From 84fb27a795bf32988aed41421b3d42ff2ba35272 Mon Sep 17 00:00:00 2001
From: Greg Richardson <greg.nmr@gmail.com>
Date: Tue, 30 Sep 2025 23:06:46 -0600
Subject: [PATCH 1/9] docs: add mcp to feature status page (#39015)

---
 apps/docs/content/guides/getting-started/features.mdx | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apps/docs/content/guides/getting-started/features.mdx b/apps/docs/content/guides/getting-started/features.mdx
index a2dd8b8bf4912..33cf6c0345bbc 100644
--- a/apps/docs/content/guides/getting-started/features.mdx
+++ b/apps/docs/content/guides/getting-started/features.mdx
@@ -212,6 +212,7 @@ In addition to the Beta requirements, features in GA are covered by the [uptime
 | Platform       | Terraform Provider         | `public alpha` | N/A                                         |
 | Platform       | Read Replicas              | `GA`           | N/A                                         |
 | Platform       | Log Drains                 | `public alpha` | ✅                                          |
+| Platform       | MCP                        | `public alpha` | ✅                                          |
 | Studio         |                            | `GA`           | ✅                                          |
 | Studio         | SSO                        | `GA`           | ✅                                          |
 | Studio         | Column Privileges          | `public alpha` | ✅                                          |

From 715006c4a18ae7ab5c41a20a9af5cd60009db8d2 Mon Sep 17 00:00:00 2001
From: Alaister Young <alaister@users.noreply.github.com>
Date: Wed, 1 Oct 2025 13:51:33 +0800
Subject: [PATCH 2/9] chore: hide edge function examples (#39142)

* chore: hide edge function examples

* Nit

---------

Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
---
 .../EdgeFunctionDetails/EdgeFunctionDetails.tsx     | 13 +++++++++++--
 .../common/enabled-features/enabled-features.json   |  1 +
 .../enabled-features/enabled-features.schema.json   |  4 ++++
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/apps/studio/components/interfaces/Functions/EdgeFunctionDetails/EdgeFunctionDetails.tsx b/apps/studio/components/interfaces/Functions/EdgeFunctionDetails/EdgeFunctionDetails.tsx
index 74aab28e1c10c..2d3f39195b068 100644
--- a/apps/studio/components/interfaces/Functions/EdgeFunctionDetails/EdgeFunctionDetails.tsx
+++ b/apps/studio/components/interfaces/Functions/EdgeFunctionDetails/EdgeFunctionDetails.tsx
@@ -19,6 +19,7 @@ import { useEdgeFunctionQuery } from 'data/edge-functions/edge-function-query'
 import { useEdgeFunctionDeleteMutation } from 'data/edge-functions/edge-functions-delete-mutation'
 import { useEdgeFunctionUpdateMutation } from 'data/edge-functions/edge-functions-update-mutation'
 import { useAsyncCheckPermissions } from 'hooks/misc/useCheckPermissions'
+import { useIsFeatureEnabled } from 'hooks/misc/useIsFeatureEnabled'
 import { DOCS_URL } from 'lib/constants'
 import {
   Alert_Shadcn_,
@@ -65,6 +66,14 @@ export const EdgeFunctionDetails = () => {
     '*'
   )
 
+  const showAllEdgeFunctionInvocationExamples = useIsFeatureEnabled(
+    'edge_functions:show_all_edge_function_invocation_examples'
+  )
+  const invocationTabs = useMemo(() => {
+    if (showAllEdgeFunctionInvocationExamples) return INVOCATION_TABS
+    return INVOCATION_TABS.filter((tab) => tab.id === 'curl' || tab.id === 'supabase-js')
+  }, [showAllEdgeFunctionInvocationExamples])
+
   const { data: apiKeys } = useAPIKeysQuery({ projectRef })
   const { data: settings } = useProjectSettingsV2Query({ projectRef })
   const { data: customDomainData } = useCustomDomainsQuery({ projectRef })
@@ -228,13 +237,13 @@ export const EdgeFunctionDetails = () => {
             <CardContent>
               <Tabs defaultValue="curl" className="w-full">
                 <TabsList className="flex flex-wrap gap-4">
-                  {INVOCATION_TABS.map((tab) => (
+                  {invocationTabs.map((tab) => (
                     <TabsTrigger key={tab.id} value={tab.id}>
                       {tab.label}
                     </TabsTrigger>
                   ))}
                 </TabsList>
-                {INVOCATION_TABS.map((tab) => (
+                {invocationTabs.map((tab) => (
                   <TabsContent key={tab.id} value={tab.id} className="mt-4">
                     <div className="overflow-x-auto">
                       <CodeBlock
diff --git a/packages/common/enabled-features/enabled-features.json b/packages/common/enabled-features/enabled-features.json
index 678d1ef756086..63bdae1417a43 100644
--- a/packages/common/enabled-features/enabled-features.json
+++ b/packages/common/enabled-features/enabled-features.json
@@ -54,6 +54,7 @@
   "docs:web_apps": true,
 
   "edge_functions:show_stripe_example": true,
+  "edge_functions:show_all_edge_function_invocation_examples": true,
 
   "feedback:docs": true,
 
diff --git a/packages/common/enabled-features/enabled-features.schema.json b/packages/common/enabled-features/enabled-features.schema.json
index c0a812e7b504c..04c2925c8c6e5 100644
--- a/packages/common/enabled-features/enabled-features.schema.json
+++ b/packages/common/enabled-features/enabled-features.schema.json
@@ -197,6 +197,10 @@
       "type": "boolean",
       "description": "Show all the Stripe example in edge function templates in the edge functions page."
     },
+    "edge_functions:show_all_edge_function_invocation_examples": {
+      "type": "boolean",
+      "description": "Show all the invocation examples in the edge function details page. (If off, it will only show cURL and Javascript invocation examples)"
+    },
 
     "feedback:docs": {
       "type": "boolean",

From 3f0c68972445f9eebdb424d20299afd28ba1f66e Mon Sep 17 00:00:00 2001
From: Alaister Young <alaister@users.noreply.github.com>
Date: Wed, 1 Oct 2025 14:03:56 +0800
Subject: [PATCH 3/9] chore: disable client libraries in support form (#39143)

* chore: disable client libraries in support form

* Nit

---------

Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
---
 .../interfaces/Support/SupportFormV2.tsx      | 46 ++++++++++++-------
 .../enabled-features/enabled-features.json    |  4 +-
 .../enabled-features.schema.json              |  5 ++
 3 files changed, 38 insertions(+), 17 deletions(-)

diff --git a/apps/studio/components/interfaces/Support/SupportFormV2.tsx b/apps/studio/components/interfaces/Support/SupportFormV2.tsx
index 891d344b5f3ed..7de9cf432ef87 100644
--- a/apps/studio/components/interfaces/Support/SupportFormV2.tsx
+++ b/apps/studio/components/interfaces/Support/SupportFormV2.tsx
@@ -1,5 +1,6 @@
 import { zodResolver } from '@hookform/resolvers/zod'
 import * as Sentry from '@sentry/nextjs'
+import { SupportCategories } from '@supabase/shared-types/out/constants'
 import { AnimatePresence, motion } from 'framer-motion'
 import {
   Book,
@@ -15,12 +16,12 @@ import {
 } from 'lucide-react'
 import Link from 'next/link'
 import { useRouter } from 'next/router'
+import { useQueryState } from 'nuqs'
 import { ChangeEvent, useEffect, useMemo, useRef, useState } from 'react'
 import { SubmitHandler, useForm } from 'react-hook-form'
 import { toast } from 'sonner'
 import * as z from 'zod'
 
-import { SupportCategories } from '@supabase/shared-types/out/constants'
 import { useDocsSearch, useParams, type DocsSearchResult as Page } from 'common'
 import { CLIENT_LIBRARIES } from 'common/constants'
 import CopyButton from 'components/ui/CopyButton'
@@ -34,7 +35,6 @@ import { useIsFeatureEnabled } from 'hooks/misc/useIsFeatureEnabled'
 import { DOCS_URL } from 'lib/constants'
 import { detectBrowser } from 'lib/helpers'
 import { useProfile } from 'lib/profile'
-import { useQueryState } from 'nuqs'
 import {
   Badge,
   Button,
@@ -78,8 +78,8 @@ const MAX_ATTACHMENTS = 5
 const INCLUDE_DISCUSSIONS = ['Problem', 'Database_unresponsive']
 const CONTAINER_CLASSES = 'px-6'
 
-const FormSchema = z
-  .object({
+const createFormSchema = (showClientLibraries: boolean) => {
+  const baseSchema = z.object({
     organizationSlug: z.string().min(1, 'Please select an organization'),
     projectRef: z.string().min(1, 'Please select a project'),
     category: z.string().min(1, 'Please select an issue type'),
@@ -90,15 +90,24 @@ const FormSchema = z
     affectedServices: z.string(),
     allowSupportAccess: z.boolean(),
   })
-  .refine(
-    (data) => {
-      return !(data.category === 'Problem' && data.library === '')
-    },
-    {
-      message: "Please select the library that you're facing issues with",
-      path: ['library'],
-    }
-  )
+
+  if (showClientLibraries) {
+    return baseSchema.refine(
+      (data) => {
+        return !(data.category === 'Problem' && data.library === '')
+      },
+      {
+        message: "Please select the library that you're facing issues with",
+        path: ['library'],
+      }
+    )
+  }
+
+  // When showClientLibraries is false, make library optional and remove the refine validation
+  return baseSchema.extend({
+    library: z.string().optional(),
+  })
+}
 
 const defaultValues = {
   organizationSlug: '',
@@ -142,6 +151,7 @@ export const SupportFormV2 = ({
   const dashboardSentryIssueId = router.query.sid as string
 
   const isBillingEnabled = useIsFeatureEnabled('billing:all')
+  const showClientLibraries = useIsFeatureEnabled('support:show_client_libraries')
 
   const categoryOptions = useMemo(() => {
     return CATEGORY_OPTIONS.filter((option) => {
@@ -162,6 +172,8 @@ export const SupportFormV2 = ({
   const [uploadedFiles, setUploadedFiles] = useState<File[]>([])
   const [uploadedDataUrls, setUploadedDataUrls] = useState<string[]>([])
 
+  const FormSchema = useMemo(() => createFormSchema(showClientLibraries), [showClientLibraries])
+
   const form = useForm<z.infer<typeof FormSchema>>({
     mode: 'onBlur',
     reValidateMode: 'onBlur',
@@ -244,7 +256,9 @@ export const SupportFormV2 = ({
     setIsSubmitting(true)
     const attachments =
       uploadedFiles.length > 0 ? await uploadAttachments(values.projectRef, uploadedFiles) : []
-    const selectedLibrary = CLIENT_LIBRARIES.find((library) => library.language === values.library)
+    const selectedLibrary = values.library
+      ? CLIENT_LIBRARIES.find((library) => library.language === values.library)
+      : undefined
 
     const payload = {
       ...values,
@@ -699,7 +713,7 @@ export const SupportFormV2 = ({
           )}
         </div>
 
-        {category === 'Problem' && (
+        {category === 'Problem' && showClientLibraries && (
           <FormField_Shadcn_
             name="library"
             control={form.control}
@@ -734,7 +748,7 @@ export const SupportFormV2 = ({
           />
         )}
 
-        {library.length > 0 && <LibrarySuggestions library={library} />}
+        {library && library.length > 0 && <LibrarySuggestions library={library} />}
 
         {category !== 'Login_issues' && (
           <FormField_Shadcn_
diff --git a/packages/common/enabled-features/enabled-features.json b/packages/common/enabled-features/enabled-features.json
index 63bdae1417a43..3ecd75981cfaf 100644
--- a/packages/common/enabled-features/enabled-features.json
+++ b/packages/common/enabled-features/enabled-features.json
@@ -103,5 +103,7 @@
   "sdk:python": true,
   "sdk:swift": true,
 
-  "search:fullIndex": true
+  "search:fullIndex": true,
+
+  "support:show_client_libraries": true
 }
diff --git a/packages/common/enabled-features/enabled-features.schema.json b/packages/common/enabled-features/enabled-features.schema.json
index 04c2925c8c6e5..e678d317abcfe 100644
--- a/packages/common/enabled-features/enabled-features.schema.json
+++ b/packages/common/enabled-features/enabled-features.schema.json
@@ -354,6 +354,11 @@
     "search:fullIndex": {
       "type": "boolean",
       "description": "Enable the full search index. When true, uses the  full search; when false, uses the alternate search index."
+    },
+
+    "support:show_client_libraries": {
+      "type": "boolean",
+      "description": "Show the client libraries dropdown input and suggestions in the support form if the category 'API and client libraries' is selected"
     }
   },
   "required": [

From ec78a8d3cf3a1881fd25b5afe3e03a9daf282449 Mon Sep 17 00:00:00 2001
From: Guilherme Souza <grsouza@pm.me>
Date: Wed, 1 Oct 2025 05:08:26 -0300
Subject: [PATCH 4/9] docs: add Flutter documentation for maxAffected and
 linkIdentityWithIdToken (#39132)

---
 .../guides/auth/auth-identity-linking.mdx     |  57 +++++++
 apps/docs/spec/supabase_dart_v2.yml           | 154 ++++++++++++++++++
 2 files changed, 211 insertions(+)

diff --git a/apps/docs/content/guides/auth/auth-identity-linking.mdx b/apps/docs/content/guides/auth/auth-identity-linking.mdx
index aa8a98b22ec44..fe950304c1d5a 100644
--- a/apps/docs/content/guides/auth/auth-identity-linking.mdx
+++ b/apps/docs/content/guides/auth/auth-identity-linking.mdx
@@ -90,6 +90,63 @@ response = supabase.auth.link_identity({'provider': 'google'})
 
 In the example above, the user will be redirected to Google to complete the OAuth2.0 flow. Once the OAuth2.0 flow has completed successfully, the user will be redirected back to the application and the Google identity will be linked to the user. You can enable manual linking from your project's authentication [configuration options](/dashboard/project/_/auth/providers) or by setting the environment variable `GOTRUE_SECURITY_MANUAL_LINKING_ENABLED: true` when self-hosting.
 
+### Link identity with native OAuth (ID token)
+
+<Tabs
+  scrollable
+  size="small"
+  type="underlined"
+  defaultActiveId="js"
+  queryGroup="language"
+>
+<TabPanel id="js" label="JavaScript">
+
+For native mobile applications, you can link an identity using an ID token obtained from a third-party OAuth provider. This is useful when you want to use native OAuth flows (like Google Sign-In or Sign in with Apple) rather than web-based OAuth redirects.
+
+```js
+// Example with Google Sign-In (using a native Google Sign-In library)
+const idToken = 'ID_TOKEN_FROM_GOOGLE'
+const accessToken = 'ACCESS_TOKEN_FROM_GOOGLE'
+
+const { data, error } = await supabase.auth.linkIdentityWithIdToken({
+  provider: 'google',
+  token: idToken,
+  access_token: accessToken,
+})
+```
+
+</TabPanel>
+<$Show if="sdk:dart">
+<TabPanel id="dart" label="Dart">
+
+For Flutter applications, you can link an identity using an ID token obtained from native OAuth packages like `google_sign_in` or `sign_in_with_apple`. Call [`linkIdentityWithIdToken()`](/docs/reference/dart/auth-linkidentitywithidtoken):
+
+```dart
+import 'package:google_sign_in/google_sign_in.dart';
+import 'package:supabase_flutter/supabase_flutter.dart';
+
+// First, obtain the ID token from the native provider
+final GoogleSignIn googleSignIn = GoogleSignIn(
+  clientId: iosClientId,
+  serverClientId: webClientId,
+);
+final googleUser = await googleSignIn.signIn();
+final googleAuth = await googleUser!.authentication;
+
+// Link the Google identity to the current user
+final response = await supabase.auth.linkIdentityWithIdToken(
+  provider: OAuthProvider.google,
+  idToken: googleAuth.idToken!,
+  accessToken: googleAuth.accessToken!,
+);
+```
+
+This method supports the same OAuth providers as `signInWithIdToken()`: Google, Apple, Facebook, Kakao, and Keycloak.
+
+</TabPanel>
+</$Show>
+</Tabs>
+
 ## Unlink an identity
 
 <Tabs
diff --git a/apps/docs/spec/supabase_dart_v2.yml b/apps/docs/spec/supabase_dart_v2.yml
index 0703f7f66c3e5..82de09cd49e33 100644
--- a/apps/docs/spec/supabase_dart_v2.yml
+++ b/apps/docs/spec/supabase_dart_v2.yml
@@ -1352,6 +1352,106 @@ functions:
           // unlink the google identity
           await supabase.auth.unlinkIdentity(googleIdentity);
           ```
+  - id: link-identity-with-id-token
+    title: 'linkIdentityWithIdToken()'
+    description: |
+      Links an identity to an existing user using an ID token obtained from a third-party OAuth provider. This allows linking identities using native OAuth flows (Google, Apple, Facebook, etc.) similar to `signInWithIdToken()` but for linking rather than signing in.
+    notes: |
+      - The **Enable Manual Linking** option must be enabled from your [project's authentication settings](/dashboard/project/_/settings/auth).
+      - The user needs to be signed in to call `linkIdentityWithIdToken()`.
+      - Supports the same OAuth providers as `signInWithIdToken()`: Google, Apple, Facebook, Kakao, and Keycloak.
+      - If the candidate identity is already linked to another user, the operation will fail.
+    params:
+      - name: provider
+        isOptional: false
+        type: OAuthProvider
+        description: The OAuth provider to link the identity from.
+      - name: idToken
+        isOptional: false
+        type: String
+        description: The identity token obtained from the third-party provider.
+      - name: accessToken
+        isOptional: true
+        type: String
+        description: Access token obtained from the third-party provider. Required for Google sign in.
+      - name: nonce
+        isOptional: true
+        type: String
+        description: Raw nonce value used to perform the third-party sign in. Required for Apple sign-in.
+      - name: captchaToken
+        isOptional: true
+        type: String
+        description: The captcha token to be used for captcha verification.
+    examples:
+      - id: link-google-identity
+        name: Link Google identity
+        isSpotlight: true
+        description: |
+          Link a Google identity to the currently signed-in user using native Google Sign-In.
+        code: |
+          ```dart
+          import 'package:google_sign_in/google_sign_in.dart';
+          import 'package:supabase_flutter/supabase_flutter.dart';
+
+          const webClientId = '<web client ID>';
+          const iosClientId = '<iOS client ID>';
+
+          final GoogleSignIn googleSignIn = GoogleSignIn(
+            clientId: iosClientId,
+            serverClientId: webClientId,
+          );
+          final googleUser = await googleSignIn.signIn();
+          final googleAuth = await googleUser!.authentication;
+          final accessToken = googleAuth.accessToken;
+          final idToken = googleAuth.idToken;
+
+          if (accessToken == null) {
+            throw 'No Access Token found.';
+          }
+          if (idToken == null) {
+            throw 'No ID Token found.';
+          }
+
+          final response = await supabase.auth.linkIdentityWithIdToken(
+            provider: OAuthProvider.google,
+            idToken: idToken,
+            accessToken: accessToken,
+          );
+          ```
+      - id: link-apple-identity
+        name: Link Apple identity
+        description: |
+          Link an Apple identity to the currently signed-in user using native Apple Sign In.
+        code: |
+          ```dart
+          import 'package:sign_in_with_apple/sign_in_with_apple.dart';
+          import 'package:supabase_flutter/supabase_flutter.dart';
+          import 'package:crypto/crypto.dart';
+
+          final rawNonce = supabase.auth.generateRawNonce();
+          final hashedNonce = sha256.convert(utf8.encode(rawNonce)).toString();
+
+          final credential = await SignInWithApple.getAppleIDCredential(
+            scopes: [
+              AppleIDAuthorizationScopes.email,
+              AppleIDAuthorizationScopes.fullName,
+            ],
+            nonce: hashedNonce,
+          );
+
+          final idToken = credential.identityToken;
+          if (idToken == null) {
+            throw const AuthException(
+              'Could not find ID Token from generated credential.',
+            );
+          }
+
+          final response = await supabase.auth.linkIdentityWithIdToken(
+            provider: OAuthProvider.apple,
+            idToken: idToken,
+            nonce: rawNonce,
+          );
+          ```
   - id: send-password-reauthentication
     title: 'reauthenticate()'
     notes: |
@@ -4917,6 +5017,60 @@ functions:
             }
           ]
           ```
+  - id: max-affected
+    title: maxAffected()
+    description: |
+      Sets the maximum number of rows that can be affected by the query. Only effective with PATCH and DELETE operations. Requires PostgREST v13 or higher.
+
+      When the limit is exceeded, the query will fail with an error. This provides a safety mechanism to prevent accidentally affecting more rows than intended.
+    notes: |
+      - This method is only effective with UPDATE and DELETE operations.
+      - Requires PostgREST v13 or higher on your Supabase instance.
+      - If the number of affected rows exceeds the limit, the query will fail and no rows will be modified.
+    params:
+      - name: count
+        isOptional: false
+        type: int
+        description: The maximum number of rows that can be affected by the query.
+    examples:
+      - id: with-update
+        name: With update()
+        isSpotlight: true
+        code: |
+          ```dart
+          await supabase
+            .from('users')
+            .update({'active': false})
+            .eq('status', 'inactive')
+            .maxAffected(5);
+          ```
+        description: |
+          Limit the number of rows that can be updated. If more than 5 rows match the filter, the operation will fail.
+      - id: with-delete
+        name: With delete()
+        code: |
+          ```dart
+          await supabase
+            .from('users')
+            .delete()
+            .eq('active', false)
+            .maxAffected(10);
+          ```
+        description: |
+          Limit the number of rows that can be deleted. If more than 10 rows match the filter, the operation will fail.
+      - id: with-select
+        name: With select()
+        code: |
+          ```dart
+          final data = await supabase
+            .from('users')
+            .update({'status': 'INACTIVE'})
+            .eq('id', 1)
+            .maxAffected(1)
+            .select();
+          ```
+        description: |
+          Combine maxAffected with select() to limit affected rows and return the updated data.
   - id: single
     title: single()
     description: |

From 026eb8fb52abafbcb480d9718e031317ae9f2cac Mon Sep 17 00:00:00 2001
From: Guilherme Souza <grsouza@pm.me>
Date: Wed, 1 Oct 2025 05:08:39 -0300
Subject: [PATCH 5/9] docs(swift): add documentation for new Swift SDK features
 (#39133)

---
 apps/docs/spec/supabase_swift_v2.yml | 87 ++++++++++++++++++++++++++++
 1 file changed, 87 insertions(+)

diff --git a/apps/docs/spec/supabase_swift_v2.yml b/apps/docs/spec/supabase_swift_v2.yml
index b819da8f36b18..ff6477548e808 100644
--- a/apps/docs/spec/supabase_swift_v2.yml
+++ b/apps/docs/spec/supabase_swift_v2.yml
@@ -931,6 +931,42 @@ functions:
             // custom URL opening logic
           }
           ```
+  - id: link-identity-with-id-token
+    title: 'linkIdentityWithIdToken()'
+    notes: |
+      - The **Enable Manual Linking** option must be enabled from your [project's authentication settings](/dashboard/project/_/settings/auth).
+      - The user needs to be signed in to call `linkIdentityWithIdToken()`.
+      - If the candidate identity is already linked to the existing user or another user, `linkIdentityWithIdToken()` will fail.
+      - This method allows you to link an OIDC identity using an ID token obtained from a provider like Apple, Google, etc.
+    examples:
+      - id: link-identity-with-id-token
+        name: Link an OIDC identity using an ID token
+        isSpotlight: true
+        code: |
+          ```swift
+          try await supabase.auth.linkIdentityWithIdToken(
+            credentials: OpenIDConnectCredentials(
+              provider: .apple,
+              idToken: idToken
+            )
+          )
+          ```
+        description: |
+          Link an OpenID Connect identity to the current user using an ID token. This is useful when you've obtained an ID token from a provider's SDK (like Sign in with Apple) and want to link it to the current user's account.
+      - id: link-identity-with-id-token-and-nonce
+        name: Link an OIDC identity with nonce
+        code: |
+          ```swift
+          try await supabase.auth.linkIdentityWithIdToken(
+            credentials: OpenIDConnectCredentials(
+              provider: .apple,
+              idToken: idToken,
+              nonce: nonce
+            )
+          )
+          ```
+        description: |
+          For providers that support nonce verification (like Apple), you can include the nonce used during authentication.
   - id: unlink-identity
     title: 'unlinkIdentity()'
     notes: |
@@ -3750,6 +3786,57 @@ functions:
         hideCodeBlock: true
         isSpotlight: true
 
+  - id: max-affected
+    title: maxAffected()
+    description: |
+      Set the maximum number of rows that can be affected by the query.
+
+      Only available in PostgREST v13+ and only works with PATCH, DELETE methods and RPC calls.
+    notes: |
+      - This method sets `handling=strict` and `max-affected=<value>` headers for row limit enforcement.
+      - Only use with UPDATE (PATCH), DELETE operations, or RPC calls that modify data.
+      - If the query would affect more rows than specified, PostgREST will return an error.
+      - This is useful for preventing accidental bulk updates or deletes.
+    examples:
+      - id: with-update
+        name: With `update()`
+        code: |
+          ```swift
+          try await supabase
+            .from("users")
+            .update(["status": "active"])
+            .eq("id", value: 1)
+            .maxAffected(1)
+            .execute()
+          ```
+        description: |
+          Ensure that only one row is updated. If the query would update more than one row, an error is returned.
+        isSpotlight: true
+      - id: with-delete
+        name: With `delete()`
+        code: |
+          ```swift
+          try await supabase
+            .from("users")
+            .delete()
+            .in("id", values: [1, 2, 3])
+            .maxAffected(3)
+            .execute()
+          ```
+        description: |
+          Ensure that only three rows are deleted. If the query would delete more than three rows, an error is returned.
+      - id: with-rpc
+        name: With `rpc()`
+        code: |
+          ```swift
+          try await supabase
+            .rpc("delete_inactive_users")
+            .maxAffected(10)
+            .execute()
+          ```
+        description: |
+          Ensure that the RPC call affects at most 10 rows. Useful for limiting the impact of stored procedures.
+
   - id: single
     title: single()
     description: |

From 2ec278a02260afb11518c6a4726555dda15b2a19 Mon Sep 17 00:00:00 2001
From: Guilherme Souza <grsouza@pm.me>
Date: Wed, 1 Oct 2025 05:08:51 -0300
Subject: [PATCH 6/9] docs: document automatic presence enablement in Python
 client (#39129)

---
 apps/docs/spec/supabase_py_v2.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apps/docs/spec/supabase_py_v2.yml b/apps/docs/spec/supabase_py_v2.yml
index 31f21f040112f..137014918b669 100644
--- a/apps/docs/spec/supabase_py_v2.yml
+++ b/apps/docs/spec/supabase_py_v2.yml
@@ -6832,6 +6832,7 @@ functions:
     title: on().subscribe()
     notes: |
       - By default, Broadcast and Presence are enabled for all projects.
+      - Presence is automatically enabled when you attach presence callbacks (`on_presence_sync()`, `on_presence_join()`, or `on_presence_leave()`). If you add presence callbacks to an already joined channel, the channel will automatically resubscribe with presence enabled.
       - By default, listening to database changes is disabled for new projects due to database performance and security concerns. You can turn it on by managing Realtime's [replication](/docs/guides/api#realtime-api-overview).
       - You can receive the "previous" data for updates and deletes by setting the table's `REPLICA IDENTITY` to `FULL` (e.g., `ALTER TABLE your_table REPLICA IDENTITY FULL;`).
       - Row level security is not applied to delete statements. When RLS is enabled and replica identity is set to full, only the primary key is sent to clients.

From 69e346d4301ab2442c6f4a9430b0379de0f3dc68 Mon Sep 17 00:00:00 2001
From: Guilherme Souza <grsouza@pm.me>
Date: Wed, 1 Oct 2025 05:09:09 -0300
Subject: [PATCH 7/9] docs: add max_affected() method to Python client
 reference (#39128)

---
 apps/docs/spec/supabase_py_v2.yml | 92 +++++++++++++++++++++++++++++++
 1 file changed, 92 insertions(+)

diff --git a/apps/docs/spec/supabase_py_v2.yml b/apps/docs/spec/supabase_py_v2.yml
index 137014918b669..2798e55e69817 100644
--- a/apps/docs/spec/supabase_py_v2.yml
+++ b/apps/docs/spec/supabase_py_v2.yml
@@ -6076,6 +6076,98 @@ functions:
           }
           ```
         hideCodeBlock: true
+  - id: max-affected
+    title: max_affected()
+    description: |
+      Set the maximum number of rows that can be affected by an update or delete operation.
+      If the query would affect more rows than the specified limit, the operation will fail with an error.
+
+      This uses PostgREST's `Prefer: max-affected` header with `handling=strict`.
+    notes: |
+      - Only available in PostgREST v13+
+      - Only works with PATCH (update) and DELETE methods
+      - The operation will fail if it would affect more rows than specified
+    params:
+      - name: value
+        isOptional: false
+        type: int
+        description: The maximum number of rows that can be affected
+    examples:
+      - id: with-update
+        name: Limit affected rows on update
+        code: |
+          ```python
+          response = (
+              supabase.table("planets")
+              .update({"name": "Updated"})
+              .eq("id", 1)
+              .max_affected(1)
+              .execute()
+          )
+          ```
+        data:
+          sql: |
+            ```sql
+            create table
+              planets (id int8 primary key, name text);
+
+            insert into
+              planets (id, name)
+            values
+              (1, 'Mercury'),
+              (2, 'Earth');
+            ```
+        response: |
+          ```json
+          {
+            "data": [
+              {
+                "id": 1,
+                "name": "Updated"
+              }
+            ],
+            "count": null
+          }
+          ```
+        hideCodeBlock: true
+        isSpotlight: true
+      - id: with-delete
+        name: Limit affected rows on delete
+        code: |
+          ```python
+          response = (
+              supabase.table("planets")
+              .delete()
+              .eq("id", 1)
+              .max_affected(1)
+              .execute()
+          )
+          ```
+        data:
+          sql: |
+            ```sql
+            create table
+              planets (id int8 primary key, name text);
+
+            insert into
+              planets (id, name)
+            values
+              (1, 'Mercury'),
+              (2, 'Earth');
+            ```
+        response: |
+          ```json
+          {
+            "data": [
+              {
+                "id": 1,
+                "name": "Mercury"
+              }
+            ],
+            "count": null
+          }
+          ```
+        hideCodeBlock: true
   - id: using-modifiers
     title: Using Modifiers
     description: |

From f4c8ab62da6579eac775f7fde96a02d91cbe4c18 Mon Sep 17 00:00:00 2001
From: Stojan Dimitrovski <sdimitrovski@gmail.com>
Date: Wed, 1 Oct 2025 10:44:25 +0200
Subject: [PATCH 8/9] fix: enabled/disabled indicator for web3 (#38709)

---
 .../interfaces/Auth/AuthProvidersForm/AuthProvidersForm.tsx  | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/apps/studio/components/interfaces/Auth/AuthProvidersForm/AuthProvidersForm.tsx b/apps/studio/components/interfaces/Auth/AuthProvidersForm/AuthProvidersForm.tsx
index 65adb7ac94740..024121b862e51 100644
--- a/apps/studio/components/interfaces/Auth/AuthProvidersForm/AuthProvidersForm.tsx
+++ b/apps/studio/components/interfaces/Auth/AuthProvidersForm/AuthProvidersForm.tsx
@@ -86,7 +86,10 @@ export const AuthProvidersForm = () => {
               } else if (providerSchema.title === 'Slack (OIDC)') {
                 isActive = authConfig && (authConfig as any)['EXTERNAL_SLACK_OIDC_ENABLED']
               } else if (providerSchema.title.includes('Web3')) {
-                isActive = authConfig && (authConfig as any)['EXTERNAL_WEB3_SOLANA_ENABLED']
+                isActive =
+                  authConfig &&
+                  ((authConfig as any)['EXTERNAL_WEB3_SOLANA_ENABLED'] ||
+                    (authConfig as any)['EXTERNAL_WEB3_ETHEREUM_ENABLED'])
               } else {
                 isActive =
                   authConfig &&

From a2f695547ba40623ec61593093844d09610654c5 Mon Sep 17 00:00:00 2001
From: Joshen Lim <joshenlimek@gmail.com>
Date: Wed, 1 Oct 2025 17:26:47 +0800
Subject: [PATCH 9/9] Fix auth pages error state consistency and missing
 loading states (#39092)

---
 .../Auth/AdvancedAuthSettingsForm.tsx         |  35 +++--
 .../interfaces/Auth/AuditLogsForm.tsx         |  33 ++--
 .../AuthProvidersForm/AuthProvidersForm.tsx   | 148 +++++++++---------
 .../BasicAuthSettingsForm.tsx                 |  10 +-
 .../Auth/EmailTemplates/EmailTemplates.tsx    |   6 +-
 .../interfaces/Auth/Hooks/HooksListing.tsx    |  26 ++-
 .../MfaAuthSettingsForm.tsx                   |  32 +++-
 .../ProtectionAuthSettingsForm.tsx            |  35 +++--
 .../interfaces/Auth/RateLimits/RateLimits.tsx |  18 ++-
 .../Auth/RedirectUrls/RedirectUrls.tsx        |  18 +--
 .../SessionsAuthSettingsForm.tsx              |  35 +++--
 .../interfaces/Auth/SiteUrl/SiteUrl.tsx       |  29 ++--
 .../interfaces/Auth/SmtpForm/SmtpForm.tsx     |  16 +-
 .../pages/project/[ref]/auth/audit-logs.tsx   |  12 +-
 14 files changed, 273 insertions(+), 180 deletions(-)

diff --git a/apps/studio/components/interfaces/Auth/AdvancedAuthSettingsForm.tsx b/apps/studio/components/interfaces/Auth/AdvancedAuthSettingsForm.tsx
index 26bd90de84dbf..f52b241cb08bf 100644
--- a/apps/studio/components/interfaces/Auth/AdvancedAuthSettingsForm.tsx
+++ b/apps/studio/components/interfaces/Auth/AdvancedAuthSettingsForm.tsx
@@ -7,6 +7,7 @@ import * as z from 'zod'
 
 import { useParams } from 'common'
 import { ScaffoldSection, ScaffoldSectionTitle } from 'components/layouts/Scaffold'
+import AlertError from 'components/ui/AlertError'
 import { StringNumberOrNull } from 'components/ui/Forms/Form.constants'
 import NoPermission from 'components/ui/NoPermission'
 import UpgradeToPro from 'components/ui/UpgradeToPro'
@@ -16,9 +17,6 @@ import { useAsyncCheckPermissions } from 'hooks/misc/useCheckPermissions'
 import { useSelectedOrganizationQuery } from 'hooks/misc/useSelectedOrganization'
 import { IS_PLATFORM } from 'lib/constants'
 import {
-  AlertDescription_Shadcn_,
-  AlertTitle_Shadcn_,
-  Alert_Shadcn_,
   Button,
   Card,
   CardContent,
@@ -28,8 +26,8 @@ import {
   Form_Shadcn_,
   Input_Shadcn_,
   PrePostTab,
-  WarningIcon,
 } from 'ui'
+import { GenericSkeletonLoader } from 'ui-patterns'
 import { FormItemLayout } from 'ui-patterns/form/FormItemLayout/FormItemLayout'
 
 const FormSchema = z.object({
@@ -55,7 +53,12 @@ export const AdvancedAuthSettingsForm = () => {
   const [isUpdatingRequestDurationForm, setIsUpdatingRequestDurationForm] = useState(false)
   const [isUpdatingDatabaseForm, setIsUpdatingDatabaseForm] = useState(false)
 
-  const { data: authConfig, error: authConfigError, isError } = useAuthConfigQuery({ projectRef })
+  const {
+    data: authConfig,
+    error: authConfigError,
+    isError,
+    isLoading,
+  } = useAuthConfigQuery({ projectRef })
 
   const { mutate: updateAuthConfig } = useAuthConfigUpdateMutation()
 
@@ -148,16 +151,26 @@ export const AdvancedAuthSettingsForm = () => {
 
   if (isError) {
     return (
-      <Alert_Shadcn_ variant="destructive">
-        <WarningIcon />
-        <AlertTitle_Shadcn_>Failed to retrieve auth configuration</AlertTitle_Shadcn_>
-        <AlertDescription_Shadcn_>{authConfigError.message}</AlertDescription_Shadcn_>
-      </Alert_Shadcn_>
+      <ScaffoldSection isFullWidth>
+        <AlertError error={authConfigError} subject="Failed to retrieve auth configuration" />
+      </ScaffoldSection>
     )
   }
 
   if (!canReadConfig) {
-    return <NoPermission resourceText="view auth configuration settings" />
+    return (
+      <ScaffoldSection isFullWidth>
+        <NoPermission resourceText="view auth configuration settings" />
+      </ScaffoldSection>
+    )
+  }
+
+  if (isLoading) {
+    return (
+      <ScaffoldSection isFullWidth>
+        <GenericSkeletonLoader />
+      </ScaffoldSection>
+    )
   }
 
   return (
diff --git a/apps/studio/components/interfaces/Auth/AuditLogsForm.tsx b/apps/studio/components/interfaces/Auth/AuditLogsForm.tsx
index b3e9ccded3448..1630654eae40a 100644
--- a/apps/studio/components/interfaces/Auth/AuditLogsForm.tsx
+++ b/apps/studio/components/interfaces/Auth/AuditLogsForm.tsx
@@ -7,6 +7,7 @@ import { boolean, object } from 'yup'
 
 import { useParams } from 'common'
 import { ScaffoldSection, ScaffoldSectionTitle } from 'components/layouts/Scaffold'
+import AlertError from 'components/ui/AlertError'
 import { InlineLink } from 'components/ui/InlineLink'
 import { useAuthConfigQuery } from 'data/auth/auth-config-query'
 import { useAuthConfigUpdateMutation } from 'data/auth/auth-config-update-mutation'
@@ -14,9 +15,6 @@ import { useTablesQuery } from 'data/tables/tables-query'
 import { useAsyncCheckPermissions } from 'hooks/misc/useCheckPermissions'
 import { useSelectedProjectQuery } from 'hooks/misc/useSelectedProject'
 import {
-  AlertDescription_Shadcn_,
-  AlertTitle_Shadcn_,
-  Alert_Shadcn_,
   Button,
   Card,
   CardContent,
@@ -25,9 +23,8 @@ import {
   FormField_Shadcn_,
   Form_Shadcn_,
   Switch,
-  WarningIcon,
 } from 'ui'
-import { Admonition } from 'ui-patterns'
+import { Admonition, GenericSkeletonLoader } from 'ui-patterns'
 import { FormItemLayout } from 'ui-patterns/form/FormItemLayout/FormItemLayout'
 
 const schema = object({
@@ -53,7 +50,12 @@ export const AuditLogsForm = () => {
   })
   const auditLogTable = tables.find((x) => x.name === AUDIT_LOG_ENTRIES_TABLE)
 
-  const { data: authConfig, error: authConfigError, isError } = useAuthConfigQuery({ projectRef })
+  const {
+    data: authConfig,
+    error: authConfigError,
+    isError,
+    isLoading,
+  } = useAuthConfigQuery({ projectRef })
 
   const { mutate: updateAuthConfig, isLoading: isUpdatingConfig } = useAuthConfigUpdateMutation({
     onError: (error) => {
@@ -85,11 +87,20 @@ export const AuditLogsForm = () => {
 
   if (isError) {
     return (
-      <Alert_Shadcn_ variant="destructive">
-        <WarningIcon />
-        <AlertTitle_Shadcn_>Failed to retrieve auth configuration</AlertTitle_Shadcn_>
-        <AlertDescription_Shadcn_>{authConfigError.message}</AlertDescription_Shadcn_>
-      </Alert_Shadcn_>
+      <ScaffoldSection isFullWidth>
+        <AlertError
+          error={authConfigError}
+          subject="Failed to retrieve auth configuration for hooks"
+        />
+      </ScaffoldSection>
+    )
+  }
+
+  if (isLoading) {
+    return (
+      <ScaffoldSection isFullWidth>
+        <GenericSkeletonLoader />
+      </ScaffoldSection>
     )
   }
 
diff --git a/apps/studio/components/interfaces/Auth/AuthProvidersForm/AuthProvidersForm.tsx b/apps/studio/components/interfaces/Auth/AuthProvidersForm/AuthProvidersForm.tsx
index 024121b862e51..178a94789a61c 100644
--- a/apps/studio/components/interfaces/Auth/AuthProvidersForm/AuthProvidersForm.tsx
+++ b/apps/studio/components/interfaces/Auth/AuthProvidersForm/AuthProvidersForm.tsx
@@ -7,10 +7,10 @@ import {
   ScaffoldSectionDescription,
   ScaffoldSectionTitle,
 } from 'components/layouts/Scaffold'
+import AlertError from 'components/ui/AlertError'
 import { ResourceList } from 'components/ui/Resource/ResourceList'
 import { HorizontalShimmerWithIcon } from 'components/ui/Shimmers/Shimmers'
 import { useAuthConfigQuery } from 'data/auth/auth-config-query'
-import { DOCS_URL } from 'lib/constants'
 import {
   Alert_Shadcn_,
   AlertDescription_Shadcn_,
@@ -39,82 +39,82 @@ export const AuthProvidersForm = () => {
         Authenticate your users through a suite of providers and login methods
       </ScaffoldSectionDescription>
 
-      <div className="-space-y-px">
-        {authConfig?.EXTERNAL_EMAIL_ENABLED && authConfig?.MAILER_OTP_EXP > 3600 && (
-          <Alert_Shadcn_
-            className="flex w-full items-center justify-between my-3"
-            variant="warning"
-          >
-            <WarningIcon />
-            <div>
-              <AlertTitle_Shadcn_>OTP expiry exceeds recommended threshold</AlertTitle_Shadcn_>
-              <AlertDescription_Shadcn_ className="flex flex-col gap-y-3">
-                <p>
-                  We have detected that you have enabled the email provider with the OTP expiry set
-                  to more than an hour. It is recommended to set this value to less than an hour.
-                </p>
-                <Button asChild type="default" className="w-min" icon={<ExternalLink />}>
-                  <Link href={`${DOCS_URL}/guides/platform/going-into-prod#security`}>
-                    View security recommendations
-                  </Link>
-                </Button>
-              </AlertDescription_Shadcn_>
-            </div>
-          </Alert_Shadcn_>
-        )}
-        <ResourceList>
-          {isLoading &&
-            PROVIDERS_SCHEMAS.map((provider) => (
-              <div
-                key={`provider_${provider.title}`}
-                className="py-4 px-6 border-b last:border-b-none"
-              >
-                <HorizontalShimmerWithIcon />
-              </div>
-            ))}
-          {isSuccess &&
-            PROVIDERS_SCHEMAS.map((provider) => {
-              const providerSchema =
-                provider.title === 'Phone'
-                  ? { ...provider, validationSchema: getPhoneProviderValidationSchema(authConfig) }
-                  : provider
-              let isActive = false
-              if (providerSchema.title === 'SAML 2.0') {
-                isActive = authConfig && (authConfig as any)['SAML_ENABLED']
-              } else if (providerSchema.title === 'LinkedIn (OIDC)') {
-                isActive = authConfig && (authConfig as any)['EXTERNAL_LINKEDIN_OIDC_ENABLED']
-              } else if (providerSchema.title === 'Slack (OIDC)') {
-                isActive = authConfig && (authConfig as any)['EXTERNAL_SLACK_OIDC_ENABLED']
-              } else if (providerSchema.title.includes('Web3')) {
-                isActive =
-                  authConfig &&
-                  ((authConfig as any)['EXTERNAL_WEB3_SOLANA_ENABLED'] ||
-                    (authConfig as any)['EXTERNAL_WEB3_ETHEREUM_ENABLED'])
-              } else {
-                isActive =
-                  authConfig &&
-                  (authConfig as any)[`EXTERNAL_${providerSchema.title.toUpperCase()}_ENABLED`]
-              }
-              return (
-                <ProviderForm
-                  key={`provider_${providerSchema.title}`}
-                  config={authConfig!}
-                  provider={providerSchema as unknown as Provider}
-                  isActive={isActive}
-                />
-              )
-            })}
-          {isError && (
-            <Alert_Shadcn_ variant="destructive">
+      {isError ? (
+        <AlertError
+          error={authConfigError}
+          subject="Failed to retrieve auth configuration for hooks"
+        />
+      ) : (
+        <div className="-space-y-px">
+          {authConfig?.EXTERNAL_EMAIL_ENABLED && authConfig?.MAILER_OTP_EXP > 3600 && (
+            <Alert_Shadcn_
+              className="flex w-full items-center justify-between my-3"
+              variant="warning"
+            >
               <WarningIcon />
-              <AlertTitle_Shadcn_>Failed to retrieve auth configuration</AlertTitle_Shadcn_>
-              <AlertDescription_Shadcn_>
-                {(authConfigError as any)?.message}
-              </AlertDescription_Shadcn_>
+              <div>
+                <AlertTitle_Shadcn_>OTP expiry exceeds recommended threshold</AlertTitle_Shadcn_>
+                <AlertDescription_Shadcn_ className="flex flex-col gap-y-3">
+                  <p>
+                    We have detected that you have enabled the email provider with the OTP expiry
+                    set to more than an hour. It is recommended to set this value to less than an
+                    hour.
+                  </p>
+                  <Button asChild type="default" className="w-min" icon={<ExternalLink />}>
+                    <Link href="https://supabase.com/docs/guides/platform/going-into-prod#security">
+                      View security recommendations
+                    </Link>
+                  </Button>
+                </AlertDescription_Shadcn_>
+              </div>
             </Alert_Shadcn_>
           )}
-        </ResourceList>
-      </div>
+
+          <ResourceList>
+            {isLoading &&
+              PROVIDERS_SCHEMAS.map((provider) => (
+                <div
+                  key={`provider_${provider.title}`}
+                  className="py-4 px-6 border-b last:border-b-none"
+                >
+                  <HorizontalShimmerWithIcon />
+                </div>
+              ))}
+            {isSuccess &&
+              PROVIDERS_SCHEMAS.map((provider) => {
+                const providerSchema =
+                  provider.title === 'Phone'
+                    ? {
+                        ...provider,
+                        validationSchema: getPhoneProviderValidationSchema(authConfig),
+                      }
+                    : provider
+                let isActive = false
+                if (providerSchema.title === 'SAML 2.0') {
+                  isActive = authConfig && (authConfig as any)['SAML_ENABLED']
+                } else if (providerSchema.title === 'LinkedIn (OIDC)') {
+                  isActive = authConfig && (authConfig as any)['EXTERNAL_LINKEDIN_OIDC_ENABLED']
+                } else if (providerSchema.title === 'Slack (OIDC)') {
+                  isActive = authConfig && (authConfig as any)['EXTERNAL_SLACK_OIDC_ENABLED']
+                } else if (providerSchema.title.includes('Web3')) {
+                  isActive = authConfig && (authConfig as any)['EXTERNAL_WEB3_SOLANA_ENABLED']
+                } else {
+                  isActive =
+                    authConfig &&
+                    (authConfig as any)[`EXTERNAL_${providerSchema.title.toUpperCase()}_ENABLED`]
+                }
+                return (
+                  <ProviderForm
+                    key={`provider_${providerSchema.title}`}
+                    config={authConfig!}
+                    provider={providerSchema as unknown as Provider}
+                    isActive={isActive}
+                  />
+                )
+              })}
+          </ResourceList>
+        </div>
+      )}
     </ScaffoldSection>
   )
 }
diff --git a/apps/studio/components/interfaces/Auth/BasicAuthSettingsForm/BasicAuthSettingsForm.tsx b/apps/studio/components/interfaces/Auth/BasicAuthSettingsForm/BasicAuthSettingsForm.tsx
index 3717cad6b9ed7..3bdb420931859 100644
--- a/apps/studio/components/interfaces/Auth/BasicAuthSettingsForm/BasicAuthSettingsForm.tsx
+++ b/apps/studio/components/interfaces/Auth/BasicAuthSettingsForm/BasicAuthSettingsForm.tsx
@@ -9,6 +9,7 @@ import { boolean, object, string } from 'yup'
 
 import { useParams } from 'common'
 import { ScaffoldSection, ScaffoldSectionTitle } from 'components/layouts/Scaffold'
+import AlertError from 'components/ui/AlertError'
 import { InlineLink } from 'components/ui/InlineLink'
 import NoPermission from 'components/ui/NoPermission'
 import { useAuthConfigQuery } from 'data/auth/auth-config-query'
@@ -117,11 +118,10 @@ export const BasicAuthSettingsForm = () => {
       <ScaffoldSectionTitle className="mb-4">User Signups</ScaffoldSectionTitle>
 
       {isError && (
-        <Alert_Shadcn_ variant="destructive">
-          <WarningIcon />
-          <AlertTitle_Shadcn_>Failed to retrieve auth configuration</AlertTitle_Shadcn_>
-          <AlertDescription_Shadcn_>{authConfigError.message}</AlertDescription_Shadcn_>
-        </Alert_Shadcn_>
+        <AlertError
+          error={authConfigError}
+          subject="Failed to retrieve auth configuration for hooks"
+        />
       )}
 
       {isPermissionsLoaded && !canReadConfig && (
diff --git a/apps/studio/components/interfaces/Auth/EmailTemplates/EmailTemplates.tsx b/apps/studio/components/interfaces/Auth/EmailTemplates/EmailTemplates.tsx
index 82875d1ff7b09..71b8164e6948e 100644
--- a/apps/studio/components/interfaces/Auth/EmailTemplates/EmailTemplates.tsx
+++ b/apps/studio/components/interfaces/Auth/EmailTemplates/EmailTemplates.tsx
@@ -25,7 +25,11 @@ export const EmailTemplates = () => {
   return (
     <div className="w-full">
       {isError && (
-        <AlertError error={authConfigError} subject="Failed to retrieve auth configuration" />
+        <AlertError
+          className="mt-12"
+          error={authConfigError}
+          subject="Failed to retrieve auth configuration"
+        />
       )}
       {isLoading && (
         <div className="w-[854px] mt-12">
diff --git a/apps/studio/components/interfaces/Auth/Hooks/HooksListing.tsx b/apps/studio/components/interfaces/Auth/Hooks/HooksListing.tsx
index ac4fc3e093e9c..5a89a957b2468 100644
--- a/apps/studio/components/interfaces/Auth/Hooks/HooksListing.tsx
+++ b/apps/studio/components/interfaces/Auth/Hooks/HooksListing.tsx
@@ -10,6 +10,7 @@ import { useAuthHooksUpdateMutation } from 'data/auth/auth-hooks-update-mutation
 import { executeSql } from 'data/sql/execute-sql-query'
 import { useSelectedProjectQuery } from 'hooks/misc/useSelectedProject'
 import { cn } from 'ui'
+import { GenericSkeletonLoader } from 'ui-patterns'
 import ConfirmationModal from 'ui-patterns/Dialogs/ConfirmationModal'
 import { AddHookDropdown } from './AddHookDropdown'
 import { CreateHookSheet } from './CreateHookSheet'
@@ -20,7 +21,12 @@ import { extractMethod, getRevokePermissionStatements, isValidHook } from './hoo
 export const HooksListing = () => {
   const { ref: projectRef } = useParams()
   const { data: project } = useSelectedProjectQuery()
-  const { data: authConfig, error: authConfigError, isError } = useAuthConfigQuery({ projectRef })
+  const {
+    data: authConfig,
+    error: authConfigError,
+    isError,
+    isLoading,
+  } = useAuthConfigQuery({ projectRef })
 
   const [selectedHook, setSelectedHook] = useState<HOOK_DEFINITION_TITLE | null>(null)
   const [selectedHookForDeletion, setSelectedHookForDeletion] = useState<Hook | null>(null)
@@ -60,10 +66,20 @@ export const HooksListing = () => {
 
   if (isError) {
     return (
-      <AlertError
-        error={authConfigError}
-        subject="Failed to retrieve auth configuration for hooks"
-      />
+      <ScaffoldSection isFullWidth>
+        <AlertError
+          error={authConfigError}
+          subject="Failed to retrieve auth configuration for hooks"
+        />
+      </ScaffoldSection>
+    )
+  }
+
+  if (isLoading) {
+    return (
+      <ScaffoldSection isFullWidth>
+        <GenericSkeletonLoader />
+      </ScaffoldSection>
     )
   }
 
diff --git a/apps/studio/components/interfaces/Auth/MfaAuthSettingsForm/MfaAuthSettingsForm.tsx b/apps/studio/components/interfaces/Auth/MfaAuthSettingsForm/MfaAuthSettingsForm.tsx
index b6bf44c39bc42..1f5cb248e5bc6 100644
--- a/apps/studio/components/interfaces/Auth/MfaAuthSettingsForm/MfaAuthSettingsForm.tsx
+++ b/apps/studio/components/interfaces/Auth/MfaAuthSettingsForm/MfaAuthSettingsForm.tsx
@@ -7,6 +7,7 @@ import { boolean, number, object, string } from 'yup'
 
 import { useParams } from 'common'
 import { ScaffoldSection, ScaffoldSectionTitle } from 'components/layouts/Scaffold'
+import AlertError from 'components/ui/AlertError'
 import NoPermission from 'components/ui/NoPermission'
 import UpgradeToPro from 'components/ui/UpgradeToPro'
 import { useAuthConfigQuery } from 'data/auth/auth-config-query'
@@ -15,7 +16,6 @@ import { useAsyncCheckPermissions } from 'hooks/misc/useCheckPermissions'
 import { useSelectedOrganizationQuery } from 'hooks/misc/useSelectedOrganization'
 import { IS_PLATFORM } from 'lib/constants'
 import {
-  AlertDescription_Shadcn_,
   AlertTitle_Shadcn_,
   Alert_Shadcn_,
   Button,
@@ -35,6 +35,7 @@ import {
   Switch,
   WarningIcon,
 } from 'ui'
+import { GenericSkeletonLoader } from 'ui-patterns'
 import ConfirmationModal from 'ui-patterns/Dialogs/ConfirmationModal'
 import { FormItemLayout } from 'ui-patterns/form/FormItemLayout/FormItemLayout'
 
@@ -86,7 +87,12 @@ const securitySchema = object({
 
 export const MfaAuthSettingsForm = () => {
   const { ref: projectRef } = useParams()
-  const { data: authConfig, error: authConfigError, isError } = useAuthConfigQuery({ projectRef })
+  const {
+    data: authConfig,
+    error: authConfigError,
+    isError,
+    isLoading,
+  } = useAuthConfigQuery({ projectRef })
   const { mutate: updateAuthConfig } = useAuthConfigUpdateMutation()
 
   // Separate loading states for each form
@@ -253,16 +259,26 @@ export const MfaAuthSettingsForm = () => {
 
   if (isError) {
     return (
-      <Alert_Shadcn_ variant="destructive">
-        <WarningIcon />
-        <AlertTitle_Shadcn_>Failed to retrieve auth configuration</AlertTitle_Shadcn_>
-        <AlertDescription_Shadcn_>{authConfigError.message}</AlertDescription_Shadcn_>
-      </Alert_Shadcn_>
+      <ScaffoldSection isFullWidth>
+        <AlertError error={authConfigError} subject="Failed to retrieve auth configuration" />
+      </ScaffoldSection>
     )
   }
 
   if (!canReadConfig) {
-    return <NoPermission resourceText="view auth configuration settings" />
+    return (
+      <ScaffoldSection isFullWidth>
+        <NoPermission resourceText="view auth configuration settings" />
+      </ScaffoldSection>
+    )
+  }
+
+  if (isLoading) {
+    return (
+      <ScaffoldSection isFullWidth>
+        <GenericSkeletonLoader />
+      </ScaffoldSection>
+    )
   }
 
   const phoneMFAIsEnabled =
diff --git a/apps/studio/components/interfaces/Auth/ProtectionAuthSettingsForm/ProtectionAuthSettingsForm.tsx b/apps/studio/components/interfaces/Auth/ProtectionAuthSettingsForm/ProtectionAuthSettingsForm.tsx
index f5ef7d711ef1e..63f6674bf8b60 100644
--- a/apps/studio/components/interfaces/Auth/ProtectionAuthSettingsForm/ProtectionAuthSettingsForm.tsx
+++ b/apps/studio/components/interfaces/Auth/ProtectionAuthSettingsForm/ProtectionAuthSettingsForm.tsx
@@ -9,6 +9,7 @@ import { boolean, number, object, string } from 'yup'
 
 import { useParams } from 'common'
 import { ScaffoldSection, ScaffoldSectionTitle } from 'components/layouts/Scaffold'
+import AlertError from 'components/ui/AlertError'
 import { InlineLink } from 'components/ui/InlineLink'
 import NoPermission from 'components/ui/NoPermission'
 import { useAuthConfigQuery } from 'data/auth/auth-config-query'
@@ -16,9 +17,6 @@ import { useAuthConfigUpdateMutation } from 'data/auth/auth-config-update-mutati
 import { useAsyncCheckPermissions } from 'hooks/misc/useCheckPermissions'
 import { DOCS_URL } from 'lib/constants'
 import {
-  AlertDescription_Shadcn_,
-  AlertTitle_Shadcn_,
-  Alert_Shadcn_,
   Badge,
   Button,
   Card,
@@ -35,8 +33,8 @@ import {
   SelectValue_Shadcn_,
   Select_Shadcn_,
   Switch,
-  WarningIcon,
 } from 'ui'
+import { GenericSkeletonLoader } from 'ui-patterns'
 import { FormItemLayout } from 'ui-patterns/form/FormItemLayout/FormItemLayout'
 import { NO_REQUIRED_CHARACTERS } from '../Auth.constants'
 
@@ -72,7 +70,12 @@ const schema = object({
 
 export const ProtectionAuthSettingsForm = () => {
   const { ref: projectRef } = useParams()
-  const { data: authConfig, error: authConfigError, isError } = useAuthConfigQuery({ projectRef })
+  const {
+    data: authConfig,
+    error: authConfigError,
+    isError,
+    isLoading,
+  } = useAuthConfigQuery({ projectRef })
   const { mutate: updateAuthConfig, isLoading: isUpdatingConfig } = useAuthConfigUpdateMutation({
     onError: (error) => {
       toast.error(`Failed to update settings: ${error?.message}`)
@@ -145,16 +148,26 @@ export const ProtectionAuthSettingsForm = () => {
 
   if (isError) {
     return (
-      <Alert_Shadcn_ variant="destructive">
-        <WarningIcon />
-        <AlertTitle_Shadcn_>Failed to retrieve auth configuration</AlertTitle_Shadcn_>
-        <AlertDescription_Shadcn_>{authConfigError.message}</AlertDescription_Shadcn_>
-      </Alert_Shadcn_>
+      <ScaffoldSection isFullWidth>
+        <AlertError error={authConfigError} subject="Failed to retrieve auth configuration" />
+      </ScaffoldSection>
     )
   }
 
   if (!canReadConfig) {
-    return <NoPermission resourceText="view auth configuration settings" />
+    return (
+      <ScaffoldSection isFullWidth>
+        <NoPermission resourceText="view auth configuration settings" />
+      </ScaffoldSection>
+    )
+  }
+
+  if (isLoading) {
+    return (
+      <ScaffoldSection isFullWidth>
+        <GenericSkeletonLoader />
+      </ScaffoldSection>
+    )
   }
 
   return (
diff --git a/apps/studio/components/interfaces/Auth/RateLimits/RateLimits.tsx b/apps/studio/components/interfaces/Auth/RateLimits/RateLimits.tsx
index 82a5a1e14d920..55e086b2a44aa 100644
--- a/apps/studio/components/interfaces/Auth/RateLimits/RateLimits.tsx
+++ b/apps/studio/components/interfaces/Auth/RateLimits/RateLimits.tsx
@@ -142,15 +142,27 @@ export const RateLimits = () => {
   }, [isSuccess])
 
   if (isError) {
-    return <AlertError subject="Failed to retrieve auth config rate limits" error={error} />
+    return (
+      <ScaffoldSection isFullWidth>
+        <AlertError error={error} subject="Failed to retrieve auth configuration" />
+      </ScaffoldSection>
+    )
   }
 
   if (!canReadConfig) {
-    return <NoPermission resourceText="view auth configuration settings" />
+    return (
+      <ScaffoldSection isFullWidth>
+        <NoPermission resourceText="view auth configuration settings" />
+      </ScaffoldSection>
+    )
   }
 
   if (isLoading) {
-    return <GenericSkeletonLoader />
+    return (
+      <ScaffoldSection isFullWidth>
+        <GenericSkeletonLoader />
+      </ScaffoldSection>
+    )
   }
 
   return (
diff --git a/apps/studio/components/interfaces/Auth/RedirectUrls/RedirectUrls.tsx b/apps/studio/components/interfaces/Auth/RedirectUrls/RedirectUrls.tsx
index 9e4f573f42113..76c31220454fa 100644
--- a/apps/studio/components/interfaces/Auth/RedirectUrls/RedirectUrls.tsx
+++ b/apps/studio/components/interfaces/Auth/RedirectUrls/RedirectUrls.tsx
@@ -7,21 +7,13 @@ import {
   ScaffoldSection,
   ScaffoldSectionTitle,
 } from 'components/layouts/Scaffold'
+import AlertError from 'components/ui/AlertError'
 import { DocsButton } from 'components/ui/DocsButton'
 import { HorizontalShimmerWithIcon } from 'components/ui/Shimmers/Shimmers'
 import { useAuthConfigQuery } from 'data/auth/auth-config-query'
 import { useAuthConfigUpdateMutation } from 'data/auth/auth-config-update-mutation'
 import { DOCS_URL } from 'lib/constants'
-import {
-  AlertDescription_Shadcn_,
-  AlertTitle_Shadcn_,
-  Alert_Shadcn_,
-  Button,
-  Modal,
-  ScrollArea,
-  WarningIcon,
-  cn,
-} from 'ui'
+import { Button, Modal, ScrollArea, cn } from 'ui'
 import { AddNewURLModal } from './AddNewURLModal'
 import { RedirectUrlList } from './RedirectUrlList'
 import { ValueContainer } from './ValueContainer'
@@ -98,11 +90,7 @@ export const RedirectUrls = () => {
       )}
 
       {isError && (
-        <Alert_Shadcn_ variant="destructive">
-          <WarningIcon />
-          <AlertTitle_Shadcn_>Failed to retrieve auth configuration</AlertTitle_Shadcn_>
-          <AlertDescription_Shadcn_>{authConfigError.message}</AlertDescription_Shadcn_>
-        </Alert_Shadcn_>
+        <AlertError error={authConfigError} subject="Failed to retrieve auth configuration" />
       )}
 
       {isSuccess && (
diff --git a/apps/studio/components/interfaces/Auth/SessionsAuthSettingsForm/SessionsAuthSettingsForm.tsx b/apps/studio/components/interfaces/Auth/SessionsAuthSettingsForm/SessionsAuthSettingsForm.tsx
index 3cea989af221f..5e28e21bec217 100644
--- a/apps/studio/components/interfaces/Auth/SessionsAuthSettingsForm/SessionsAuthSettingsForm.tsx
+++ b/apps/studio/components/interfaces/Auth/SessionsAuthSettingsForm/SessionsAuthSettingsForm.tsx
@@ -7,6 +7,7 @@ import * as z from 'zod'
 
 import { useParams } from 'common'
 import { ScaffoldSection, ScaffoldSectionTitle } from 'components/layouts/Scaffold'
+import AlertError from 'components/ui/AlertError'
 import NoPermission from 'components/ui/NoPermission'
 import UpgradeToPro from 'components/ui/UpgradeToPro'
 import { useAuthConfigQuery } from 'data/auth/auth-config-query'
@@ -15,9 +16,6 @@ import { useAsyncCheckPermissions } from 'hooks/misc/useCheckPermissions'
 import { useSelectedOrganizationQuery } from 'hooks/misc/useSelectedOrganization'
 import { IS_PLATFORM } from 'lib/constants'
 import {
-  AlertDescription_Shadcn_,
-  AlertTitle_Shadcn_,
-  Alert_Shadcn_,
   Button,
   Card,
   CardContent,
@@ -28,8 +26,8 @@ import {
   Input_Shadcn_,
   PrePostTab,
   Switch,
-  WarningIcon,
 } from 'ui'
+import { GenericSkeletonLoader } from 'ui-patterns'
 import { FormItemLayout } from 'ui-patterns/form/FormItemLayout/FormItemLayout'
 
 function HoursOrNeverText({ value }: { value: number }) {
@@ -58,7 +56,12 @@ const UserSessionsSchema = z.object({
 
 export const SessionsAuthSettingsForm = () => {
   const { ref: projectRef } = useParams()
-  const { data: authConfig, error: authConfigError, isError } = useAuthConfigQuery({ projectRef })
+  const {
+    data: authConfig,
+    error: authConfigError,
+    isError,
+    isLoading,
+  } = useAuthConfigQuery({ projectRef })
   const { mutate: updateAuthConfig } = useAuthConfigUpdateMutation()
 
   // Separate loading states for each form
@@ -155,16 +158,26 @@ export const SessionsAuthSettingsForm = () => {
 
   if (isError) {
     return (
-      <Alert_Shadcn_ variant="destructive">
-        <WarningIcon />
-        <AlertTitle_Shadcn_>Failed to retrieve auth configuration</AlertTitle_Shadcn_>
-        <AlertDescription_Shadcn_>{authConfigError.message}</AlertDescription_Shadcn_>
-      </Alert_Shadcn_>
+      <ScaffoldSection isFullWidth>
+        <AlertError error={authConfigError} subject="Failed to retrieve auth configuration" />
+      </ScaffoldSection>
     )
   }
 
   if (!canReadConfig) {
-    return <NoPermission resourceText="view auth configuration settings" />
+    return (
+      <ScaffoldSection isFullWidth>
+        <NoPermission resourceText="view auth configuration settings" />
+      </ScaffoldSection>
+    )
+  }
+
+  if (isLoading) {
+    return (
+      <ScaffoldSection isFullWidth>
+        <GenericSkeletonLoader />
+      </ScaffoldSection>
+    )
   }
 
   return (
diff --git a/apps/studio/components/interfaces/Auth/SiteUrl/SiteUrl.tsx b/apps/studio/components/interfaces/Auth/SiteUrl/SiteUrl.tsx
index b1fe49a1f550e..5c38c88261d82 100644
--- a/apps/studio/components/interfaces/Auth/SiteUrl/SiteUrl.tsx
+++ b/apps/studio/components/interfaces/Auth/SiteUrl/SiteUrl.tsx
@@ -1,6 +1,5 @@
 import { yupResolver } from '@hookform/resolvers/yup'
 import { PermissionAction } from '@supabase/shared-types/out/constants'
-import { AlertCircle } from 'lucide-react'
 import { useEffect, useState } from 'react'
 import { useForm } from 'react-hook-form'
 import { toast } from 'sonner'
@@ -8,13 +7,11 @@ import { object, string } from 'yup'
 
 import { useParams } from 'common'
 import { ScaffoldSection, ScaffoldSectionTitle } from 'components/layouts/Scaffold'
+import AlertError from 'components/ui/AlertError'
 import { useAuthConfigQuery } from 'data/auth/auth-config-query'
 import { useAuthConfigUpdateMutation } from 'data/auth/auth-config-update-mutation'
 import { useAsyncCheckPermissions } from 'hooks/misc/useCheckPermissions'
 import {
-  AlertDescription_Shadcn_,
-  AlertTitle_Shadcn_,
-  Alert_Shadcn_,
   Button,
   Card,
   CardContent,
@@ -24,6 +21,7 @@ import {
   Form_Shadcn_,
   Input_Shadcn_,
 } from 'ui'
+import { GenericSkeletonLoader } from 'ui-patterns'
 import { FormItemLayout } from 'ui-patterns/form/FormItemLayout/FormItemLayout'
 
 const schema = object({
@@ -32,7 +30,12 @@ const schema = object({
 
 const SiteUrl = () => {
   const { ref: projectRef } = useParams()
-  const { data: authConfig, error: authConfigError, isError } = useAuthConfigQuery({ projectRef })
+  const {
+    data: authConfig,
+    error: authConfigError,
+    isError,
+    isLoading,
+  } = useAuthConfigQuery({ projectRef })
   const { mutate: updateAuthConfig } = useAuthConfigUpdateMutation()
   const [isUpdatingSiteUrl, setIsUpdatingSiteUrl] = useState(false)
 
@@ -76,11 +79,17 @@ const SiteUrl = () => {
 
   if (isError) {
     return (
-      <Alert_Shadcn_ variant="destructive">
-        <AlertCircle strokeWidth={2} />
-        <AlertTitle_Shadcn_>Failed to retrieve auth configuration</AlertTitle_Shadcn_>
-        <AlertDescription_Shadcn_>{authConfigError.message}</AlertDescription_Shadcn_>
-      </Alert_Shadcn_>
+      <ScaffoldSection isFullWidth>
+        <AlertError error={authConfigError} subject="Failed to retrieve auth configuration" />
+      </ScaffoldSection>
+    )
+  }
+
+  if (isLoading) {
+    return (
+      <ScaffoldSection isFullWidth>
+        <GenericSkeletonLoader />
+      </ScaffoldSection>
     )
   }
 
diff --git a/apps/studio/components/interfaces/Auth/SmtpForm/SmtpForm.tsx b/apps/studio/components/interfaces/Auth/SmtpForm/SmtpForm.tsx
index 01cf200b2c40a..f8391f8339ce8 100644
--- a/apps/studio/components/interfaces/Auth/SmtpForm/SmtpForm.tsx
+++ b/apps/studio/components/interfaces/Auth/SmtpForm/SmtpForm.tsx
@@ -9,6 +9,7 @@ import * as yup from 'yup'
 
 import { useParams } from 'common'
 import { ScaffoldSection } from 'components/layouts/Scaffold'
+import AlertError from 'components/ui/AlertError'
 import NoPermission from 'components/ui/NoPermission'
 import { useAuthConfigQuery } from 'data/auth/auth-config-query'
 import { useAuthConfigUpdateMutation } from 'data/auth/auth-config-update-mutation'
@@ -27,7 +28,6 @@ import {
   Input_Shadcn_,
   PrePostTab,
   Switch,
-  WarningIcon,
 } from 'ui'
 import { FormItemLayout } from 'ui-patterns/form/FormItemLayout/FormItemLayout'
 import { urlRegex } from '../Auth.constants'
@@ -179,16 +179,18 @@ export const SmtpForm = () => {
 
   if (isError) {
     return (
-      <Alert_Shadcn_ variant="destructive">
-        <WarningIcon />
-        <AlertTitle_Shadcn_>Failed to retrieve auth configuration</AlertTitle_Shadcn_>
-        <AlertDescription_Shadcn_>{authConfigError.message}</AlertDescription_Shadcn_>
-      </Alert_Shadcn_>
+      <ScaffoldSection isFullWidth>
+        <AlertError error={authConfigError} subject="Failed to retrieve auth configuration" />
+      </ScaffoldSection>
     )
   }
 
   if (!canReadConfig) {
-    return <NoPermission resourceText="view SMTP settings" />
+    return (
+      <ScaffoldSection isFullWidth>
+        <NoPermission resourceText="view SMTP settings" />
+      </ScaffoldSection>
+    )
   }
 
   return (
diff --git a/apps/studio/pages/project/[ref]/auth/audit-logs.tsx b/apps/studio/pages/project/[ref]/auth/audit-logs.tsx
index e7936c63e30c8..b3ed3be5f2fa4 100644
--- a/apps/studio/pages/project/[ref]/auth/audit-logs.tsx
+++ b/apps/studio/pages/project/[ref]/auth/audit-logs.tsx
@@ -1,22 +1,18 @@
 import { PermissionAction } from '@supabase/shared-types/out/constants'
 
-import { useParams } from 'common'
 import { AuditLogsForm } from 'components/interfaces/Auth/AuditLogsForm'
 import AuthLayout from 'components/layouts/AuthLayout/AuthLayout'
 import DefaultLayout from 'components/layouts/DefaultLayout'
 import { PageLayout } from 'components/layouts/PageLayout/PageLayout'
-import { ScaffoldContainer } from 'components/layouts/Scaffold'
+import { ScaffoldContainer, ScaffoldSection } from 'components/layouts/Scaffold'
 import { DocsButton } from 'components/ui/DocsButton'
 import NoPermission from 'components/ui/NoPermission'
 import { GenericSkeletonLoader } from 'components/ui/ShimmeringLoader'
-import { useAuthConfigQuery } from 'data/auth/auth-config-query'
 import { useAsyncCheckPermissions } from 'hooks/misc/useCheckPermissions'
 import { DOCS_URL } from 'lib/constants'
 import type { NextPageWithLayout } from 'types'
 
 const AuditLogsPage: NextPageWithLayout = () => {
-  const { ref: projectRef } = useParams()
-  const { isLoading: isLoadingConfig } = useAuthConfigQuery({ projectRef })
   const { can: canReadAuthSettings, isSuccess: isPermissionsLoaded } = useAsyncCheckPermissions(
     PermissionAction.READ,
     'custom_config_gotrue'
@@ -28,10 +24,10 @@ const AuditLogsPage: NextPageWithLayout = () => {
 
   return (
     <ScaffoldContainer>
-      {!isPermissionsLoaded || isLoadingConfig ? (
-        <div className="mt-12">
+      {!isPermissionsLoaded ? (
+        <ScaffoldSection isFullWidth>
           <GenericSkeletonLoader />
-        </div>
+        </ScaffoldSection>
       ) : (
         <AuditLogsForm />
       )}