## Context
It isn't clear that the project status on the project home page is
clickable to show the status of each service of the project
<img width="283" height="454" alt="image"
src="https://github.com/user-attachments/assets/c91ade86-b16d-4ea5-9046-5e8f71e7dd6e"
/>
Which can cause confusion, especially when starting branches - that the
project status is just "Coming up" with no additional information.
Opting to use a hover card instead of a popover to hopefully mitigate
this gap
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **UI Improvements**
* Enhanced status tooltip interactions with improved hover behavior and
customizable delay controls for a better user experience.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Context
For a table that has RLS enabled, but a policy with just `true` for the
role `public`
The RLS tester was incorrectly reporting that `anon` doesn't have access
Was happening as we weren't considering policies that apply to the
`public` role (which applies to _all_ roles)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* RLS tester now treats explicitly-public policies as applicable
regardless of the impersonated role, improving policy coverage accuracy.
* **Refactor**
* Consolidated RLS test state computation to improve consistency of
access badges and policy messaging.
* **Tests**
* Added comprehensive tests validating RLS scenarios, badge states, and
policy/role messaging.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This change updates the handler for simple GET installations to
correctly appending the organization_slug and project_ref parameters as
documented in our Partner Integrations Guide.
Fixes INT-111
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Integration installs now open in a new browser tab instead of
replacing the current page.
* Organization and project context are appended to integration
installation links so setups receive correct context.
* Missing or invalid installation links now fall back to the home page
to avoid navigation errors.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
## Context
Main fix is actually just the disabled check on the "Merge branch"
button
We're preventing merging of branches via the dashboard if the project
has GH integration + "Deploy to production" enabled (the latter we're
checking via if the `git_branch` property from the main branch exists,
from the GET branches API endpoint)
However, the `git_branch` property persists even after disabling the GH
integration (by design), and hence we were incorrectly disabling the
"Merge branch" button if the user removed the GH integration. Hence the
fix is to also check if the project has an active GH integration
## Other changes
- Refactored the merge page into smaller components
- Added an admonition to callout the "Deploy to production" + what steps
to take (otherwise it's not clear at all what to do in this scenario)
<img width="1451" height="524" alt="image"
src="https://github.com/user-attachments/assets/9df7d432-b220-4f71-b8f4-5ed0fd426afc"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Redesigned merge request page interface with dedicated components for
title, subtitle, and merge actions, improving user clarity and
experience.
* Added GitHub production deployment restriction messaging—users cannot
proceed with merge requests when this integration deployment method is
enabled.
* **Refactor**
* Enhanced GitHub integration connection query patterns and overall code
organization.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Context
Realised that MultiSelector's content is not scrollable when rendered
within a sheet (e.g Auth policies, Database indexes)
### Explanation from Claude:
- The issue is that Radix Dialog (Sheet) adds
@radix-ui/react-remove-scroll which intercepts wheel events. The Popover
portal renders outside the Sheet's DOM tree, so the scroll lock blocks
wheel events on CommandList.
- The fix is to stop wheel event propagation on the CommandList so it
doesn't reach the RemoveScroll handler.
### To test
- [ ] Verify that MultiSelector can be scrollable within a sheet (e.g
Auth policies roles) and outside of a sheet (e.g Data API -> Exposed
schemas)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Fixed scroll wheel propagation in multi-select dropdown to prevent
unintended scrolling of parent elements.
* **Updates**
* Simplified filter component interface by removing an unused
configuration property.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Context
Adds an admonition in the Connect sheet to inform users about the IPv4
addon if direct connection is selected and project doesn't have the IPv4
addon
Decided to place it below the copy prompt CTA since it's technically a
secondary action (users with IPv6 networks wouldn't need this)
<img width="755" height="707" alt="image"
src="https://github.com/user-attachments/assets/f1d29a56-db5f-4807-9545-a862434fea8f"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Displays contextual guidance in direct connection mode when the IPv4
add-on is not enabled, including quick-access links to configure IPv4
settings and to open IPv4 documentation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
## Context
Just refactors Database publications pages to use the `PageLayout`
component, otherwise was missing a header currently
Also fix search results empty state for publications pages
### Before
<img width="1144" height="550" alt="image"
src="https://github.com/user-attachments/assets/e178d31a-313e-48f3-a87c-bf26b13fef9e"
/>
### After
<img width="1145" height="396" alt="image"
src="https://github.com/user-attachments/assets/82a29529-46d8-40eb-ad25-9b424995e89e"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a dedicated shimmering skeleton for publications table loading
states
* **Refactor**
* Restructured Publications interface for unified table rendering
* Unified loading, error, empty and "missing selection" states into the
table
* Moved empty-results to render inside the table
* Removed the back-navigation button
* Page layout and section structure refactored for clearer spacing and
navigation
* **Style**
* Improved loading visuals with skeleton rows
* Updated empty-results styling for a cleaner table appearance
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Context
Main fix is to ensure that the tooltip here is scrollable - but also
adding some refactors
This is the org billing page when downgrading an org
### Before
<img width="400" alt="image"
src="https://github.com/user-attachments/assets/6094c2e6-c1bb-460f-a2d2-347c1d7d2e77"
/>
### After
<img width="400" alt="image"
src="https://github.com/user-attachments/assets/9d0ac9a6-6e89-4758-af14-8144a8a86469"
/>
## Changes involved
- Use HoverCard for invoice estimate in plan confirmation dialog
- Also nudge the UI a little, e.g use a separate column for the compute
prices + adjust text color to improve clarity
- Refactor usage of `any` for some of the TS declarations
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added an invoice estimate tooltip in subscription settings showing
monthly charges with plan fees, combined compute rows, per-project
compute costs, optional compute credits, and a total monthly estimate.
* **Refactor**
* Simplified the plan update flow by consolidating subscription preview
handling and extracting the invoice UI into the new tooltip component.
* **Chores**
* Improved internal type definitions for subscription preview data and
pricing tier identifiers.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Small bug on https://supabase.com/docs/guides/functions/auth that shows
2 anchors with the same heading active.
## What is the current behavior?
Currently we show case 2 different implementations (raw and with server
sdk) in separate sections. Intentionally we want to show the same
heading under each section so is a 1-1 comparison. The issue is that
anchor links on the second section always point to the first section,
and on the navigation bar, both show as active.
## What is the new behavior?
Fix headings with proper custom anchors.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Enhanced authentication guide documentation with improved section
navigation anchors for better cross-reference linking and accessibility
within guides.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
When migrating to tailwind v4, we introduced a regression on table
styles when hovering a row:
<img width="1190" height="131" alt="image"
src="https://github.com/user-attachments/assets/b84b8968-fa23-42bd-ad84-091fe7ff8d73"
/>
## Solution
Fix the styles:
<img width="1200" height="126" alt="image"
src="https://github.com/user-attachments/assets/df99d215-4fcb-4437-804d-0fc784cd8aaf"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Enhanced table row and cell styling to improve hover effects and
selection state visual feedback, providing clearer and more consistent
interactions when working with tabular data.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Cleanup after shipping https://github.com/supabase/supabase/pull/45389,
the backend is now defaulting to the new v2 `format`, and made `format`
param optional.
So this:
- removes references to `v2` naming, as this is the only format
- removes the `format` query param from the audit logs API calls
## What is the current behavior?
Same audit log functionality shown in
https://github.com/supabase/supabase/pull/45389
## What is the new behavior?
Functionally the same behavior for audit logs.
- [x] Manual test in staging
## Additional context
⚠️ Will leave the `do-not-merge` tag on until:
- [ ] backend `format` optional PR lands in production.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Consolidated audit log type definitions and updated internal API
request formatting for audit endpoints across Account and Organization
audit log components. No changes to user-facing functionality or audit
log display.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Content update: new blog post and feature page copy refresh for
Branching.
## What is the current behavior?
- No blog post exists announcing no-Git branching as the default
workflow.
- The Branching feature page (`/features/branching`) references
"Branching 2.0 (currently in public alpha)" and frames dashboard
branching as secondary to Git-based branching.
## What is the new behavior?
- New blog post: "Branching without Git is now the default"
(`apps/www/_blog/2026-04-branching-without-git-is-now-the-default.mdx`)
- Updated feature page (`apps/www/data/features.tsx`):
- Subtitle: "Test and preview changes using Supabase Branches." → "Test
schema changes without touching production."
- Intro: removes stale alpha framing; leads with dashboard branching as
the default.
- New "Two ways to branch" section covering dashboard and Git-based
workflows side by side.
- "When to use branching" replaces old Benefits/Valuable-for sections;
adds AI agents as a use case.
## Additional context
N/A
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Dashboard-based branching is now the default, letting you create
branches, edit schemas, review diffs, and merge to production without
Git.
* Two branching options offered: Dashboard branching or Git-based
branching (both supported).
* New pg-delta schema diff engine (alpha) powers automatic migration
generation; available in CLI behind a flag.
* AI-driven workflows supported for automatic branch creation and merge
actions.
* **Documentation**
* Updated guides and blog post explaining the new branching options,
workflow, and getting started links.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Ana <ana1337x@users.noreply.github.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Enhanced safety of database query generation for publication and table
definition operations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Closes#45179.
## Summary
`generateCreatePolicyQuery` in `PolicyEditorPanel.utils.ts` builds a
`CREATE POLICY` statement with raw double-quote interpolation for
name/schema/table, then executes it via `useExecuteSqlMutation` from
`PolicyEditorPanel/index.tsx:192`. Any of those values containing a `\"`
character breaks out of the identifier quoting in the executed
statement.
Applies `ident()` to the three identifier interpolations. Same pattern
as #44555 (queue), #44589 (index), #44721 (view autofix), #44723 (auth
hooks). The helper is already used at `Policies.utils.ts:319`.
## Scope
The preview-only SQL in `Policies.utils.ts`
(`createSQLStatementForCreatePolicy` /
`createSQLStatementForUpdatePolicy`) has the same pattern but is not
executed. That string is only rendered in the review modal while the
mutation uses a structured payload. Tracking separately.
## Test plan
- [ ] Create a policy with a name containing a double quote. Verify it
applies correctly with the fix (and produces broken SQL without).
- [ ] Create a policy on a table/schema name containing a double quote.
Same check.
- [ ] Regression: create a plain-named policy. Works as before.
## Summary
Wires the existing `list-page.*` shortcuts up to the Database →
Replication and Database → Migrations pages, so they get the same hotkey
behavior as Roles, Tables, Publications, etc. No new shortcut IDs were
added.
**Migrations page**
- Shift+F → focus the migration search input (label: "Search
migrations")
- F C → clear the search filter
**Replication / Destinations page**
- Shift+F → focus the destinations filter input (label: "Search
destinations")
- F C → clear the filter
- Shift+N → open the Add Destination panel. Wrapped with `<Shortcut>` so
the keybind tooltip shows on hover, and gated on
`!!newDestinationDefaultType` so it stays disabled when no destination
type is available.
Closes
[FE-3141](https://linear.app/supabase/issue/FE-3141/add-shortcuts-for-database-replication-and-migration-page).
## Test plan
- [x] On the Migrations page, press Shift+F → search input focuses &
selects existing text.
- [x] On the Migrations page, type a query then press F C → search
clears.
- [x] On the Replication page, press Shift+F → filter input focuses &
selects.
- [x] On the Replication page, press Shift+N → Add Destination panel
opens (when a destination type is available).
- [x] Hover the "Add destination" button → keybind tooltip shows
Shift+N.
- [x] On the Replication page, type a filter then press F C → filter
clears.
- [x] All four shortcuts appear in Cmd+K under "Shortcuts" while on the
respective page.
- [ ] Disabling list-page shortcuts in Preferences disables them on
these pages too.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added keyboard shortcuts for search field focus and filter reset in
Database Migrations and Destinations pages
* Added keyboard shortcut for "Add destination" action in Destinations
page
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Mark provenance of SQL via the branded types SafeSqlFragment and
UntrustedSqlFragment. Only SafeSqlFragment should be executed;
UntrustedSqlFragments require some kind of implicit user approval (show
on screen + user has to click something) before they are promoted to
SafeSqlFragment.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Editor and RLS tester show loading states for inferred/generated SQL
and include a dedicated user SQL editor for safer edits.
* **Refactor**
* Platform-wide SQL handling tightened: snippets and AI-generated SQL
are treated as untrusted/display-only until promoted, improving safety
and consistency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Adding myself to humans.txt
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
This adds me to humans.txt
## What is the current behavior?
humans.txt currently lacks a line with my name
## What is the new behavior?
humans.txt contains a line with my name
## Additional context
no, thank you
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated team contributors information
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the CONTRIBUTING.md file.
YES
## What kind of change does this PR introduce?
Bug fix
## What is the current behavior?
The query in `sql/indexes.ts` joins `pg_class` with `pg_indexes` using
only the index name:
```sql
JOIN pg_indexes ix ON c.relname = ix.indexname
```
This can lead to incorrect results when multiple schemas contain indexes
with the same name. PostgreSQL allows identical index names across
different schemas, so this join may return the wrong index_definition.
## What is the new behavior?
The join condition now includes the schema name:
```sql
JOIN pg_indexes ix
ON c.relname = ix.indexname
AND n.nspname = ix.schemaname
```
This ensures the correct index_definition is retrieved for each index,
even when duplicate index names exist across schemas.
## Additional context
- Added a test case to verify behavior when the same index name exists
in multiple schemas.
- This change prevents cross-schema collisions and ensures accurate
index metadata retrieval.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved index listing so indexes that share the same name in
different schemas are correctly distinguished and reported.
* **Tests**
* Added a regression test ensuring indexes with identical names in
separate schemas are both detected and contain expected schema-qualified
references.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Charis Lam <26616127+charislam@users.noreply.github.com>
Recent changes to blog pages surfaced existing errors because we stopped
silently swallowing errors. We were not properly handing the case when
the requested slug was not found, now this properly calls notFound()
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Enhanced error handling for missing blog posts to display a proper
"Not Found" page instead of showing an application error when users
attempt to access unavailable blog content.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Fixed some typos
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Fixed typo and corrected markdown link formatting in customer
documentation to improve readability.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
- The Tailwind v4 migration left `bg-_secondary` unresolved, so the WAL
segment of the disk size breakdown bar (and its legend dot) rendered
transparent — visible as the gap between Database and System in the
screenshot on FE-3138.
- Switch both usages to `bg-[hsl(var(--secondary-default))]` to bypass
the broken utility while still pulling from the existing per-theme CSS
variable, restoring the original purple.
Closes
[FE-3138](https://linear.app/supabase/issue/FE-3138/adjust-tiiiny-v4-disk-size-breakdown-ui).
## Test plan
- [x] On a project's Settings → Compute and Disk page, the WAL slice in
the disk size bar renders in purple
- [x] The "WAL" legend dot below the bar matches that purple
- [x] Verify in light, dark, and classic-dark themes
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Updated the visual styling of the WAL segment in the disk space
visualization to improve consistency with the design system's color
palette.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Some quick verbiage changes to the Cofounder case study.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated Cofounder product messaging and platform positioning
narrative.
* Refined descriptions of team structure and infrastructure capabilities
with enhanced product terminology.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
- Adds Claude.ai and ChatGPT as MCP connectors in the existing
`/guides/getting-started/mcp` dropdown
<img width="1511" height="744" alt="Screenshot 2026-05-04 at 14 53 24"
src="https://github.com/user-attachments/assets/8de5b3a4-56e2-45a7-bcce-1051baac30cd"
/>
- Groups all MCP clients into three categories: **Web Clients**
(Claude.ai, ChatGPT, Goose), **AI Agent CLIs** (Claude Code, Codex,
Gemini CLI, Opencode, Factory), **IDE** (Cursor, VS Code, Antigravity,
Kiro, Windsurf)
<img width="1511" height="744" alt="image"
src="https://github.com/user-attachments/assets/eb3ecdaa-878a-4f87-abfe-41a9144db5b8"
/>
- Both connectors use `generateDeepLink` to render a one-click "Connect"
button linking to the Supabase connector directory entry
- Includes external docs links for each connector
- Sets Claude Code as the default selected client
Closes
[AI-699](https://linear.app/supabase/issue/AI-699/add-claudeai-and-chatgpt-connectors-to-mcp-docs)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added Claude.ai and ChatGPT as selectable client options.
* Reorganized the client selector into categorized groups (AI Agent CLI,
Web Clients, IDE) for easier discovery.
* Improved dropdown rendering and selection behavior for more consistent
visuals and interaction.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Render blog posts on server so they are available in initial HTML
response.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* New collapsible sections for blog content
* Server-side MDX compilation for blog posts
* Improved TOC extraction producing both structured JSON and markdown
* **Refactor**
* Blog rendering converted to a server-rendered flow with unified MDX
components
* Tag handling normalized for related-post matching
* **Bug Fixes**
* Consistent image/self-closing tag normalization and corrected TOC
indentation
* Errors are now surfaced instead of being swallowed
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
New case study for Cofounder (General Intelligence). Plan is to publish
when they launch on Monday.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a new Cofounder customer story page with full article, quotes,
assets, and next-steps
* Inserted Cofounder into the customer listings and site feeds
* **UX**
* Product filter labels now show "Supabase for Platforms" for the
platforms product
* **Chores**
* Updated RSS feed metadata to include the new story
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
The link builders in
`apps/studio/components/interfaces/Linter/Linter.utils.tsx` interpolate
`metadata.schema` and `metadata.name` directly into URL query strings. A
schema or table name with `&`, `=`, `+`, or `#` breaks the destination
filter on the linked page because `URLSearchParams` stops at the bare
`&` and decodes `+` to a space.
The `public_bucket_allows_listing` lint at line 338 already wraps
`bucket_id` in `encodeURIComponent`. The other 15 builders did not. This
wraps each `metadata?.schema` and `metadata?.name` interpolation with
`encodeURIComponent(value ?? '')` to match.
Added `Linter.utils.test.tsx` that constructs links with a schema
`a&b=c` and a name `d e+f` and asserts `URLSearchParams` round-trips
them. The bucket precedent is also covered.
Closes#45384
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved URL encoding for navigation links in the linter interface to
ensure proper handling of special characters in database, schema, and
table names.
* **Tests**
* Added test coverage for URL generation functionality in the linter
utility.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the CONTRIBUTING.md file.
YES
## What kind of change does this PR introduce?
Bug fix
## What is the current behavior?
The Realtime Inspector panel breaks at smaller viewport sizes, causing
content
to overflow and overlap, making it unusable on mobile and resized
windows.
Fixes#45464
## What is the new behavior?
The Realtime Inspector panel is now responsive and displays correctly
across
all viewport sizes.
https://github.com/user-attachments/assets/8103a695-b5a1-4498-b523-c25afc0b5b37
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Improved the messages table with enhanced responsive design. The
layout now automatically adapts based on screen size: on mobile and
smaller screens, panes stack vertically for optimal readability; on
larger displays, they appear side-by-side to enable efficient content
comparison and provide a more comprehensive viewing experience.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: Ali Waseem <waseema393@gmail.com>
## Summary
Adds the `O→S` / `Shift+F` / `Shift+N` / `F→C` shortcut set across every
Database listing page, on top of the schema-visualizer pattern from
#45386. Fixes [FE-3131](https://linear.app/supabase/issue/FE-3131).
A shared `list-page.*` registry replaces what would have been a per-page
registry file for each route, and `useShortcut`/`Shortcut` gain a
`label` override so a single ID renders contextually in Cmd+K and hover
tooltips.
## Pages and shortcuts
| Page | `O→S` | `Shift+F` | `Shift+N` | `F→C` |
| --- | --- | --- | --- | --- |
| Tables | Open schema selector | Search tables | Create new table |
Clears search + entity-type filter |
| Functions | Open schema selector | Search functions | Create new
function | Clears search + Return Type + Security |
| Triggers — data | Open schema selector | Search triggers | Create new
trigger | Clears search + Table filter |
| Triggers — event | — | Search event triggers | Create new event
trigger | Clears search + Owner filter |
| Enumerated Types | Open schema selector | Search enumerated types |
Create new enumerated type | Clears search |
| Indexes | Open schema selector | Search indexes | Create new index |
Clears search |
| Roles | — | Search roles | Add new role | Clears search + filter type
→ 'all' |
| Publications | — | Search publications | — | Clears search |
| Extensions | — | Search extensions | — | Clears search |
`Shift+N` only fires when the page-specific gate allows it (permission +
unlocked schema + any other prerequisite like `hasTables` for triggers).
## Test plan
- [ ] On each of the 9 pages, all four shortcuts behave as listed in the
table above
- [ ] Hover the wrapped controls — tooltip shows the page-specific label
and the right keybind badge
- [ ] Open the schema selector via `O→S` — the hover tooltip is
suppressed while the popover is open
- [ ] `Shift+N` is a no-op on locked schemas / when permission is
missing / when a prereq fails (e.g. no tables on Triggers data)
- [ ] `Shift+F` focuses the search input; while focused, Escape clears
(with text) → Escape blurs (when empty)
- [ ] `Cmd+K` shows the page-specific shortcut name while on each page;
the entry goes away on navigation
- [ ] `Mod+/` reference sheet shows one "List pages" group with 4
generic entries
- [ ] No regression to existing schema-visualizer / table-editor /
SQL-editor shortcut behavior
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a dedicated list-page shortcut group in the shortcuts reference.
* **Improvements**
* Keyboard shortcuts across database list pages: focus & select search,
reset filters, and create-new-item shortcuts.
* Escape now clears/searches or blurs inputs to avoid accidental popover
closes.
* Create/new buttons respond to shortcuts when allowed; disabled actions
keep permission tooltips for clarity.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
adding 'Brad Gyger' to humans!
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
More humans!
## What is the current behavior?
Less Humans!
## What is the new behavior?
Bigger = Better
## Additional context
Glad to be here!
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated contributor list to include a new team member.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Upgraded the UUID library to a newer major version across apps and
removed a now-unneeded dev dependency.
* Pinned PostCSS to a workspace-specific version to stabilize builds.
* **Refactor**
* Improved internal identifier generation for more consistent behavior
without changing outward functionality.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated examples and guides to use Supabase publishable (client) keys
instead of anon keys for client-side usage across frameworks and
platforms.
* Renamed environment variable examples and .env templates to reflect
publishable key naming.
* Adjusted sample requests and client-init examples to send/use the
publishable key via the apikey header where applicable.
* Updated references from service_role to secret for server-side
credential guidance.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: fadymak <fady@fadymak.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated Flutter authentication guides (Auth0, AWS Cognito, Clerk, and
Firebase Auth) with corrected Supabase client initialization parameters
in code examples.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
The disk IO exhaustion banner currently warns that the project "may
become unresponsive". That phrasing is vague and non-actionable. The
actual behaviour when EBS burst credits hit zero is deterministic:
sustained throughput is throttled to 5 MB/s until the budget resets.
Users either ignore the warning or wait too long because they cannot
picture what is about to happen.
Reported in [Linear
DEBUG-62](https://linear.app/supabase/issue/DEBUG-62).
## Fix
Rewrite the `disk_io_exhaustion` banner copy in
[ResourceExhaustionWarningBanner.constants.ts](apps/studio/components/ui/ResourceExhaustionWarningBanner/ResourceExhaustionWarningBanner.constants.ts)
to name the throttle floor explicitly:
- **Warning** (about to deplete): "Once exhausted, disk throughput will
be throttled to 5 MB/s until the budget resets."
- **Critical** (depleted): title now reads "Disk throughput is throttled
to 5 MB/s"; description explains the throttle stays until the budget
resets and that upgrading restores full performance.
Card copy on the project list (the compact summary) is unchanged so the
home page does not get noisy.
The banner already renders an "Upgrade compute" primary CTA (via
`correctionUrlVariants.disk_io`), so no button changes are needed.
## Test plan
- [ ] Mock or trigger a `disk_io` warning at the warning level; confirm
new copy renders correctly.
- [ ] Same at critical level; confirm both title and description are
updated.
- [ ] Verify the project list card on the home page still shows the
existing short summary.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Updates**
* Improved disk I/O exhaustion warning messages to clearly communicate
that disk throughput will be throttled to 5 MB/s and explain when
throttling will be lifted. Guidance on upgrading compute or optimizing
disk-intensive queries remains available.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated UI labels and descriptions across the Data API settings to
clarify that default privileges apply to new tables only (removed
references to functions).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
The Max IOPS reference line in the Database Observability report
displays the provisioned disk IOPS, but its tooltip claims it shows the
"Maximum IOPS for your current compute size". The real effective ceiling
is `min(compute IOPS limit, provisioned disk IOPS)`. Users who upgrade
their disk IOPS without upgrading compute see an inflated number and may
draw incorrect conclusions about their IO headroom.
Reported in [Linear
DEBUG-63](https://linear.app/supabase/issue/DEBUG-63) (originally
[FE-2856](https://linear.app/supabase/issue/FE-2856)).
## Fix
In
[apps/studio/data/reports/database-charts.ts](apps/studio/data/reports/database-charts.ts),
use the existing `mapComputeSizeNameToAddonVariantId` +
`COMPUTE_MAX_IOPS` lookup (already used in DiskManagement) to compute
the effective ceiling and pass it as the `disk_iops_max` reference line
value. Tooltip rewritten to match.
```ts
const provisionedDiskIops = diskConfig?.attributes?.iops
const computeIopsLimit =
COMPUTE_MAX_IOPS[mapComputeSizeNameToAddonVariantId(project?.infra_compute_size)]
const effectiveMaxIops =
typeof provisionedDiskIops === 'number' && typeof computeIopsLimit === 'number'
? Math.min(provisionedDiskIops, computeIopsLimit)
: provisionedDiskIops
```
## Test plan
- [ ] On a project where compute IOPS limit < provisioned disk IOPS
(e.g. Micro compute with upgraded disk), confirm the Max IOPS reference
line on `/project/{ref}/observability/database` reflects the compute
limit, not the disk IOPS.
- [ ] On a project where provisioned disk IOPS < compute IOPS limit,
confirm the reference line still shows the disk IOPS.
- [ ] Hover the line and confirm the tooltip reads "Effective maximum
IOPS for your current compute and disk configuration..."
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **Bug Fixes**
* Enhanced IOPS limit calculations in database reports to account for
both compute size and disk provisioning constraints, resulting in more
accurate Max IOPS reference values. Improved chart tooltips to better
reflect the effective combined compute and disk IOPS constraints.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
## Problem
The Database tables filter has a smaller tap-target than its visual
container.
This was probably introduced when we added the Shadcn `input-group`.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Updated internal styling implementation for improved code
maintainability.
---
**Note:** This is a minor internal refactor with no visible changes to
user-facing functionality.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
The SQL Editor was warning about missing RLS even when the same query
enabled it, if the user wrote `ALTER TABLE IF EXISTS ...`. The parser
regex didn't recognise `IF EXISTS` and was capturing `IF` as the table
name, so the RLS event never matched the `CREATE TABLE`.
**Changed:**
- `ALTER TABLE` regex in `sql-event-parser.ts` now accepts the optional
`IF EXISTS` and `ONLY` modifiers, matching Postgres's `ALTER TABLE [ IF
EXISTS ] [ ONLY ] name` grammar.
**Added:**
- Unit tests for `IF EXISTS`, `ONLY`, and both combined.
- Regression test in `SQLEditor.utils.test.ts` using the customer's
exact SQL.
## To test
1. Open the SQL Editor and paste:
```sql
CREATE TABLE IF NOT EXISTS public."Conversations" (id int8 primary key);
ALTER TABLE IF EXISTS public."Conversations" ENABLE ROW LEVEL SECURITY;
```
2. Hit Run – the "table will not have RLS" warning should **not**
appear.
3. Sanity check: a `CREATE TABLE` without any matching `ENABLE ROW LEVEL
SECURITY` still triggers the warning.
Addresses
[FE-3134](https://linear.app/supabase/issue/FE-3134/sql-editor-warns-about-missing-rls-policy-incorrectly).
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Tests**
* Added comprehensive test coverage for Row Level Security detection
across different SQL syntax patterns and clause combinations
* **Bug Fixes**
* Enhanced Row Level Security detection capabilities in the SQL editor
by extending support for additional ALTER TABLE statement syntax
variations, improving the accuracy and completeness of security
configuration recognition
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
## Context
Just happened to pass by this - refactor to use Admonition instead of
Alert + fix spacing + use InlineLink
e.g General settings while on a preview branch
### Before
<img width="795" height="364" alt="image"
src="https://github.com/user-attachments/assets/28ab66ab-bd10-408e-afb5-24e287efc705"
/>
### After
<img width="759" height="349" alt="image"
src="https://github.com/user-attachments/assets/db62925d-f2e2-4c10-9cab-ce8204f2077c"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Preview-branch notices across Settings now use a unified admonition
design with adjusted spacing for improved visual consistency.
* **Refactor**
* Standardized branch-notice layout and inline navigation links across
Addons, General, and Integrations; each notice now links directly to its
respective settings page for clearer navigation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description
Replaces legacy `anon` / `service_role` key references with the new
`publishable` / `secret` naming across SDK spec files under
`apps/docs/spec/`. Mirrors the rename table established by
[supabase-js#2280](https://github.com/supabase/supabase-js/pull/2280),
so the auto-generated reference docs at
supabase.com/docs/reference/{js,dart,kotlin,python,swift} stay
consistent with the SDK source.
## Files changed
| File | Highlights |
| --- | --- |
| `supabase_js_v2.yml` | Rename example vars `anon_key` →
`publishable_key`, `service_role_key` → `secret_key`; admin notes use
`secret`. |
| `supabase_dart_v2.yml` | Rename `anonKey` param → `publishableKey`
(matches the live Flutter SDK — see
[supabase-flutter/supabase.dart#L81](https://github.com/supabase/supabase-flutter/blob/main/packages/supabase_flutter/lib/src/supabase.dart#L81));
update call-site; example var `serviceRoleKey` → `secretKey`; admin
notes use `secret`. |
| `supabase_kt_v2.yml`, `supabase_kt_v3.yml` | Replace
`'publishable-or-anon-key'` placeholders with `'your-publishable-key'`;
admin notes use `secret`; fix `importAuthToken(\"service_role\")` →
`importAuthToken(\"your-secret-key\")` (the Kotlin SDK's
`importAuthToken(accessToken: String, …)` takes a JWT, not a role name).
|
| `supabase_py_v2.yml` | All `service_role` references → `secret`;
example var `service_role_key` → `secret_key`. |
| `supabase_swift_v2.yml` | Replace placeholders with
`'your-publishable-key'`; admin notes use `secret`; example var
`serviceRoleKey` → `secretKey`. |
| `storage_v0_config.yaml` | Rewrite `ANON_KEY` / `SERVICE_KEY` env var
**descriptions** in publishable/secret terms. **Env var names kept** —
see below. |
## Why the storage env var names are unchanged
`storage_v0_config.yaml` documents the env vars used to configure the
storage server (multi-tenant deployments). The `id` and `title` fields
must match the actual env var names the binary reads. The storage server
still reads its config from env vars literally named `ANON_KEY` and
`SERVICE_KEY`:
-
[`storage/src/config.ts#L614`](https://github.com/supabase/storage/blob/master/src/config.ts#L614)
— `getOptionalConfigFromEnv('SERVICE_KEY')`
-
[`storage/src/config.ts#L625`](https://github.com/supabase/storage/blob/master/src/config.ts#L625)
— `getOptionalConfigFromEnv('ANON_KEY')`
There is no `PUBLISHABLE_KEY` / `SECRET_KEY` reader on master. Renaming
the doc IDs would break self-hosted deployments — users following the
docs would set the wrong env var and the storage server would silently
fall back to generating its own JWT. Until the storage server itself
adds publishable/secret env support, only descriptions can be updated.
(Same reasoning for not bumping `storage_v0_config.yaml` →
`storage_v1_config.yaml`: the `_v0_` tracks the storage server's own API
version, paired with `storage_v0_openapi.json` downloaded from
`supabase.github.io/storage/api.json`. The server hasn't shipped a v1
API.)
## What we deliberately did NOT rename
Per the same rules established in supabase-js#2280:
- **JWT role claims** like `role: 'anon'` / `role: 'service_role'` —
these are functional Postgres role names in JWT payloads, not key
labels.
- **Real SDK identifiers** that haven't been renamed in the source (we
only rename in the doc when the underlying SDK rename has shipped). The
Dart `anonKey` rename was safe to apply because the Flutter SDK already
ships `publishableKey` as the preferred named parameter (with `anonKey`
`@Deprecated`).
## Out of scope
- **All `*_v1.yml` SDK spec files** (`supabase_js_v1`,
`supabase_dart_v1`, `supabase_kt_v1`, `supabase_swift_v1`). Older SDK
versions, not worth churning.
- **`cli_v1_commands.yaml`**. This file is auto-generated by the CLI
repo's release workflow
([`cli/tools/bumpdoc/main.go`](https://github.com/supabase/cli/blob/develop/tools/bumpdoc/main.go))
and the example outputs come from
[`cli/docs/templates/examples.yaml`](https://github.com/supabase/cli/blob/develop/docs/templates/examples.yaml)
— embedded in the CLI binary at build time. Any edits we make here would
be clobbered by the next CLI release. The fix needs to land upstream in
the CLI repo (note: the CLI itself already ships publishable/secret
naming in \`supabase status\` output — see
[`cli/internal/status/status.go#L40-L44`](https://github.com/supabase/cli/blob/develop/internal/status/status.go#L40-L44)
— but the doc-generation template is stale).
- **`supabase_csharp_v0.yml` / `supabase_csharp_v1.yml`** — checked,
already neutral. Both files use a generic `SUPABASE_KEY` env var with no
`anon` / `service_role` references.
- **Renaming the legacy Dart `anonKey` parameter itself** — that's an
SDK-side change. The Flutter SDK already exposes `publishableKey` as the
preferred parameter; full removal of `anonKey` will happen in a future
major version per the SDK's own deprecation comment.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Standardized API key naming across SDK docs: use publishable (client)
and secret (server/admin) key terminology
* Updated server-side admin examples and warnings to require secret keys
and emphasize never exposing them in client code
* Unified initialization examples across JavaScript, Dart, Kotlin,
Python, and Swift
* Corrected Storage spec metadata to point to the proper configuration
file
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Bug fix.
## What is the current behavior?
- Safari Table Editor cells fail to copy from a focused cell with `⌘C`.
- Safari right-click can show the browser menu instead of the custom
cell menu.
- Copy can leave RDG's copied-cell fill behind.
## What is the new behavior?
- Reuses the existing shared `copyToClipboard(value, onSuccess)`
pattern, with the Safari clipboard fix inside that util.
- Handles selected-cell `⌘C` in the RDG keydown path, preventing
browser/RDG defaults and showing the success toast only after copy.
- Replaces the row-level synthetic context-menu shim with RDG's
`onCellContextMenu`, so we prevent Safari's browser menu at the source
and select/focus the target cell.
- Keeps the selected-cell outline while the controlled menu is open.
## Additional context
- `RowRenderer` was only supporting the old context-menu shim; removing
it is part of moving to RDG's cell event path.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **New Features**
* Context menu now provides feedback with toast notifications when
copying cells or rows.
* Selected cells retain their visual styling when context menu is open.
* **Bug Fixes**
* Improved keyboard shortcut handling for copy functionality.
* Enhanced clipboard error handling with user-friendly error messages.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Ali Waseem <waseema393@gmail.com>
