Fixes DOCS-651
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
This adds a non-null assertion to a Supabase method that expects
non-null.
Additionally, it updates a label from 'Remix' to 'React Router'.
## What is the current behavior?
Two issues:
- Following the Auth client steps with React Router creates a
`deprecation` error and downstream Typescript errors.
- 'Remix' is renamed to 'React Router'.
> Remix and React Router are the same thing, made by the same people.
Remix was simply renamed React Router Framework Mode starting in version
7 of React Router.
- [Blog
Source](https://reacttraining.com/blog/remix-vs-react-router-framework)
<img width="894" height="754" alt="Screenshot 2026-06-04 at 4 00 45 PM"
src="https://github.com/user-attachments/assets/33dc5d89-4a76-44b6-a5c3-39a30dca3b57"
/>
<img width="604" height="464" alt="Screenshot 2026-06-05 at 11 21 54 AM"
src="https://github.com/user-attachments/assets/10ea458f-22e5-498c-b43a-df13f7902a17"
/>
## What is the new behavior?
- Adding a non-null assertion clears up all error. Running the
application does not produce errors.
- Changing the label from "Remix" to "React Router" updates the dropdown
name to match the rebrand. Now, it does not look outdated and matches
the docs.
<img width="609" height="519" alt="Screenshot 2026-06-05 at 11 22 48 AM"
src="https://github.com/user-attachments/assets/c18ee5b7-4693-40c9-9c20-8f95756c8298"
/>
## Additional context
The task was to clarify our documentation on this page: [Create a
Client](https://supabase.com/docs/guides/auth/server-side/creating-a-client?queryGroups=framework&framework=react-router&queryGroups=environment&environment=react-router-loader#create-a-client)
However, the code sample in the docs is correct; the documentation in
**Dashboard** produced the errors.
## Future improvements
- To make this more robust, the code could have a single source of
truth.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Clarified generated Supabase server client template text to improve
type/reference safety in the Remix integration guide.
* **UI**
* Renamed framework label from "Remix" to "React Router" across the
Connect interfaces for clearer framework identification.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Miranda Limonczenko <mirandalimonczenko@Mirandas-MacBook-Pro.local>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES/NO
## What kind of change does this PR introduce?
Bug fix, feature, docs update, ...
## What is the current behavior?
Please link any relevant issues here.
## What is the new behavior?
Feel free to include screenshots if it includes visual changes.
## Additional context
Add any other context or screenshots.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Authentication configuration updates now trigger the app's default
refresh behavior, ensuring changes propagate automatically and remain
synchronized across the interface.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
- Fetch additional project data needed to determine marketplace
integration installation status
- Consolidate logic to ensure consistency between left-hand nav and
overview tab
- Add special-case handling of new integrations to give us more granular
control of their behavior
Adds an info tooltip next to the "I'm purchasing as a business" checkbox
explaining that it's for tax-registered businesses and requires a tax
ID.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a help icon with tooltip next to the "I’m purchasing as a
business" checkbox. The tooltip clarifies when to select the business
option and notes that tax ID entry is required only for tax‑registered
businesses, reducing confusion and helping users provide correct billing
information.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
Webhook log drains (project and org/audit) deliver requests with a
malformed, duplicated `Content-Type: application/jsonapplication/json`
header. On at least some receivers this breaks body parsing, so the
delivered body appears empty even though it is present (confirmed with
gzip both on and off).
Root cause: the create form seeds a default `Content-Type:
application/json` header for webhook drains, and the logflare webhook
adaptor's `Tesla.Middleware.JSON` also sets `content-type:
application/json` when it encodes the body. Both are sent, and the
receiver concatenates the two same-named headers.
## Fix
Stop seeding `Content-Type` in the webhook default headers
(`getDefaultHeadersByType`). The delivery side already sets it, so a
single clean header is sent. OTLP keeps its `application/x-protobuf`
default because the OTLP delivery path uses `json: false` and does not
set a content type itself.
Updated the form tests that assumed the seeded header (the added-header
row is now index 0 instead of 1, and the duplicate-header test now adds
two explicit rows).
## How to test
- Create a webhook (Custom Endpoint) audit log drain pointing at a
request bin.
- Trigger an audit event and inspect the delivered request:
`Content-Type` should be a single `application/json`, and the JSON body
should be visible.
## Note
This fixes the common case (the seeded default). A user who manually
adds a `Content-Type` header to a webhook drain would still hit the
duplication; the robust cross-team fix would be for the logflare webhook
adaptor to drop an incoming `content-type` before its JSON middleware
sets one. Flagging for the logs team.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Log Drain header handling corrected: webhook drains no longer add a
default Content-Type; other drain types retain their appropriate
defaults. Empty header rows are no longer submitted.
* **Tests**
* Updated tests to match new header indexing, validation behavior, and
submission expectations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Adds the final set of keyboard shortcuts to the Unified Logs page and
converts the last hardcoded `keydown` listener (detail-panel prev/next)
to the shared shortcut registry. Each action also surfaces its keybind
in a registry-driven tooltip.
Closes FE-3415.
## Shortcuts
| Action | Shortcut | Notes |
| --- | --- | --- |
| Refresh logs | `Shift+R` | new |
| Download logs | `Shift+E` | new — opens export dropdown |
| Focus filter bar | `Shift+F` | new |
| Clear filters | `F` then `C` | new |
| Copy selected as JSON | `Mod+Shift+J` | new — reuses
`results.copy-json` |
| Copy selected as Markdown | `Mod+Shift+M` | new — reuses
`results.copy-markdown` |
| Previous / next log (detail panel) | `↑` / `↓` | converted from
hardcoded listener |
| Close details panel | `Escape` | new |
Existing shared `data-table.*` shortcuts kept as-is: toggle sidebar
(`Mod+B`), live mode (`Mod+J`), reset filters (`Mod+Esc`), reset columns
(`Mod+U`), reset focus (`Mod+.`).
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added keyboard shortcuts for Unified Logs: copy selected rows as
JSON/Markdown, navigate rows, refresh, clear/reset filters, download,
and focus filter — shortcuts show in the command menu and display
badges/hints in menus and buttons.
* **Refactor**
* Shortcut handling unified across log controls; shortcuts
enable/disable based on context and a new "Logs" group appears in the
shortcut reference.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Adds a short intro line above the suggested support articles list in the
new support case form so it's clearer that the items are clickable
links. Resolves FE-3548.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Documentation suggestions now include a short introductory message
above results and place recommendations inside a clearer grouped
container with improved spacing, enhancing readability while preserving
subtle dimming for older suggestions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
The Supabase MCP repo transferred from `supabase-community/supabase-mcp`
-> `supabase/mcp`. This updates links on docs and www to point to the
new location: https://github.com/supabase/mcp
The main one needing this change is the MCP docs page at `mcp.mdx`:
https://supabase.com/mcp
I also updated links in the changelog / blog for good measure, though I
can remove those changes if desired since the old URL redirects to the
new location.
Related: https://github.com/supabase/mcp/pull/295
Ref: AI-792
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated Supabase MCP server repository references across all
documentation guides, blog articles, changelog entries, and supporting
materials to direct users to the current official location.
* Refreshed documentation links including feature groups, setup
instructions, abilities documentation, and GitHub issue tracking URLs
for consistency.
* Updated MCP server release links in changelog.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
- closes https://github.com/supabase/supabase/issues/46548
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Main content now reliably scrolls to the top when navigating between
project sections.
* **Tests**
* Updated tests to cover the updated scroll behavior and context
handling.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
Sustained memory overcommitment is one of the failure patterns that most
often leads to databases being killed when the system runs out of
memory. Today the database report only shows used memory against total
RAM, which hides the kernel's commit accounting: a project can sit far
above its commit limit (RAM plus swap, adjusted by the overcommit ratio)
and the dashboard gives no signal until something breaks.
A combined chart with swap, overcommitment, and main memory was
considered too dense, and a standalone swap chart was not useful enough
on its own.
Linear: [DEBUG-119](https://linear.app/supabase/issue/DEBUG-119)
## Fix
Adds a separate "Memory commitment" chart between the existing memory
usage and swap charts. It plots `ram_commit_used` (Committed_AS) as the
main series with `ram_commit_limit` (CommitLimit) as the max-value
threshold line, so values approaching or crossing the limit are visually
obvious. Backend support for the two new metric attributes ships in
supabase/platform#33321.
## How to test
- Wait for the platform PR (supabase/platform#33321) to deploy so the
two new attributes are accepted by the infra monitoring endpoint.
- Open any project, navigate to Database -> Reports.
- Confirm the new "Memory commitment" chart appears between "Memory
usage" and "Swap usage".
- Confirm the chart shows two series: the committed memory bars/area and
a max line for the commit limit.
- Hover the legend and the chart to confirm the tooltips read clearly.
- Confirm the time range selector and chart sync (`syncId:
'database-reports'`) keep this chart aligned with the others.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added comprehensive guide for interpreting memory commitment patterns
in telemetry reports, including component breakdown, chart pattern
guidance, and actionable recommendations.
* **New Features**
* Added memory commitment chart to database observability dashboard,
displaying RAM commitment usage and limits.
* Extended monitoring API to support new RAM commitment metrics.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
## Problem
On the org Audit Log Drains page, the description "Export your
organization audit logs to third party destinations" sits flush against
the destination cards below it, with no separation.
## Fix
Add `pt-8` to the page's `PageContainer` so the content has a clear gap
below the header. `PageHeader` only applies top padding and relies on
the following content for the gap (other org settings pages get this
from `PageSection`); this page renders the cards directly in
`PageContainer`, so it needed the explicit top padding.
## How to test
- Open `/org/{slug}/audit-log-drains` (with the `auditLogsLogDrain` flag
enabled).
- Confirm there is clear vertical spacing between the page description
and the destination cards.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Adjusted the top spacing of the audit log drains page for improved
visual alignment.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
## Problem
In the Logs Explorer, clicking the Run button after editing the SQL did
not execute the latest query. It ran a stale version. Pressing Cmd+Enter
ran the correct, latest query.
The Run button's handler read the query from the `editorValue` React
state, which can lag behind the most recent keystroke. Cmd+Enter works
because Monaco's keybinding reads the live value directly off the editor
instance.
## Fix
`handleRun` now reads the live value from the editor instance
(`editorRef.current.getValue()`), falling back to `editorValue`. This
makes the Run button consistent with the Cmd+Enter keybinding.
## How to test
- Open the Logs Explorer (Project > Logs > query/explorer).
- Type or edit a SQL query in the editor.
- Without clicking elsewhere, click the Run button.
- Expected result: the query that runs reflects your latest edit,
matching the behavior of Cmd+Enter.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Fixed an issue in the logs explorer where SQL queries would not
execute with the most recent code changes you've typed. The query runner
now uses the latest content from the editor to ensure your most recent
edits are run.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
New landing page for an upcoming webinar with Perplexity.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* New webinar event now available: "Workflows That Scale: Supabase +
Perplexity Computer for Small Businesses" with event details, agenda,
speaker information, and registration link.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs update
## What is the current behavior?
Currently, this doc outlines how to restore a dashboard backup which
only applies to projects that still use logical backups. Newer projects
cannot follow this process.
## What is the new behavior?
Adds an admonition to direct users with projects that use physical
backups to the correct guide.
Keeping the legacy guide content for now for older projects that may
still be using logical backups.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added clarification that dashboard backups are only available for
Supabase projects using logical backups. Projects using physical backups
are directed to refer to the CLI backup and restore guide instead.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Extracts the Cancellation Flow from the subscriptions side panel and
adds a new button that initiates the flow (old journey is still
possible):
(screenshots see below)
Verified manually:
- ✅ confirmed the old downgrade flow works, Team -> Pro; Pro -> Free
- ✅ confirmed the new downgrade flow works
- ✅ button does not show up when on free plan; no flicker
- ✅ button does not show up on enterprise/platform plan
- ✅ verified button is disabled when managed by AWS marketplace
(hardcoded in `useSelectedOrganizationQuery`)
- ✅ verified button is disabled if `canUpdateSubscriton` is false,
hardcoded in `useAsyncCheckPermissions`
- ✅ modal for exceeding-free-projects shows up
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a guided subscription cancellation flow with confirmation steps,
member/usage checks, and an exit survey.
* Exposed a visible "Cancel Subscription" control in billing settings,
enabled/disabled with contextual tooltip messaging.
* **Improvements**
* Downgrade/exit survey confirm action can be disabled when appropriate;
exit survey confirm label updated to "Downgrade Now".
* **Chores**
* Added frontend telemetry for cancellation button interactions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
adding georgian
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES/NO
## What kind of change does this PR introduce?
Bug fix, feature, docs update, ...
## What is the current behavior?
Please link any relevant issues here.
## What is the new behavior?
Feel free to include screenshots if it includes visual changes.
## Additional context
Add any other context or screenshots.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated blog post with corrected wording regarding investor
participation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
Log drains were only available per project. Organizations had no way to
export their platform audit logs to a third party destination, which had
to be set up manually through the API.
## Fix
Add a self-serve "Audit Log Drains" page under Organization Settings
(Compliance section) that reuses the existing log drains destination UI
at the org scope.
- Extract a presentational `LogDrainsList` shared by the project and org
containers, with no behavior change to the project page.
- Make `LogDrainDestinationSheetForm` presentational via
`existingDrainNames` and `onSaveClick` props, removing its project-only
data and telemetry coupling.
- Add org-scoped data hooks (list, create, update, delete, test
connection) calling
`/platform/organizations/{slug}/analytics/audit-log-drains`, gated by
the `audit_log_drains` entitlement.
- Add the page, nav entry and a keyboard shortcut, all gated behind the
`auditLogsLogDrain` feature flag and `IS_PLATFORM`.
The org audit log drain endpoints are not yet present in the generated
API types, so the new hooks use a localized `// @ts-ignore` (matching
the existing project log drain hooks) until the types are regenerated.
## How to test
- Open `/org/{slug}/audit-log-drains` on an org with the
`audit_log_drains` entitlement.
- Create an S3 and a webhook destination, confirm the cost dialog, then
delete one and test a connection.
- Confirm the list refreshes and that the existing project Log Drains
page is unchanged.
- Confirm the page and nav entry are hidden when the flag is off.
## Notes
- Verified locally: org data hook tests and the org settings nav
shortcut tests pass. Full typecheck, lint and the component test suite
should be run in CI, since this sandbox has an incomplete dependency
install.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Audit Log Drains management in organization settings: add, update,
test, and delete destinations; new Audit Log Drains page and navigation
shortcut.
* **Improvements**
* New consolidated list view with clearer loading, error, empty and
populated states.
* Feature-flag driven display of available drain types.
* Form validation prevents duplicate names and supports save callbacks
with telemetry on save.
* **Tests**
* Added tests covering listing, create/update/delete, testing, and form
validation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
New blog post for the Series F announcement.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Published a new blog post announcing the Series F funding, covering
investors, round priorities (open-source/Postgres tooling, platform
growth, employee liquidity), product updates (including Multigres
alpha), growth metrics, employee liquidity framework, and a community
message with an embedded image and careers link.
* **New Features**
* Added a public agent-skill discovery document listing two
archive-based skills with versioned download links and checksums.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Copple <10214025+kiwicopple@users.noreply.github.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Adds a new blog post by Sugu.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added agent skills discovery index with downloadable Supabase and
Postgres best practices skills.
* **Documentation**
* Added blog post covering Multigres v0.1 Alpha, including deployment,
high availability, connection pooling, and backup features.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Jonathan Summers-Muir <MildTomato@users.noreply.github.com>
Mirrors the recent invite drawer change (#46515) on the edit access
drawer. Each role option now describes its permissions via the shared
\`ROLE_DESCRIPTIONS\` map instead of showing just the role name.
Closes FE-3524.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Role selection in Team Settings now shows full, role-specific
permission descriptions and appends any disabled-reason details for
clarity.
* **Tests**
* Added integration tests covering the role panel UI: role listing,
selected role label, documentation link, role-specific descriptions, and
an admin-safety notice; includes test environment compatibility stubs
for animations and routing.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
- Noticing our code we have many patterns of calling localstorage and
handling those errors
- We should add those in a single well tested file
- Handle those errors in the singleton which makes it easier for us to
debug customer issues. Logger is outputing local storage warnings for
feature we expose
- Side effect of this is random crashes on studio when local storage
isn't available or handled correctly
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Improved browser storage handling across the app for more reliable
persistence and graceful behavior in restricted or non-browser
environments (settings, previews, charts, tabs, sign-in/session flows,
integrations, and UI state).
* **New Features**
* Introduced a safe storage layer to standardize and harden
local/session persistence.
* **Tests**
* Added comprehensive tests covering the new safe storage behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
- Marketplace index page
- update order of feature partner integrations in hero
- fix z-index on MarketplaceFilterBar in "list" view
<img width="275" height="104" alt="Screenshot 2026-06-02 at 17 07 29"
src="https://github.com/user-attachments/assets/5cef64f9-895e-4f8d-8f30-153ddd5c89dd"
/>
- Marketplace detail page
- use "prose" css styling on overview content for better text styling
(heading with top padding, etc)
- refine FilesView in overview tab to only show swipeable and zoomable
previews (so the big image doesn't occupy too much space) + lazy load
FilesView component
- improve page loading state
- improve overview side rail sticky-top and remove redundant "About"
label
<img width="1333" height="732" alt="Screenshot 2026-06-02 at 17 20 29"
src="https://github.com/user-attachments/assets/8f3dd4a0-c241-4b7f-b8c8-192e1d7a616d"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Interactive carousel with image zoom capability for viewing
integration preview images
* **Bug Fixes**
* Fixed z-index layering issue with marketplace filter bar
* **Refactor**
* Redesigned marketplace detail page header with breadcrumb navigation
* Updated integration image handling structure with enhanced metadata
* Optimized dynamic loading for integration file viewers
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
## Problem
When workflow runs for branches fail due to stuck tasks, they can sit
idle indefinitely. Users are unaware that they need to make a new commit
to retrigger the workflow — leading to confusion, wasted time, and
silent failures going unnoticed.
## Solution
Provide a button that allows users to retrigger a workflow when it is
not being removed.
## How to test
- Create a branch
- Wait for its row to appear on the branch management page
- Click the _View logs_ button
- You should see a _Retrigger_ button
- Clicking it should make a new row appear in those logs
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Retrigger previously executed workflows directly from branch preview
actions.
* Confirmation dialog added for retrigger actions.
* **Improvements**
* Toast-style error notifications when retriggering fails.
* Workflow run list layout updated for a more flexible horizontal
display.
* After retriggering, workflow and action lists refresh so updates
appear promptly.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated build tools and development dependencies across the project
* Upgraded Vue framework and related tooling to latest versions
* Updated TanStack React Start dependency
* Refined dependency resolution settings to improve build stability and
performance
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Consolidated API key deprecation guidance into a reusable notice for
consistent messaging across docs. Announces deprecation of legacy
anon/service_role JWT-secret keys by end of 2026, instructs switching to
sb_publishable_xxx / sb_secret_xxx, and provides steps to locate and
copy both new and legacy keys. Applied across auth, getting-started,
API, and realtime guides.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: fadymak <dev@fadymak.com>
## What
Adds a getting-started guide for migrating an existing project from the
legacy JWT-based `anon` and `service_role` keys to the new publishable
(`sb_publishable_...`) and secret (`sb_secret_...`) keys.
The guide walks through the migration step by step:
- **Before you start** — maps legacy keys to their replacements.
- **Step 1** — create the new `default` keys.
- **Step 2 / 3** — swap the publishable key in client code and the
secret key in backend code.
- **Database Webhooks and `pg_net`** — move the key from the
`Authorization: Bearer` header to the `apikey` header (the new keys
aren't JWTs and are rejected on `Authorization`), with a Vault note for
not inlining secrets.
- **Step 4** — update Edge Functions, with two options: read the new env
vars (`SUPABASE_PUBLISHABLE_KEYS` / `SUPABASE_SECRET_KEYS`) and set
`verify_jwt = false`, or adopt the `@supabase/server` SDK.
- **Step 5 / 6** — verify nothing uses the legacy keys, then deactivate
them (reversible).
- **Next steps** — clarifies that JWT signing keys are a separate,
independent migration.
## Notes
While writing this we found Studio issues to fix separately (the Invoke
Function cURL snippet and the Database Webhooks editor both put the new
keys on the `Authorization` header).
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added a comprehensive migration guide for moving from legacy JWT-based
API keys to the new publishable and secret keys with zero‑downtime
steps, verification, limitations, and next steps.
* Clarified API key behavior and recommended migration actions in the
getting‑started docs.
* Added a navigation entry linking to the new migration guide.
* **Style**
* Relaxed documentation lint rules to allow expected wording/phrases
(e.g., "backends", "Database Webhooks").
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
Removed unused deprecated fields from marketplace types.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Updated listing configuration types to reflect current system
behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Include the v2 mgmt API spec in the official docs. This PR merges the v1
and v2 specs when generating the reference, with v2 taking precedence on
conflicts.
Fixes API-1215
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Docs now include API v2 reference: log-drain management
(list/create/update/delete) and project transfer (preview/transfer).
* **Documentation**
* Generated API reference now merges v1 and v2 specs so both appear in
the docs and section listings.
* New v2 operations added to Analytics and Projects documentation
sections.
* **Chores**
* Docs generation pipeline updated to accept and process multiple API
spec inputs.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Follow-up to #46448, which removed the doubled DataGrid borders across
Studio. The table editor grid had the same doubled border at the bottom,
but unlike the other grids it still needs a top border — and that top
border was rendering in react-data-grid's own `--rdg-border-color`
rather than the studio default.
**Changed:**
- Removed the doubled bottom border on the table editor `<DataGrid>`
(`border-b-0!`)
- Forced the top border to the default border color via the
`border-t-default!` token (≈ rgb(46,46,46) / `--border-default`) instead
of leaning on react-data-grid's `--rdg-border-color`
## To test
- Open the table editor for any table (`/project/[ref]/editor/[id]`)
- Confirm there's a single top border between the filter/sort toolbar
and the grid header, in the standard border color
- Confirm there's no extra line at the bottom of the grid
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Refined grid visuals and spacing to improve alignment and visual
consistency across the app. Adjustments to border and growth behavior
reduce border inconsistencies and layout jitter during resizing. Context
menu display behavior remains intact, ensuring expected right-click
interactions continue to work smoothly for users.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
Removed Alan De Los Santos and Fabrizio Cataldo from the list.
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Humans update
## What is the current behavior?
Humans
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated team roster in public documentation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
Four pages in `apps/docs` have a mismatch between the `pathname` in
`generateMetadata` and the `pathname` in `GuideTemplate`. The
`generateMetadata` pathname is what generates the `<link
rel="canonical">` and `<link rel="alternate" type="text/markdown">` tags
— so both tags point to the wrong URL on all 4 pages.
The wrong canonical destinations either loop back to the source page
(308 → source) or end in a 404, meaning Google is being told the
authoritative URL is somewhere it can't reliably reach.
## Changes
One-line fix in each file — update `pathname` in `generateMetadata` to
match the `pathname` already correctly set in `GuideTemplate`:
- `apps/docs/app/guides/database/database-advisors/page.tsx` —
`/guides/database/database-linter` →
`/guides/database/database-advisors`
- `apps/docs/app/guides/local-development/cli/config/page.tsx` —
`/guides/cli/config` → `/guides/local-development/cli/config`
- `apps/docs/app/guides/deployment/ci/[slug]/page.tsx` —
`/guides/cli/github-action/${slug}` → `/guides/deployment/ci/${slug}`
- `apps/docs/app/guides/deployment/terraform/[[...slug]]/page.tsx` —
`/guides/platform/terraform` → `/guides/deployment/terraform`
## Verification
Before fix — view source on any of these pages and search for
`canonical`:
- https://supabase.com/docs/guides/database/database-advisors
- https://supabase.com/docs/guides/local-development/cli/config
- https://supabase.com/docs/guides/deployment/ci/testing
- https://supabase.com/docs/guides/deployment/terraform
After fix — canonical on each page should be self-referencing.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Fixed documentation routing paths across multiple guides to align with
proper navigation structure:
* Database advisors guide
* CI/deployment guide
* Terraform deployment guide
* Terraform provider reference guide
* Local development CLI configuration guide
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated authentication docs: require startup-time validation of
required env vars and introduce JSON-mapped publishable/secret key
handling.
* Added JWKS-based asymmetric JWT verification guidance and clarified
symmetric (HS256) handling; deprecated anon/service-role keys.
* Clarified Authorization control flow: when handlers must fully
authenticate vs. when module-scoped JWKS verification applies.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
go pages can have forms. Those forms can also submit to HubSpot and
Notion, if configured properly. There appears to be a bug in the form
submission that we thought we had fixed on Friday. I'm attempting to fix
it here because the web developer working on this project has left the
company. I can definitively rule out API keys and form UUIDs as the
culprit.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Fixed CRM resolver configuration in bundled application builds to
ensure proper CRM form integration across all module instances.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
Sentry [SUPABASE-APP-J7C](https://supabase.sentry.io/issues/7492405004)
— `Error: Node with id=new-folder doesn't exist in the tree.` (328
events / 280 users). Crashes the SQL editor.
## Root cause
`react-accessible-treeview` throws when an id is dropped from the
controlled `expandedIds` prop in the same render its node leaves the
tree data — its collapse effect calls `getTreeNode(data, id)` on a node
that's already gone. The prior fix (`8bcb878a01`) reactively filtered
`expandedIds` against the live tree, which is exactly what produces that
simultaneous drop when a `new-folder` placeholder (or any expanded
folder) is removed.
## Fix
- Guard additions: only expand folder ids that exist in the tree.
- Tolerate stale ids: pass `expandedFolderIds` as-is instead of the
reactively filtered list, so we never create a "removed" delta for a
node that's already gone. Stale ids are harmless — the library only
inspects the add/remove delta.
## Reproduction (to verify the fix)
1. Open the SQL Editor for a project.
2. Create a folder and add a snippet into it.
3. **Expand** the folder.
4. Right-click the folder → **Delete folder** (confirm).
5. Before: the editor crashes with `Node with id=... doesn't exist in
the tree.` After: no crash.
Fixes SUPABASE-APP-J7C
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved stability of private snippet folder expansion in the SQL
editor: auto-expansion now respects the current snippet tree state to
avoid unexpected collapses or visual glitches in the folder tree.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
Edge Function examples that use the new publishable/secret API keys read
them with a double lookup:
```ts
const SUPABASE_SECRET_KEYS = JSON.parse(Deno.env.get('SUPABASE_SECRET_KEYS')!)
const secretKey = Deno.env.get(SUPABASE_SECRET_KEYS['default']) // ❌ returns undefined
```
`SUPABASE_SECRET_KEYS` / `SUPABASE_PUBLISHABLE_KEYS` are a JSON object
that maps a key name to the **actual key value** (e.g.
`{"default":"sb_secret_..."}`), confirmed by:
- the self-hosted injection in `docker/docker-compose.yml`
(`SUPABASE_SECRET_KEYS: "{\"default\":\"${SUPABASE_SECRET_KEY:-}\"}"`)
- the `@supabase/server` SDK README
So `SUPABASE_SECRET_KEYS['default']` is already the key. Wrapping it in
another `Deno.env.get(...)` looks up an env var named `sb_secret_...`,
which doesn't exist, so the value is `undefined` and the examples fail
at runtime.
## Fix
Unwrap the outer `Deno.env.get(...)` so the key is read directly:
```ts
const SUPABASE_SECRET_KEYS = JSON.parse(Deno.env.get('SUPABASE_SECRET_KEYS')!)
const secretKey = SUPABASE_SECRET_KEYS['default'] // ✅
```
Applied across 23 files (example functions, the
`examples/prompts/edge-functions.md` codegen guidance, and two docs
guides). The correct `JSON.parse(Deno.env.get('SUPABASE_SECRET_KEYS')!)`
declaration line is untouched. The generated `apps/docs/examples/` copy
regenerates from `examples/` at build time.
## Notes
- Docs context:
[#46600](https://github.com/supabase/supabase/pull/46600), which
documents the same key model.
- Follow-up (not in this PR): a few examples send the secret key on the
`Authorization: Bearer` header, which the new keys reject. Worth a
separate audit.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Clarified examples and guides for correctly reading parsed Supabase
secret and publishable key maps.
* **Examples**
* Standardized credential usage across Edge Functions and samples so
Supabase clients consistently receive keys from the parsed key maps
rather than indirect lookups.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
## What changed
Updated the S3 Vectors wrapper docs links in Studio to use the canonical
`s3_vectors` docs slug instead of `s3-vectors`.
## Why
The docs route on current `master` uses
`/guides/database/extensions/wrappers/s3_vectors`, so these Studio links
should point to the existing page.
## Validation
Skipped local checks at request: this is a two-line URL-only update.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Fixed documentation links for S3 Vectors integration to direct users
to the correct reference guides.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: Ali Waseem <waseema393@gmail.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Behavior Changes**
* Partial directives now render unprovided variables as empty strings
instead of throwing validation errors
* Escaped placeholders (preceded by backslash) are preserved and not
substituted
* Unused provided variables are silently ignored
* **Tests**
* Updated test coverage to validate the new permissive variable
substitution behavior and removed prior error-focused assertions
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
New guide at `/guides/api/handling-errors-in-supabase-js` that leads
with `error.hint` as the most useful field on a Postgres error. When the
database knows the fix (a `GRANT` statement to run for a `42501`, a
column name you probably meant), it puts the literal SQL in `hint`.
Logging only `error.message` hides it.
The guide covers the `PostgrestError` shape (fields ordered by
usefulness: hint first, message last), branching on `error.code`, and
parallel patterns for Auth, Storage, Edge Functions, and Realtime.
Linked from the API > Guides sidebar next to the existing PostgREST
error codes reference.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added a comprehensive guide on handling errors in supabase-js,
explaining the {data, error} pattern and recommending logging full error
objects.
* Provides a recommended error-handling pattern, guidance to branch on
error codes, and example error fields.
* Adds component-specific advice for Auth, Storage, Edge Functions, and
Realtime, plus a “Related” links section.
* Added a navigation entry so the guide appears in the API guides
submenu.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs update
## What is the current behavior?
The access-control permissions matrix shows Developer-role users can
create development branches, but doesn't mention the implicit
production-branch registration step that runs on the first "Create
branch" click for a gitless project — which is
Owner/Administrator only. Customers reading the matrix conclude
Developers can branch from the start; in reality, an
Owner/Administrator has to perform the first branch creation to register
the production branch.
## What is the new behavior?
Adds a footnote on the "Development Branches → Create" row that flags
the one-time first-branch admin requirement and links to the
dashboard branching guide for the full explanation. Short cross-link
only — long-form mechanism explanation lives on the dashboard
branching guide (companion PR #46471).
## Additional context
- Companion PR adding the long-form admonition on the branching guide
page: #46471
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Clarified branching permissions for dashboard (gitless) workflows: the
first branch creation (one-time) without a GitHub integration requires
Owner or Administrator to register the production branch; after that
initial step, Developers may create, update, and delete branches as
normal.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
The embeddings workflow started failing after #46163 with `ENOENT: ...
content/reference/javascript/v2/sections.json`. That PR routed the JS v2
search ingest through the new reference pipeline
(`loadClientLibReferenceFromNewPipeline` in
`apps/docs/scripts/search/sources/reference-doc.ts`), and updated
`predev` and `prebuild` to run both `codegen:references` and
`codegen:references:new`, but missed `preembeddings`. This chains
`codegen:references:new` into `preembeddings` so `pnpm run embeddings`
(and the `:nimbus` / `:refresh` variants that fan out to it) produces
the new pipeline output before the search ingest reads it.
## Problem
High availability (Multigres) projects don't expose Multigres service
logs in the Studio logs UI, so users on HA projects have no entry point
to inspect them.
## Fix
Add a `Multigres` logs collection, gated behind the `multigresLogs`
ConfigCat flag **and** the project's `high_availability` flag
(`useShowMultigresLogs`):
- New `Multigres` entry in the logs sidebar `Collections`, linking to a
new `multigres-logs` page that queries the `multigres_logs` table.
- Wire `multigres_logs` through the logs constants, types, table SQL,
query type, and service labels.
- Row formatting: parse the JSON `event_message` and render `level`
through `SeverityFormatter` and `msg` through `TextFormatter`, matching
the other service collections (instead of dumping raw JSON).
- `WARN` severity is now styled like `WARNING` (amber), since Multigres
emits `level: WARN`.
- Log detail drawer: parse the JSON `event_message` and spread its keys
onto the log so each field (level, msg, query, error, connection_id,
etc.) renders as its own collapsible row.
- Single-log query omits the `metadata` column for `multigres_logs` (the
table has no such column), fixing an `INVALID_ARGUMENT` error when
opening the detail drawer.
- Event chart: parse the level out of `event_message` via `JSON_VALUE`
so error/warning bars are counted (the table has no top-level level
column).
- Add the `multigres_logs` source schema to the Field Reference drawer,
same gating.
## Why a feature flag
`high_availability` is an existing product feature that predates
Multigres, so existing HA projects could otherwise see a broken
collection querying a `multigres_logs` table they don't have. Requiring
the `multigresLogs` flag ships the feature dark and decouples rollout
from HA status. The flag must be created in ConfigCat before enabling;
until then `useFlag` returns false and the feature stays hidden.
## How to test
- Enable the `multigresLogs` flag (or override locally) and open a
project where `high_availability` is `true`.
- Navigate to `Logs`. Confirm a `Multigres` entry appears under
`Collections` (after `Replication`).
- Open it: the page loads at `/project/<ref>/logs/multigres-logs` and
queries `multigres_logs`.
- Confirm rows show a colored severity pill (including amber `WARN`) and
a readable message rather than raw JSON.
- Confirm the chart counts error/warning bars correctly.
- Click a row: the detail drawer shows each parsed field as its own row,
with no error.
- Open the Field Reference drawer and confirm `Multigres` is listed as a
source.
- With the flag off, or on a non-HA project, confirm the collection and
Field Reference source are both hidden.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Multigres added as a dedicated log source with its own Logs page,
sidebar entry, and query type.
* Log list and preview now parse Multigres payloads to surface
timestamp, severity, and formatted message.
* Multigres integrated into charting, prompt labels, and field-reference
UI (hidden unless enabled).
* New hook controls showing Multigres UI only when feature flag + HA
project condition are met.
* **Bug Fixes**
* Severity rendering treats "WARN" the same as "WARNING".
* **Tests**
* Unit tests added for Multigres parsing and the show-Multigres hook.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
