mirror of
https://github.com/supabase/supabase.git
synced 2026-06-21 00:06:04 +08:00
2fc062a725
Detects HIPAA customers server-side in the assistant code path. Threads `isHipaaEnabled` boolean through `getOrgAIDetails` → `generate-v4` → `generateAssistantResponse`. The motivation is to support online evals down the road, where we'll want to exclude HIPAA projects from Assistant tracing. This PR follows existing patterns for checking if HIPAA is enabled for a project (org has HIPAA addon + project is sensitive). Example [[1]](a5dd0a9671/apps/studio/components/interfaces/Settings/Addons/Addons.tsx (L75)), [[2]](6858d4e18d/apps/studio/hooks/misc/useOrgOptedIntoAi.ts (L69)). ```ts const hasHipaaAddon = subscriptionHasHipaaAddon(subscription) && settings?.is_sensitive ``` (I call it `isHipaaEnabled` in this PR to avoid it being misunderstood as just the org-level addon, rather it's a combo of that addon being present AND high compliance being enabled on the project). ### Verification steps <details><summary>Click to view the steps I followed to sanity check it works with the local stack</summary> Tested locally with `mise fullstack`: 1. Found my org's subscription ID: ```sh docker exec platform-db-1 psql -U postgres -c "SELECT id, customer_id, status FROM orb.subscriptions;" ``` 2. Added HIPAA addon to it: ```sh docker exec platform-db-1 psql -U postgres -c " UPDATE orb.subscriptions SET price_intervals = price_intervals || '[{\"price\": {\"unit_config\": {\"unit_amount\": \"350.00\"}, \"external_price_id\": \"addon_security_hipaa\", \"item\": {\"name\": \"HIPAA\"}}}]'::jsonb WHERE id = '<subscription_id>';" ``` 2. Toggled on High Compliance (Project Settings → General) 3. Added a temporary log after `getOrgAIDetails` in `generate-v4.ts`: ```ts console.log('[HIPAA]', { isHipaaEnabled }) ``` 4. Sent a message in the AI Assistant → `isHipaaEnabled: true` 5. Toggled off High Compliance → resent → `isHipaaEnabled: false` 6. Removed addon from subscription, left project toggle on → `isHipaaEnabled: false` ```sql -- Find addon index: SELECT ordinality - 1 as idx FROM orb.subscriptions, jsonb_array_elements(price_intervals) WITH ORDINALITY AS elem(val, ordinality) WHERE id = '<subscription_id>' AND val->'price'->>'external_price_id' = 'addon_security_hipaa'; -- Remove by index: UPDATE orb.subscriptions SET price_intervals = price_intervals - <idx> WHERE id = '<subscription_id>'; ``` All three cases confirm `isHipaaEnabled` requires both the org addon and the project-level toggle. </details> Closes AI-434 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added HIPAA mode detection and exposed it in AI workflows. * API request functions now accept optional custom authorization headers for downstream calls. * **Tests** * Added tests covering HIPAA scenarios and verifying authorization header propagation in related flows. <!-- end of auto-generated comment: release notes by coderabbit.ai -->