`@supabase/server`](https://github.com/supabase/server) `withSupabase`
wrapper. This is the part of
[COM-269](https://linear.app/supabase/issue/COM-269) that AI coding
assistants index, so it's split out to ship first; the standalone
`examples/` functions follow in a second PR.
## Canonical pattern
```ts
import { withSupabase } from 'npm:@supabase/server@1'
export default {
fetch: withSupabase({ auth: 'user' }, async (req, ctx) => {
const { data } = await ctx.supabase.from('countries').select('*')
return Response.json({ data })
}),
}
```
- `export default { fetch }` object shape (not `Deno.serve`, not a bare
default export), versioned `npm:@supabase/server@1`.
- `auth` mode picks the caller: `user` → `ctx.supabase` (RLS);
`secret`/`publishable`/`none` → set `verify_jwt = false`, `secret` uses
`ctx.supabaseAdmin`.
- `Response.json(...)` over `new Response(JSON.stringify(...))`.
## Changes
- **AI prompt** (`examples/prompts/edge-functions.md`) — rewritten to
lead with `withSupabase` as the default; `auth`-mode table;
`@supabase/server@1`. Highest AI-indexing impact.
- **connect-to-postgres** — "Using supabase-js" now uses `ctx.supabase`
(+ its CodeSample deps `postgres-on-the-edge`, `drizzle`).
- **Example pages** — semantic-search, push-notifications,
amazon-bedrock, cloudflare-turnstile, og-image, send-emails,
slack-bot-mention, auth-send-email-hook.
- **Guides** — ai-models, background-tasks, routing (+ `restful-tasks`
dep), kysely-postgres, sentry-monitoring, upstash-redis, elevenlabs ×2,
websockets, cors (reframed: CORS is automatic with `withSupabase`).
## Notable fixes
- **websockets**: the JWT-auth examples had a latent bug — handler
wasn't `async` and called `getClaims()` without the extracted token. Now
`await supabase.auth.getUser(jwt)`. (`withSupabase` can't authenticate
WebSocket clients since they can't send headers — noted in the page.)
- **restful-tasks**: fixed a broken `npm:supabase-js` import →
`npm:@supabase/supabase-js`.
## Follow-ups (not in this PR)
- The ~42 standalone `examples/` edge functions → second PR.
- A dedicated `withSupabase` intro page (today it's only documented
inside the auth-framed "Securing Edge Functions" page).
- `.claude/skills/supabase-server/SKILL.md` is stale (`allow:` vs
`auth:`).
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated Edge Function examples to the modern withSupabase + exported
fetch handler pattern across guides and examples.
* Standardized JSON response/error handling (uses built-in JSON helpers)
and preserved streaming/SSE behaviors where applicable.
* Clarified auth modes, context clients (user vs admin), and automatic
CORS handling; removed manual preflight boilerplate.
* Updated local serve/deploy instructions to include --no-verify-jwt for
relevant examples.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
Edge Function examples that use the new publishable/secret API keys read
them with a double lookup:
```ts
const SUPABASE_SECRET_KEYS = JSON.parse(Deno.env.get('SUPABASE_SECRET_KEYS')!)
const secretKey = Deno.env.get(SUPABASE_SECRET_KEYS['default']) // ❌ returns undefined
```
`SUPABASE_SECRET_KEYS` / `SUPABASE_PUBLISHABLE_KEYS` are a JSON object
that maps a key name to the **actual key value** (e.g.
`{"default":"sb_secret_..."}`), confirmed by:
- the self-hosted injection in `docker/docker-compose.yml`
(`SUPABASE_SECRET_KEYS: "{\"default\":\"${SUPABASE_SECRET_KEY:-}\"}"`)
- the `@supabase/server` SDK README
So `SUPABASE_SECRET_KEYS['default']` is already the key. Wrapping it in
another `Deno.env.get(...)` looks up an env var named `sb_secret_...`,
which doesn't exist, so the value is `undefined` and the examples fail
at runtime.
## Fix
Unwrap the outer `Deno.env.get(...)` so the key is read directly:
```ts
const SUPABASE_SECRET_KEYS = JSON.parse(Deno.env.get('SUPABASE_SECRET_KEYS')!)
const secretKey = SUPABASE_SECRET_KEYS['default'] // ✅
```
Applied across 23 files (example functions, the
`examples/prompts/edge-functions.md` codegen guidance, and two docs
guides). The correct `JSON.parse(Deno.env.get('SUPABASE_SECRET_KEYS')!)`
declaration line is untouched. The generated `apps/docs/examples/` copy
regenerates from `examples/` at build time.
## Notes
- Docs context:
[#46600](https://github.com/supabase/supabase/pull/46600), which
documents the same key model.
- Follow-up (not in this PR): a few examples send the secret key on the
`Authorization: Bearer` header, which the new keys reject. Worth a
separate audit.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Clarified examples and guides for correctly reading parsed Supabase
secret and publishable key maps.
* **Examples**
* Standardized credential usage across Edge Functions and samples so
Supabase clients consistently receive keys from the parsed key maps
rather than indirect lookups.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES/NO
## What kind of change does this PR introduce?
Bug fix, feature, docs update, ...
## What is the current behavior?
Please link any relevant issues here.
## What is the new behavior?
Feel free to include screenshots if it includes visual changes.
## Additional context
Add any other context or screenshots.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated the Drizzle ORM guide to a Deno-native configuration,
replacing the prior import-map example with embedded Deno examples and
references to Edge Function samples.
* **New Features**
* Added an Edge Function example demonstrating Drizzle + PostgreSQL on
Deno.
* Added a shared database schema example including user and countries
table definitions.
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45935?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated authentication guide for Kotlin Compose Multiplatform with
revised dependency configuration.
* Enhanced user-management example README with improved project
structure, deployment steps, and resources.
* **Chores**
* Refactored example applications to use custom authentication forms
instead of pre-built Auth UI components.
* Removed unused authentication UI dependencies from multiple example
projects.
<!-- review_stack_entry_start -->
[](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45931)
<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Cemal Kılıç <cemalkilic@users.noreply.github.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated examples and guides to use Supabase publishable (client) keys
instead of anon keys for client-side usage across frameworks and
platforms.
* Renamed environment variable examples and .env templates to reflect
publishable key naming.
* Adjusted sample requests and client-init examples to send/use the
publishable key via the apikey header where applicable.
* Updated references from service_role to secret for server-side
credential guidance.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: fadymak <fady@fadymak.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Replaces "stored procedures" with "functions" for everything related to
the Data API.
## Additional context
It's not accurate to call database functions "stored procedures". It may
have been that way before Postgres 11, but now it causes confusion
because PostgREST allows functions and not stored procedures.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Standardized terminology across docs, SDK guides, CLI/config specs,
examples, UI, and config comments to use "database functions" instead of
"stored procedures".
* Updated API docs, CLI/config descriptions, Studio UI labels, help
text, empty-state and navigation copy, RPC documentation, and example
text for consistency.
* Adjusted explanatory text and error/help messages to reflect the
revised terminology.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
* Use latest 2.x version of `@supabase/supabase-js` in all examples
* Use `latest` version of `@supabase/ssr` in all examples
* Remove lock files from examples
* Add examples lock files in .gitignore
The rationale is:
- Lock files are not actively maintained/updated (or the versions in the
package.json files for that matter)
- They pin an arbitrary version (from the end-user perspective)
- Removes the need to manually update the versions and reinstall
- Consistency
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **Chores**
* Broadened Supabase SDK dependency version constraints across example
projects for greater flexibility with compatible updates
* Updated some SSR package dependencies to track latest releases
* Added gitignore rules for dependency lock files in example directories
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated Edge Functions CORS header guides with version-specific
approaches for SDK v2.95.0+ and earlier versions.
* Revised code examples across multiple Edge Functions to reflect
current CORS header implementation patterns.
* Enhanced troubleshooting documentation with updated preflight handling
guidance.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
v2.95.0 of the supabase-js sdk has been released, which contains
https://github.com/supabase/supabase-js/pull/2071
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated guides and examples to recommend using CORS headers from the
Supabase JS SDK (v2.95.0+) instead of manually defining headers.
* Examples now show the SDK-based approach and include a clear fallback
path for older SDK versions that require hardcoded headers.
* Added notes that SDK header updates will be reflected automatically in
edge functions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
* docs: improve BYOM guide for MCP server deployment and OAuth integration
* fix rebase
* fix pnpm.lock
* docs: clarify MCP guide and example naming
* fix pnpm-lock
* docs: remove basePath from MCP tutorial and example
- Remove misleading comment about Edge Functions routing
- Remove basePath as it's not needed - Edge Functions automatically strip /functions/v1/<functionName> prefix
- Simplify code to just use const app = new Hono()
* docs: clarify --no-verify-jwt flag and authentication options
- Explain that omitting --no-verify-jwt enables JWT verification at Edge Function layer
- Clarify this provides basic protection for internal servers but not full MCP auth
- Update authentication section to be consistent
- Add tip in deployment section about omitting the flag
* fiox format
* PR feedback
* chore: restore pnpm-lock.yaml from master
* docs: improve BYOM guide for MCP server deployment and OAuth integration
* fix tutorial for simple mcp server
* remove authentication section
* fix rebase
* fix pnpm.lock
* add Zod to dictionary
* remove authentication from the beginning
* fix mcp-lite link
* change order of deno.json
* fix mcp-handler
* docs: remove link to token-transformer since that repo has since been refactored and no particular file contains the code originally linked to
* docs: update Redis link in rate limiting examples to point to the correct URL
* docs: update Supabase URLs to current magic link docs
* docs: update README for postgres-on-the-edge function to remove polyscale line (service no longer exists) and add resource links to relevant deno blog post
* docs: update Open Graph image generation examples links to the new documentation URL
* docs: update README with new Quickstart: Swift guide URL
* docs: update Supabase Vector links to reflect new URL
* docs: add two new link suggestions the replace the current broken one. Choose one.
* docs: update documentation links for Postgres Language Server to reflect new URL
* docs: update event trigger matrix documentation link to compensate for fact that 'current' verb does not work for some of their links
* Update apps/docs/content/troubleshooting/supabase-grafana-memory-charts.mdx
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
---------
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
* feat: move storage settings
* feat: redirect
* feat: database settings in service area
* feat: move data api settings
* fix: revert data API placement
* feat: minor UX touches
* fix: simplify configuration group
* feat: references to database settings
* feat: references to storage settings
* fix: redirects and formatting
* fix: Import StorageMenu dynamically to avoid SSR issues with useLocalStorage
* fix: move Data API closer to semantic siblings
* fix: revert smart comma
* Shift bucket sort logic into storage explorer store
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* fixed docs bug: when importing wasm, you need to include the js and use this. Otherwise, there will be wasm instantiate errors
* Update wasm.mdx
Got rid of filename on top of markdown
* Update index.ts
got rid of filename comment at the top
https://www.polyscale.ai/future/
polyscale is no longer available. Maybe good to have another alternative to put in place. should remove for now to avoid confusion for the near future.
* docs: fix RPC sql example
* docs: fix auth.getUser() calls to use auth.getUser(jwt)
- add lines to get token before calling auth.getUser() as session is not
set after setting authHeader in client
* Apply suggestions from code review
---------
Co-authored-by: Charis <26616127+charislam@users.noreply.github.com>
