Conversation
Rodriguespn
force-pushed
the
feature/supabase-skill
branch
3 times, most recently
from
c9a10b7 to
6356065
Compare
Rodriguespn
force-pushed
the
feature/supabase-skill
branch
2 times, most recently
from
9cab06c to
803e968
Compare
Rodriguespn
force-pushed
the
feature/supabase-skill
branch
from
803e968 to
f856e34
Compare
Rodriguespn
force-pushed
the
feature/supabase-skill
branch
4 times, most recently
from
cd7d687 to
fff97dc
Compare
Rodriguespn
force-pushed
the
feature/supabase-skill
branch
3 times, most recently
from
397502e to
d097278
Compare
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughAdds a Supabase skill with SKILL/AGENTS/CLAUDE docs, a references index and template, and ~49 new reference documents across Database, Edge Functions, Realtime, and Storage; also reclassifies Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~30 minutes 🚥 Pre-merge checks | ✅ 3 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 10
🤖 Fix all issues with AI agents
In `@skills/supabase/AGENTS.md`:
- Line 32: Update the example filename in AGENTS.md so it follows the
`{prefix}-{topic}.md` pattern using the `db-` prefix: replace the current
`query-missing-indexes.md` example with a `db-` prefixed name such as
`db-query-missing-indexes.md` (or `db-perf-indexes.md`) wherever the example
appears so it matches the described pattern.
In `@skills/supabase/references/db-migrations-diff.md`:
- Around line 74-92: Update the documentation under the "What diff Captures" and
"What diff Does NOT Capture" sections to explicitly list "Extensions" as a
captured item and standardize wording around RLS policy limitations: replace
informal lowercase `alter policy` with uppercase "ALTER POLICY" and clarify that
ALTER POLICY changes for RLS policies may not be captured correctly,
recommending use of versioned migrations for RLS policy modifications; update
both the capture list and the caveat paragraph and ensure the "Extensions"
bullet appears in the captured list.
In `@skills/supabase/references/db-migrations-idempotent.md`:
- Line 81: Update the broken reference in db-migrations-idempotent.md: replace
the link text "migrations-testing.md" with the correctly prefixed filename
"db-migrations-testing.md" so the reference matches AGENTS.md and other docs;
locate the occurrence of "migrations-testing.md" in the file and change it to
"db-migrations-testing.md" (ensure any markdown link syntax remains intact).
In `@skills/supabase/references/db-migrations-testing.md`:
- Line 118: Update the markdown link text so it uses the correct filename
prefix: replace the reference string "migrations-idempotent.md" with
"db-migrations-idempotent.md" in the file
skills/supabase/references/db-migrations-testing.md (look for the existing link
line that currently reads [migrations-idempotent.md](migrations-idempotent.md)
and change both the link label and target to db-migrations-idempotent.md).
In `@skills/supabase/references/db-perf-indexes.md`:
- Around line 114-115: Update the two markdown link references so they use the
documented db- prefix: change [rls-performance.md](rls-performance.md) to
[db-rls-performance.md](db-rls-performance.md) and change
[schema-jsonb.md](schema-jsonb.md) to [db-schema-jsonb.md](db-schema-jsonb.md);
ensure both link text and target filenames are updated consistently where
referenced so they match AGENTS.md naming conventions.
In `@skills/supabase/references/realtime-patterns-cleanup.md`:
- Around line 87-88: The phrase "Pay as you go" should be hyphenated as
"Pay-as-you-go" in the sentence discussing quotas and Supabase Dashboard
Realtime Settings; update the text that currently reads 'For Pay as you go
customers, stop and ask the user to edit these limits in the Supabase Dashboard
under Realtime Settings.' to use "Pay-as-you-go" so it reads 'For Pay-as-you-go
customers, stop and ask the user to edit these limits in the Supabase Dashboard
under Realtime Settings.'
In `@skills/supabase/references/realtime-patterns-errors.md`:
- Around line 45-71: Update the heartbeat callback sample to match the current
supabase-js API by changing the parameter from a client object to a status
string and using that status (values:
'sent'|'ok'|'error'|'timeout'|'disconnected') inside the handler instead of
calling client.connectionState(); update the example referencing
heartbeatCallback to demonstrate handling each status case; also review and
confirm the validity of the referenced error codes `too_many_joins` and
`tenant_events` and the stated per-connection channel limit (currently
documented as 100 in this doc) against the official Supabase Realtime and
rate-limits docs and adjust the table entries and the reconnection statement
(remove or soften the absolute claim that "No manual re-subscribe is needed") to
reflect the documented reconnection behavior.
In `@skills/supabase/references/realtime-postgres-changes.md`:
- Around line 14-16: Replace the misleading bullet "- Low user counts (< 100
concurrent subscribers per table)" with a clarification that this is an informal
performance recommendation, not a hard per-table limit; state that actual
concurrent WebSocket connection limits are plan-based (e.g., Free ≈200, Pro
≈500, higher tiers 500–10,000+ per project) and explain the rationale: each
subscriber incurs per-change RLS authorization work so you should plan lower
subscriber counts per table for predictable performance. Keep the other bullets
about DELETE events, RLS behavior, and single-threaded ordering unchanged.
In `@skills/supabase/references/realtime-presence-tracking.md`:
- Around line 75-83: In the "## Quotas" section remove or clarify the trailing
sentence that begins "For Pay as you go customers, stop and ask the user to edit
these limits in the Supabase Dashboard under Realtime Settings." — either delete
it entirely, or replace it with a clear statement identifying the intended
customer segment (e.g., "Pro (no spend cap) / Pay-as-you-go customers") and a
concrete instruction (e.g., "To adjust these limits, visit Realtime Settings in
the Supabase Dashboard"), and if you keep the "pay as you go" phrasing hyphenate
it to "Pay-as-you-go" for correctness.
In `@skills/supabase/SKILL.md`:
- Around line 21-28: The curl example in the SKILL.md docs is incorrect: the
command `curl -H "Accept: text/markdown" https://supabase.com/docs/<path>` will
not return markdown because the Supabase docs endpoint serves HTML; remove or
replace that code block. Replace it either by removing the misleading Accept
header and showing a correct fetch like `curl -L
https://supabase.com/docs/<path>` (which returns HTML), or provide an alternate
accurate workflow (e.g., fetch HTML and convert to Markdown via pandoc or
reference the official docs export/API if available). Update the SKILL.md curl
code block and surrounding text that mentions "fetch as markdown" to reflect the
correct behavior.
🧹 Nitpick comments (4)
skills/supabase/SKILL.md (1)
21-21: Consider capitalizing "Markdown" as a proper noun.When referring to the markup language/format, "Markdown" is typically capitalized as it's a proper noun (the name of the format created by John Gruber).
📝 Suggested capitalization
-You can use the `curl` commands to fetch the documentation page as markdown: +You can use the `curl` commands to fetch the documentation page as Markdown:skills/supabase/AGENTS.md (1)
11-17: Consider adding a language identifier to the directory structure code block.The static analysis tool flagged this fenced code block as missing a language specifier. While this is a directory structure visualization (not executable code), adding
textorplaintextas the language identifier would satisfy linters and is a minor improvement.🔧 Suggested addition
-``` +```text supabase/ SKILL.md # Main skill file - read this first AGENTS.md # This navigation guideskills/supabase/references/_template.md (1)
12-19: Consider using explicit column selection in the template example.The Quick Start example uses
select("*")which, while functional, isn't the recommended practice. Since this is a template that will be copied for new references, showing explicit column selection would encourage better practices from the start.💡 Suggested improvement
```typescript // Minimal working example with real code import { createClient } from "@supabase/supabase-js"; const supabase = createClient(url, key); // Core operation -const { data, error } = await supabase.from("table").select("*"); +const { data, error } = await supabase.from("table").select("id, name, created_at");This demonstrates explicit column selection, which is better for performance and security. </details> </blockquote></details> <details> <summary>skills/supabase/references/db-migrations-idempotent.md (1)</summary><blockquote> `68-71`: **Consider adding a language identifier to the migration naming example.** The static analysis tool flagged this code block as missing a language specifier. Adding `text` or `plaintext` would satisfy linters. <details> <summary>🔧 Suggested addition</summary> ```diff -``` +```text 20240315120000_create_users.sql 20240315130000_add_profiles.sql</details> </blockquote></details> </blockquote></details> <!-- This is an auto-generated comment by CodeRabbit for review status -->
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In `@skills/supabase/references/db-migrations-diff.md`:
- Around line 97-98: The two broken relative links referencing
migrations-idempotent.md and migrations-testing.md should be updated to the
correct filenames db-migrations-idempotent.md and db-migrations-testing.md;
modify the link targets in the references block so the entries read
[db-migrations-idempotent.md](db-migrations-idempotent.md) and
[db-migrations-testing.md](db-migrations-testing.md) to match the actual files
in the repo.
| - [migrations-idempotent.md](migrations-idempotent.md) | ||
| - [migrations-testing.md](migrations-testing.md) |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify the actual filenames for migration reference docs in skills/supabase/references/
fd -e md -t f . skills/supabase/references/ | grep -i migration | sortRepository: supabase/agent-skills
Length of output: 220
🏁 Script executed:
sed -n '95,100p' skills/supabase/references/db-migrations-diff.mdRepository: supabase/agent-skills
Length of output: 254
Fix broken relative links to migration reference files.
Lines 97-98 link to migrations-idempotent.md and migrations-testing.md, but the actual files in the repository are named db-migrations-idempotent.md and db-migrations-testing.md. Add the db- prefix to both links.
Proposed fix
## Related
-- [migrations-idempotent.md](migrations-idempotent.md)
-- [migrations-testing.md](migrations-testing.md)
+- [db-migrations-idempotent.md](db-migrations-idempotent.md)
+- [db-migrations-testing.md](db-migrations-testing.md)
- [Docs](https://supabase.com/docs/guides/deployment/database-migrations)📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - [migrations-idempotent.md](migrations-idempotent.md) | |
| - [migrations-testing.md](migrations-testing.md) | |
| ## Related | |
| - [db-migrations-idempotent.md](db-migrations-idempotent.md) | |
| - [db-migrations-testing.md](db-migrations-testing.md) | |
| - [Docs](https://supabase.com/docs/guides/deployment/database-migrations) |
🤖 Prompt for AI Agents
In `@skills/supabase/references/db-migrations-diff.md` around lines 97 - 98, The
two broken relative links referencing migrations-idempotent.md and
migrations-testing.md should be updated to the correct filenames
db-migrations-idempotent.md and db-migrations-testing.md; modify the link
targets in the references block so the entries read
[db-migrations-idempotent.md](db-migrations-idempotent.md) and
[db-migrations-testing.md](db-migrations-testing.md) to match the actual files
in the repo.
There was a problem hiding this comment.
Actionable comments posted: 10
🤖 Fix all issues with AI agents
In `@skills/supabase/references/storage-access-control.md`:
- Around line 118-122: The relative links under the "Related" section in
storage-access-control.md are broken; update the two links that currently point
to ../db/rls-common-mistakes.md and ../db/rls-policy-types.md to the correct
filenames located in the same references/ directory: db-rls-common-mistakes.md
and db-rls-policy-types.md so the link targets match the actual files.
In `@skills/supabase/references/storage-cdn-caching.md`:
- Around line 88-91: The "Related" link in storage-cdn-caching.md points to
upload-standard.md which is inconsistent with the storage-prefixed naming used
elsewhere; update the link target (the reference currently "upload-standard.md")
to the correct storage-prefixed file name (e.g., "storage-upload-standard.md")
so the link resolves correctly, and verify the actual filename in the repo and
adjust the link accordingly.
In `@skills/supabase/references/storage-download-urls.md`:
- Around line 95-99: Update the "Related" links in storage-download-urls.md to
use the storage-prefixed filenames so they don't 404: replace
"access-control.md" with "storage-access-control.md" and "transform-images.md"
with "storage-transform-images.md" (leave the external Docs link unchanged);
ensure the link text still matches the target filenames.
In `@skills/supabase/references/storage-ops-file-management.md`:
- Around line 146-149: In the Related list inside
skills/supabase/references/storage-ops-file-management.md replace the existing
link target "access-control.md" with the storage-prefixed filename
"storage-access-control.md" so the Related entry becomes the correct reference
to storage-access-control.md (keeping the link text as-is or updating it to
"storage-access-control.md" for clarity).
In `@skills/supabase/references/storage-transform-images.md`:
- Around line 73-78: The fenced code block under "Direct URL Parameters" is
missing a language tag; update the triple-backtick fence for that URL example
(the Direct URL example block) to include a language identifier such as text
(e.g., change ``` to ```text) so markdownlint MD040 is satisfied and the block
is explicitly marked as plain text.
- Around line 113-117: Update the "Related" links to use the storage-prefixed
filenames so they resolve correctly: replace download-urls.md with
storage-download-urls.md and cdn-caching.md with storage-cdn-caching.md in the
"Related" list in storage-transform-images.md (use the same pattern applied
elsewhere in this skill).
In `@skills/supabase/references/storage-upload-resumable.md`:
- Around line 122-125: The Related section contains a broken relative link text
"upload-standard.md" that doesn't match the actual file name; update the link
target and link text to use "storage-upload-standard.md" so the entry reads "-
[storage-upload-standard.md](storage-upload-standard.md) - Small file uploads"
(edit the Related block in
skills/supabase/references/storage-upload-resumable.md where the link to
upload-standard.md appears).
- Around line 62-88: Replace the placeholder region in the S3Client constructor
(the region parameter passed when instantiating S3Client) with your actual
Supabase project region (examples: us-east-1, eu-central-1) to ensure correct
AWS Signature V4 signing; update the region value where S3Client is created and
optionally add an inline comment/example next to the region parameter to guide
developers (refer to S3Client and the endpoint using projectRef in the same
snippet).
- Around line 102-120: Update the documentation to clarify that while upload
URLs are issued as valid for 24 hours, the practical upload window may be
shorter because the Supabase Auth JWT (Bearer token) typically expires after ~1
hour by default; mention that developers must either refresh their JWT or use a
long-lived service role key when performing long resumable uploads (refer to the
"upload URLs valid for 24 hours" statement and the Auth JWT/Bearer token
behavior in the same section, and keep the note next to the TUS chunkSize
guidance such as the "chunkSize: 6 * 1024 * 1024" example).
In `@skills/supabase/SKILL.md`:
- Around line 13-19: The SKILL.md body is written in descriptive prose; rewrite
the introductory sentences into imperative commands (e.g., start with verbs) and
convert the "Overview of Resources" guidance into action-oriented
instructions—use the "Supabase" heading and the "Overview of Resources" section
as anchors to replace lines like "Supabase is an open source..." with concise
imperatives (e.g., "Use Supabase for a Postgres database, auth, instant APIs,
edge functions, realtime subscriptions, and storage." and "Reference the
appropriate resource file based on the user's needs."). Keep the content under
500 lines, prefer concise examples over long explanations, and move any detailed
material into the referenced resource files.
| ## Related | ||
|
|
||
| - [db/rls-common-mistakes.md](../db/rls-common-mistakes.md) - General RLS pitfalls | ||
| - [db/rls-policy-types.md](../db/rls-policy-types.md) - PERMISSIVE vs RESTRICTIVE | ||
| - [Docs](https://supabase.com/docs/guides/storage/security/access-control) |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Find RLS reference files
fd 'rls-common-mistakes|rls-policy-types' --type fRepository: supabase/agent-skills
Length of output: 167
🏁 Script executed:
#!/bin/bash
# Check the structure of skills/supabase/ directory
find skills/supabase -type f -name "*.md" | head -20Repository: supabase/agent-skills
Length of output: 987
🏁 Script executed:
#!/bin/bash
# Look for SKILL.md to understand naming conventions
find . -name "SKILL.md" -type fRepository: supabase/agent-skills
Length of output: 142
🏁 Script executed:
#!/bin/bash
# Check SKILL.md for naming conventions and structure guidance
head -50 skills/supabase/SKILL.mdRepository: supabase/agent-skills
Length of output: 3547
🏁 Script executed:
#!/bin/bash
# Verify the exact relative link issue by checking what the current links resolve to
cd skills/supabase/references && pwd && ls -la | grep -E 'db|storage'Repository: supabase/agent-skills
Length of output: 1936
Fix broken relative links to RLS reference files.
The links point to ../db/rls-*.md, but these files do not exist at that path. The actual files are in the same references/ directory with the naming pattern db-rls-*.md. Correct the paths to:
db-rls-common-mistakes.mddb-rls-policy-types.md
🤖 Prompt for AI Agents
In `@skills/supabase/references/storage-access-control.md` around lines 118 - 122,
The relative links under the "Related" section in storage-access-control.md are
broken; update the two links that currently point to
../db/rls-common-mistakes.md and ../db/rls-policy-types.md to the correct
filenames located in the same references/ directory: db-rls-common-mistakes.md
and db-rls-policy-types.md so the link targets match the actual files.
| ## Related | ||
|
|
||
| - [upload-standard.md](upload-standard.md) - Upload options | ||
| - [Docs](https://supabase.com/docs/guides/storage/cdn/smart-cdn) |
There was a problem hiding this comment.
Fix Related link target for upload reference.
The file is storage-prefixed elsewhere, so this link likely 404s.
🧭 Proposed fix
- - [upload-standard.md](upload-standard.md) - Upload options
+ - [storage-upload-standard.md](storage-upload-standard.md) - Upload options📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| ## Related | |
| - [upload-standard.md](upload-standard.md) - Upload options | |
| - [Docs](https://supabase.com/docs/guides/storage/cdn/smart-cdn) | |
| ## Related | |
| - [storage-upload-standard.md](storage-upload-standard.md) - Upload options | |
| - [Docs](https://supabase.com/docs/guides/storage/cdn/smart-cdn) |
🤖 Prompt for AI Agents
In `@skills/supabase/references/storage-cdn-caching.md` around lines 88 - 91, The
"Related" link in storage-cdn-caching.md points to upload-standard.md which is
inconsistent with the storage-prefixed naming used elsewhere; update the link
target (the reference currently "upload-standard.md") to the correct
storage-prefixed file name (e.g., "storage-upload-standard.md") so the link
resolves correctly, and verify the actual filename in the repo and adjust the
link accordingly.
| ## Related | ||
|
|
||
| - [access-control.md](access-control.md) - Public vs private buckets | ||
| - [transform-images.md](transform-images.md) - Image transformations | ||
| - [Docs](https://supabase.com/docs/guides/storage/serving/downloads) |
There was a problem hiding this comment.
Update Related links to storage- filenames.*
These likely 404 because the reference files are storage-prefixed.
🧭 Proposed fix
- - [access-control.md](access-control.md) - Public vs private buckets
- - [transform-images.md](transform-images.md) - Image transformations
+ - [storage-access-control.md](storage-access-control.md) - Public vs private buckets
+ - [storage-transform-images.md](storage-transform-images.md) - Image transformations📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| ## Related | |
| - [access-control.md](access-control.md) - Public vs private buckets | |
| - [transform-images.md](transform-images.md) - Image transformations | |
| - [Docs](https://supabase.com/docs/guides/storage/serving/downloads) | |
| ## Related | |
| - [storage-access-control.md](storage-access-control.md) - Public vs private buckets | |
| - [storage-transform-images.md](storage-transform-images.md) - Image transformations | |
| - [Docs](https://supabase.com/docs/guides/storage/serving/downloads) |
🤖 Prompt for AI Agents
In `@skills/supabase/references/storage-download-urls.md` around lines 95 - 99,
Update the "Related" links in storage-download-urls.md to use the
storage-prefixed filenames so they don't 404: replace "access-control.md" with
"storage-access-control.md" and "transform-images.md" with
"storage-transform-images.md" (leave the external Docs link unchanged); ensure
the link text still matches the target filenames.
| ## Related | ||
|
|
||
| - [access-control.md](access-control.md) - RLS for operations | ||
| - [Docs](https://supabase.com/docs/guides/storage/management/delete-objects) |
There was a problem hiding this comment.
Update Related link to storage-prefixed filename.
The target likely should be storage-access-control.md.
🧭 Proposed fix
- - [access-control.md](access-control.md) - RLS for operations
+ - [storage-access-control.md](storage-access-control.md) - RLS for operations📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| ## Related | |
| - [access-control.md](access-control.md) - RLS for operations | |
| - [Docs](https://supabase.com/docs/guides/storage/management/delete-objects) | |
| ## Related | |
| - [storage-access-control.md](storage-access-control.md) - RLS for operations | |
| - [Docs](https://supabase.com/docs/guides/storage/management/delete-objects) |
🤖 Prompt for AI Agents
In `@skills/supabase/references/storage-ops-file-management.md` around lines 146 -
149, In the Related list inside
skills/supabase/references/storage-ops-file-management.md replace the existing
link target "access-control.md" with the storage-prefixed filename
"storage-access-control.md" so the Related entry becomes the correct reference
to storage-access-control.md (keeping the link text as-is or updating it to
"storage-access-control.md" for clarity).
| ## Direct URL Parameters | ||
|
|
||
| ``` | ||
| https://xxx.supabase.co/storage/v1/render/image/public/bucket/image.jpg | ||
| ?width=400&height=300&resize=cover&quality=80 | ||
| ``` |
There was a problem hiding this comment.
Add a language to the fenced block.
The Direct URL example is missing a fence language (markdownlint MD040).
✅ Proposed fix
-```
+```text
https://xxx.supabase.co/storage/v1/render/image/public/bucket/image.jpg
?width=400&height=300&resize=cover&quality=80📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| ## Direct URL Parameters | |
| ``` | |
| https://xxx.supabase.co/storage/v1/render/image/public/bucket/image.jpg | |
| ?width=400&height=300&resize=cover&quality=80 | |
| ``` | |
| ## Direct URL Parameters | |
🧰 Tools
🪛 markdownlint-cli2 (0.20.0)
[warning] 75-75: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🤖 Prompt for AI Agents
In `@skills/supabase/references/storage-transform-images.md` around lines 73 - 78,
The fenced code block under "Direct URL Parameters" is missing a language tag;
update the triple-backtick fence for that URL example (the Direct URL example
block) to include a language identifier such as text (e.g., change ``` to
```text) so markdownlint MD040 is satisfied and the block is explicitly marked
as plain text.
| ## Related | ||
|
|
||
| - [download-urls.md](download-urls.md) - URL generation methods | ||
| - [cdn-caching.md](cdn-caching.md) - Transformation caching | ||
| - [Docs](https://supabase.com/docs/guides/storage/serving/image-transformations) |
There was a problem hiding this comment.
Fix Related link targets to match storage- filenames.*
These links don’t match the storage-* naming used elsewhere in this skill, so they likely 404. Consider pointing to the storage-prefixed files.
🧭 Proposed fix
- - [download-urls.md](download-urls.md) - URL generation methods
- - [cdn-caching.md](cdn-caching.md) - Transformation caching
+ - [storage-download-urls.md](storage-download-urls.md) - URL generation methods
+ - [storage-cdn-caching.md](storage-cdn-caching.md) - Transformation caching📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| ## Related | |
| - [download-urls.md](download-urls.md) - URL generation methods | |
| - [cdn-caching.md](cdn-caching.md) - Transformation caching | |
| - [Docs](https://supabase.com/docs/guides/storage/serving/image-transformations) | |
| ## Related | |
| - [storage-download-urls.md](storage-download-urls.md) - URL generation methods | |
| - [storage-cdn-caching.md](storage-cdn-caching.md) - Transformation caching | |
| - [Docs](https://supabase.com/docs/guides/storage/serving/image-transformations) |
🤖 Prompt for AI Agents
In `@skills/supabase/references/storage-transform-images.md` around lines 113 -
117, Update the "Related" links to use the storage-prefixed filenames so they
resolve correctly: replace download-urls.md with storage-download-urls.md and
cdn-caching.md with storage-cdn-caching.md in the "Related" list in
storage-transform-images.md (use the same pattern applied elsewhere in this
skill).
| ```javascript | ||
| import { S3Client } from '@aws-sdk/client-s3'; | ||
| import { Upload } from '@aws-sdk/lib-storage'; | ||
|
|
||
| const s3 = new S3Client({ | ||
| region: '<your-project-region>', | ||
| endpoint: `https://${projectRef}.storage.supabase.co/storage/v1/s3`, | ||
| credentials: { | ||
| accessKeyId: process.env.STORAGE_ACCESS_KEY, | ||
| secretAccessKey: process.env.STORAGE_SECRET_KEY | ||
| }, | ||
| forcePathStyle: true | ||
| }); | ||
|
|
||
| const upload = new Upload(s3, { | ||
| Bucket: 'bucket-name', | ||
| Key: 'path/to/file.zip', | ||
| Body: fileStream, | ||
| ContentType: 'application/zip' | ||
| }); | ||
|
|
||
| upload.on('httpUploadProgress', (progress) => { | ||
| console.log(`${progress.loaded}/${progress.total}`); | ||
| }); | ||
|
|
||
| await upload.done(); | ||
| ``` |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Search for S3Client configurations in the codebase
rg -n -A 5 -B 2 'S3Client' --glob '**/*.md' | head -50Repository: supabase/agent-skills
Length of output: 1064
🌐 Web query:
Supabase Storage S3 API region parameter required AWS SDK configuration
💡 Result:
Yes—when using Supabase Storage’s S3-compatible API with an AWS SDK, you still need to set a region, because requests are signed with AWS Signature Version 4, and the region is part of the SigV4 credential scope. Supabase’s docs explicitly say to copy the “endpoint” and “region” from your project’s Storage S3 settings and use them in your S3 client config. [1], [2]
What to put in region:
- Set
regionto your Supabase project region (for example:us-east-1,eu-central-1, etc.)—the value shown in the Storage S3 settings. [1], [3] - If you use the wrong region, you can hit signature mismatch (403) errors because the signature was computed for a different region scope. [2]
Typical AWS SDK (JS v3) config shape (per Supabase):
region: 'project_region'endpoint: 'https://<project_ref>.storage.supabase.co/storage/v1/s3'forcePathStyle: true[1]
Sources
- Supabase Docs — S3 Authentication (shows AWS SDK config including
region: 'project_region', and says to copy endpoint + region from project settings) [1] - Supabase Docs — S3 Compatibility (states Supabase expects AWS Signature Version 4) [2]
- Supabase Docs — Available regions (lists the region codes like
us-east-1, etc.) [3]
Clarify the region parameter with actual Supabase project region values.
The region parameter on line 67 is required for AWS Signature Version 4 credential signing. Replace the placeholder <your-project-region> with an actual Supabase project region (e.g., us-east-1, eu-central-1). Using an incorrect region will result in 403 signature mismatch errors. Consider adding a comment or example region value to guide developers.
🤖 Prompt for AI Agents
In `@skills/supabase/references/storage-upload-resumable.md` around lines 62 - 88,
Replace the placeholder region in the S3Client constructor (the region parameter
passed when instantiating S3Client) with your actual Supabase project region
(examples: us-east-1, eu-central-1) to ensure correct AWS Signature V4 signing;
update the region value where S3Client is created and optionally add an inline
comment/example next to the region parameter to guide developers (refer to
S3Client and the endpoint using projectRef in the same snippet).
| ## TUS Configuration Notes | ||
|
|
||
| **Incorrect:** | ||
|
|
||
| ```javascript | ||
| // Wrong chunk size - will fail | ||
| chunkSize: 10 * 1024 * 1024 // 10MB - not supported | ||
| ``` | ||
|
|
||
| **Correct:** | ||
|
|
||
| ```javascript | ||
| // Supabase requires exactly 6MB chunks | ||
| chunkSize: 6 * 1024 * 1024 // 6MB - required | ||
| ``` | ||
|
|
||
| - Chunk size must be exactly 6MB for Supabase | ||
| - Upload URLs valid for 24 hours | ||
| - Use direct storage URL: `https://{ref}.storage.supabase.co/storage/v1/upload/resumable` |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
Supabase Storage TUS resumable upload URL validity period expiration
💡 Result:
For Supabase Storage TUS resumable uploads, the server creates a unique upload URL per upload (the URL you PATCH chunks to). That upload URL is valid for up to 24 hours; if the upload isn’t completed within that window, the URL expires and you must start a new upload (TUS clients typically handle this by creating a new URL). [1]
If you’re self-hosting Supabase Storage, the upload-URL lifetime is configurable via TUS_URL_EXPIRY_MS (documented from the storage server config), with a noted default of 3,600,000 ms (1 hour). [2]
Also remember the upload can fail earlier if your Auth JWT (Bearer token) expires (commonly 5 minutes–1 hour, with 1 hour being the usual/default recommendation). [3]
Sources: [1] [2] [3]
Expand the 24-hour URL validity claim to account for JWT token expiration.
Line 119 correctly states that upload URLs are valid for 24 hours. However, this claim would be more complete by noting that the Auth JWT Bearer token typically expires within 1 hour (the default for Supabase), which becomes the practical limiting factor for uploads. Developers should be aware that token expiration may interrupt uploads sooner than the 24-hour URL window.
🤖 Prompt for AI Agents
In `@skills/supabase/references/storage-upload-resumable.md` around lines 102 -
120, Update the documentation to clarify that while upload URLs are issued as
valid for 24 hours, the practical upload window may be shorter because the
Supabase Auth JWT (Bearer token) typically expires after ~1 hour by default;
mention that developers must either refresh their JWT or use a long-lived
service role key when performing long resumable uploads (refer to the "upload
URLs valid for 24 hours" statement and the Auth JWT/Bearer token behavior in the
same section, and keep the note next to the TUS chunkSize guidance such as the
"chunkSize: 6 * 1024 * 1024" example).
| ## Related | ||
|
|
||
| - [upload-standard.md](upload-standard.md) - Small file uploads | ||
| - [Docs](https://supabase.com/docs/guides/storage/uploads/resumable-uploads) |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Find reference files related to upload-standard
fd -e md '' skills/supabase/references/ | grep -i upload | sortRepository: supabase/agent-skills
Length of output: 173
Fix broken relative link in Related section.
The link references upload-standard.md, but the actual filename is storage-upload-standard.md. Update the link to:
- [storage-upload-standard.md](storage-upload-standard.md) - Small file uploads
🤖 Prompt for AI Agents
In `@skills/supabase/references/storage-upload-resumable.md` around lines 122 -
125, The Related section contains a broken relative link text
"upload-standard.md" that doesn't match the actual file name; update the link
target and link text to use "storage-upload-standard.md" so the entry reads "-
[storage-upload-standard.md](storage-upload-standard.md) - Small file uploads"
(edit the Related block in
skills/supabase/references/storage-upload-resumable.md where the link to
upload-standard.md appears).
| # Supabase | ||
|
|
||
| Supabase is an open source Firebase alternative that provides a Postgres database, authentication, instant APIs, edge functions, realtime subscriptions, and storage. It's fully compatible with Postgres and provides several language sdks, including supabase-js and supabase-py. | ||
|
|
||
| ## Overview of Resources | ||
|
|
||
| Reference the appropriate resource file based on the user's needs: |
There was a problem hiding this comment.
Rewrite body content in imperative form (guideline requirement).
Current prose (“Supabase is…”) is descriptive, not imperative. Please rephrase to commands/instructions.
✍️ Example rewrite
- Supabase is an open source Firebase alternative that provides a Postgres database, authentication, instant APIs, edge functions, realtime subscriptions, and storage. It's fully compatible with Postgres and provides several language sdks, including supabase-js and supabase-py.
+ Use Supabase as an open source Firebase alternative. Rely on its Postgres database, authentication, instant APIs, edge functions, realtime subscriptions, and storage, and choose supabase-js or supabase-py for SDK access.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| # Supabase | |
| Supabase is an open source Firebase alternative that provides a Postgres database, authentication, instant APIs, edge functions, realtime subscriptions, and storage. It's fully compatible with Postgres and provides several language sdks, including supabase-js and supabase-py. | |
| ## Overview of Resources | |
| Reference the appropriate resource file based on the user's needs: | |
| # Supabase | |
| Use Supabase as an open source Firebase alternative. Rely on its Postgres database, authentication, instant APIs, edge functions, realtime subscriptions, and storage, and choose supabase-js or supabase-py for SDK access. | |
| ## Overview of Resources | |
| Reference the appropriate resource file based on the user's needs: |
🧰 Tools
🪛 LanguageTool
[grammar] ~15-~15: Use a hyphen to join words.
Context: ...ns. --- # Supabase Supabase is an open source Firebase alternative that provide...
(QB_NEW_EN_HYPHEN)
🤖 Prompt for AI Agents
In `@skills/supabase/SKILL.md` around lines 13 - 19, The SKILL.md body is written
in descriptive prose; rewrite the introductory sentences into imperative
commands (e.g., start with verbs) and convert the "Overview of Resources"
guidance into action-oriented instructions—use the "Supabase" heading and the
"Overview of Resources" section as anchors to replace lines like "Supabase is an
open source..." with concise imperatives (e.g., "Use Supabase for a Postgres
database, auth, instant APIs, edge functions, realtime subscriptions, and
storage." and "Reference the appropriate resource file based on the user's
needs."). Keep the content under 500 lines, prefer concise examples over long
explanations, and move any detailed material into the referenced resource files.
There was a problem hiding this comment.
Actionable comments posted: 15
🤖 Fix all issues with AI agents
In `@skills/supabase/references/_sections.md`:
- Around line 18-24: The "Storage" section heading is misnumbered as "## 3.
Storage (storage)" causing duplicate numbering with "## 3. Realtime (realtime)";
update the heading text to "## 4. Storage (storage)" so the sequence reads "##
3. Realtime (realtime)" then "## 4. Storage (storage)". Locate the heading
string "## 3. Storage (storage)" in the file and change the numeric prefix to 4,
ensuring any adjacent references or table-of-contents entries (if present) are
consistent with the new section number.
In `@skills/supabase/references/edge-adv-streaming.md`:
- Around line 1-5: The YAML frontmatter is missing a quantified benefit in
impactDescription and title should be action-oriented; update the frontmatter
fields (title, impact, impactDescription, tags) so title is an action phrase
like "Stream AI Responses via SSE", keep impact as MEDIUM, and replace
impactDescription with a quantified metric (e.g., "Reduces end-to-end latency by
~40ms per response and improves perceived responsiveness by 25% for real-time
clients"), or other measured throughput/latency numbers relevant to edge
streaming; ensure tags remain present (edge-functions, streaming, sse,
server-sent-events).
- Around line 1-5: The frontmatter title is not action-oriented; update the YAML
in skills/supabase/references/edge-adv-streaming.md so the title is a verb-led
phrase (e.g., "Stream Responses" or "Enable Streaming Responses") while keeping
the required fields intact: title, impact, impactDescription, and tags; ensure
impact uses an allowed value (CRITICAL|HIGH|MEDIUM-HIGH|MEDIUM|LOW-MEDIUM|LOW)
and impactDescription is a concise quantified benefit.
In `@skills/supabase/references/edge-adv-websockets.md`:
- Around line 1-5: Update the YAML frontmatter keys: change the title to an
action‑oriented phrase (e.g., "Handle WebSocket Connections" or "Implement
WebSocket Communication") by editing the title field; keep or adjust impact to
one of the allowed levels (CRITICAL|HIGH|MEDIUM-HIGH|MEDIUM|LOW-MEDIUM|LOW) in
the impact field if needed; and replace the current impactDescription with a
quantified benefit statement (e.g., "Reduces latency by ~50% for real-time
updates and supports X concurrent connections," or "Enables real-time
bidirectional messaging, improving update delivery for Y% of use cases") so it
clearly states the measurable outcome; ensure tags remain present and relevant
in the tags field.
In `@skills/supabase/references/edge-auth-jwt-verification.md`:
- Around line 1-5: Update the YAML frontmatter so the title is action‑oriented
(e.g., "Verify JWTs and Authenticate Edge Requests") and replace the generic
impactDescription with a quantified benefit (e.g., "Reduces unauthorized access
incidents by X% by validating JWTs at the edge" or "Prevents unauthorized access
for all edge requests by enforcing JWT verification"), while leaving impact
(CRITICAL) and tags intact; edit the frontmatter keys title, impactDescription,
impact, and tags accordingly in the existing document.
- Around line 23-27: The example calls supabase.auth.getClaims(token) even when
token may be undefined; add a guard after extracting token (from
req.headers.get("Authorization")?.replace("Bearer ", "")) that returns new
Response("Missing token", { status: 401 }) (or similar 401) when token is falsy,
and only then call supabase.auth.getClaims(token) and proceed to use
data.claims.sub.
In `@skills/supabase/references/edge-auth-rls-integration.md`:
- Around line 1-5: Update the YAML frontmatter so the title is verb-led (e.g.,
"Integrate RLS into Edge Functions") instead of a noun phrase, keep impact set
to one of the allowed levels (HIGH is acceptable) and replace impactDescription
with a concise, quantified benefit (e.g., "Reduces risk of unauthorized row
access by X% or prevents Y classes of data leaks per deployment"), and ensure
tags remain present; modify the frontmatter keys title, impact,
impactDescription, and tags accordingly in the file.
- Around line 31-40: The example uses req.headers.get("Authorization")! which
can be null and is not guarded; before calling createClient inside Deno.serve,
check for the presence of the Authorization header (e.g., const auth =
req.headers.get("Authorization")) and if missing return a 401 response
immediately, only then pass the validated auth value into createClient
(global.headers.Authorization) so createClient never receives a null/undefined
header.
In `@skills/supabase/references/edge-db-direct-postgres.md`:
- Around line 1-5: Update the YAML frontmatter so the title is action-oriented
and the impactDescription is quantified: change the title field to an action
verb phrase (e.g., "Connect Directly to Postgres from Edge Functions") and
rewrite impactDescription to state a measurable benefit (e.g., "Reduces latency
by X% and enables Y concurrent connections" or "Enables complex queries and ORM
usage, improving developer productivity by X%"); ensure you update the existing
title and impactDescription keys in the frontmatter accordingly.
- Around line 34-43: The example creates a new postgres client per-request
inside Deno.serve which breaks pooling; move the postgres(...) client creation
and the drizzle(client) call to module scope (outside Deno.serve) so the same
client is reused across requests, remove any per-request .end() calls, and
configure the client with idle_timeout and max_lifetime options (e.g.,
idle_timeout and max_lifetime passed into postgres(...)) to allow automatic
cleanup of idle connections; update references to the existing db and users
usage inside the Deno.serve handler to use the module-scoped db instance.
In `@skills/supabase/references/edge-db-supabase-client.md`:
- Around line 33-37: The code currently force-unwraps
req.headers.get("Authorization") when calling createClient (supabase), which
will throw on unauthenticated requests; change it to read the header into a
variable (e.g., const auth = req.headers.get("Authorization")), and only include
the Authorization header in the global headers object if auth is truthy (or omit
headers entirely when absent) so that createClient/supabase initialization does
not crash for unauthenticated requests.
In `@skills/supabase/references/edge-dbg-limits.md`:
- Around line 1-5: Update the YAML frontmatter to make the title action-oriented
and to quantify the impactDescription: change the title field to an
imperative/action phrase (e.g., "Mitigate Edge Function Debugging Limits" or
similar) and rewrite impactDescription to include a measurable benefit (e.g.,
"Reduces production failures by X% and speeds debugging by Y hours per
incident") so both `title` and `impactDescription` comply with the
reference-file guidelines.
In `@skills/supabase/references/edge-fun-project-structure.md`:
- Around line 1-5: The frontmatter uses a non-action title and an unquantified
impactDescription; update the YAML so `title` is action-oriented (e.g., start
with a verb like "Optimize", "Organize", or "Reduce") and change
`impactDescription` to quantify the benefit (e.g., "Reduces cold start latency
by X% and improves maintainability by Y") while keeping existing fields (`tags`,
`impact`) intact; specifically edit the `title` and `impactDescription`
frontmatter keys in this file so they comply with the reference-file
requirements.
In `@skills/supabase/references/edge-fun-quickstart.md`:
- Around line 1-5: Update the YAML frontmatter: change the title field to an
action-oriented phrase (e.g., start with a verb like "Deploy Edge Functions:
Quickstart" or "Quickstart — Deploy Edge Functions") and replace the
impactDescription with a quantified benefit (e.g., "Enables developers to deploy
production-ready Edge Functions in under 15 minutes, reducing deployment
friction by X%") so both title and impactDescription fields are present and meet
the guideline; modify the existing title and impactDescription keys in the
frontmatter accordingly.
In `@skills/supabase/references/edge-pat-routing.md`:
- Around line 1-5: Update the YAML frontmatter: change the title to an
action-oriented phrase (e.g., "Route Edge PATs with Multi-Route Functions" or
similar) and replace the generic impactDescription with a quantified benefit
(include numeric metrics or percentages and timeframe, e.g., "Reduces cold-start
latency by ~30% and simplifies API maintenance, lowering operational overhead by
X%"). Ensure you edit the frontmatter keys `title` and `impactDescription` in
this file so they follow the reference-file requirements and include concrete,
quantifiable outcomes.
🧹 Nitpick comments (4)
skills/supabase/references/edge-dbg-testing.md (2)
2-2: Make the title action‑oriented.“Testing Edge Functions” is descriptive; the guideline expects an action‑oriented title (verb‑led).
As per coding guidelines "Reference files must include YAML frontmatter withtitle(action-oriented)".
4-4: Quantify the impact description.The impactDescription should include a measurable/quantified benefit, not just a qualitative statement.
As per coding guidelines "Reference files must include YAML frontmatter withimpactDescription(quantified benefit)".Proposed tweak
-impactDescription: Ensures reliability before production deployment +impactDescription: Reduces local test failures by ~X% before production deploymentskills/supabase/references/edge-db-supabase-client.md (1)
1-5: QuantifyimpactDescriptionper guidelines.
impactDescriptionneeds a quantified benefit; the current text is qualitative. Please update it to include a measurable impact (even if approximate).
As per coding guidelines: “Reference files must include YAML frontmatter withtitle(action-oriented),impact(CRITICAL|HIGH|MEDIUM-HIGH|MEDIUM|LOW-MEDIUM|LOW),impactDescription(quantified benefit), andtags(keywords)”.✅ Example update
-impactDescription: Primary method for database operations with RLS support +impactDescription: Enables 100% RLS-enforced database operations from Edge Functionsskills/supabase/references/edge-adv-websockets.md (1)
39-46: Consider passing the JWT explicitly togetClaims()for clarity and consistency.The
jwtparameter in supabase-js v2'sgetClaims()is optional, so the current example works with the Authorization header. However, the JWT is already extracted and available on line 35. For consistency with the pattern shown inedge-auth-jwt-verification.md, pass it explicitly:Suggested improvement
- const { data, error } = await supabase.auth.getClaims(); + const { data, error } = await supabase.auth.getClaims(jwt);
| ## 3. Realtime (realtime) | ||
|
|
||
| **Impact:** MEDIUM-HIGH | ||
| **Description:** Channel setup, Broadcast messaging, Presence tracking, Postgres Changes listeners, cleanup patterns, error handling, and debugging. | ||
|
|
||
| ## 3. Storage (storage) | ||
|
|
There was a problem hiding this comment.
Fix section numbering for Storage.
“## 3. Storage” should be “## 4. Storage” to avoid duplicate numbering.
🔧 Suggested fix
-## 3. Storage (storage)
+## 4. Storage (storage)📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| ## 3. Realtime (realtime) | |
| **Impact:** MEDIUM-HIGH | |
| **Description:** Channel setup, Broadcast messaging, Presence tracking, Postgres Changes listeners, cleanup patterns, error handling, and debugging. | |
| ## 3. Storage (storage) | |
| ## 3. Realtime (realtime) | |
| **Impact:** MEDIUM-HIGH | |
| **Description:** Channel setup, Broadcast messaging, Presence tracking, Postgres Changes listeners, cleanup patterns, error handling, and debugging. | |
| ## 4. Storage (storage) |
🤖 Prompt for AI Agents
In `@skills/supabase/references/_sections.md` around lines 18 - 24, The "Storage"
section heading is misnumbered as "## 3. Storage (storage)" causing duplicate
numbering with "## 3. Realtime (realtime)"; update the heading text to "## 4.
Storage (storage)" so the sequence reads "## 3. Realtime (realtime)" then "## 4.
Storage (storage)". Locate the heading string "## 3. Storage (storage)" in the
file and change the numeric prefix to 4, ensuring any adjacent references or
table-of-contents entries (if present) are consistent with the new section
number.
| --- | ||
| title: Streaming Responses | ||
| impact: MEDIUM | ||
| impactDescription: Enables real-time data delivery and AI response streaming | ||
| tags: edge-functions, streaming, sse, server-sent-events |
There was a problem hiding this comment.
Quantify the impact description.
The impactDescription needs a quantified benefit (e.g., latency reduction, throughput increase, or user-perceived responsiveness).
✅ Suggested update
-impactDescription: Enables real-time data delivery and AI response streaming
+impactDescription: Reduces perceived latency by streaming responses within ~1s intervalsAs per coding guidelines, "Reference files must include YAML frontmatter with title (action-oriented), impact (CRITICAL|HIGH|MEDIUM-HIGH|MEDIUM|LOW-MEDIUM|LOW), impactDescription (quantified benefit), and tags (keywords)".
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| --- | |
| title: Streaming Responses | |
| impact: MEDIUM | |
| impactDescription: Enables real-time data delivery and AI response streaming | |
| tags: edge-functions, streaming, sse, server-sent-events | |
| --- | |
| title: Streaming Responses | |
| impact: MEDIUM | |
| impactDescription: Reduces perceived latency by streaming responses within ~1s intervals | |
| tags: edge-functions, streaming, sse, server-sent-events |
🤖 Prompt for AI Agents
In `@skills/supabase/references/edge-adv-streaming.md` around lines 1 - 5, The
YAML frontmatter is missing a quantified benefit in impactDescription and title
should be action-oriented; update the frontmatter fields (title, impact,
impactDescription, tags) so title is an action phrase like "Stream AI Responses
via SSE", keep impact as MEDIUM, and replace impactDescription with a quantified
metric (e.g., "Reduces end-to-end latency by ~40ms per response and improves
perceived responsiveness by 25% for real-time clients"), or other measured
throughput/latency numbers relevant to edge streaming; ensure tags remain
present (edge-functions, streaming, sse, server-sent-events).
Make the title action-oriented.
The frontmatter title should be action-oriented per the references guideline. Consider a verb-led title.
✅ Suggested update
-title: Streaming Responses
+title: Stream Responses to ClientsAs per coding guidelines, "Reference files must include YAML frontmatter with title (action-oriented), impact (CRITICAL|HIGH|MEDIUM-HIGH|MEDIUM|LOW-MEDIUM|LOW), impactDescription (quantified benefit), and tags (keywords)".
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| --- | |
| title: Streaming Responses | |
| impact: MEDIUM | |
| impactDescription: Enables real-time data delivery and AI response streaming | |
| tags: edge-functions, streaming, sse, server-sent-events | |
| --- | |
| title: Stream Responses to Clients | |
| impact: MEDIUM | |
| impactDescription: Enables real-time data delivery and AI response streaming | |
| tags: edge-functions, streaming, sse, server-sent-events |
🤖 Prompt for AI Agents
In `@skills/supabase/references/edge-adv-streaming.md` around lines 1 - 5, The
frontmatter title is not action-oriented; update the YAML in
skills/supabase/references/edge-adv-streaming.md so the title is a verb-led
phrase (e.g., "Stream Responses" or "Enable Streaming Responses") while keeping
the required fields intact: title, impact, impactDescription, and tags; ensure
impact uses an allowed value (CRITICAL|HIGH|MEDIUM-HIGH|MEDIUM|LOW-MEDIUM|LOW)
and impactDescription is a concise quantified benefit.
| --- | ||
| title: WebSocket Handling | ||
| impact: MEDIUM | ||
| impactDescription: Enables bidirectional real-time communication | ||
| tags: edge-functions, websockets, realtime, bidirectional |
There was a problem hiding this comment.
Align frontmatter with action‑oriented title and quantified impactDescription.
The title is not action‑oriented and the impactDescription isn’t quantified. Please update both to meet the reference frontmatter requirements.
As per coding guidelines: “Reference files must include YAML frontmatter with title (action-oriented), impact (CRITICAL|HIGH|MEDIUM-HIGH|MEDIUM|LOW-MEDIUM|LOW), impactDescription (quantified benefit), and tags (keywords)”.
🤖 Prompt for AI Agents
In `@skills/supabase/references/edge-adv-websockets.md` around lines 1 - 5, Update
the YAML frontmatter keys: change the title to an action‑oriented phrase (e.g.,
"Handle WebSocket Connections" or "Implement WebSocket Communication") by
editing the title field; keep or adjust impact to one of the allowed levels
(CRITICAL|HIGH|MEDIUM-HIGH|MEDIUM|LOW-MEDIUM|LOW) in the impact field if needed;
and replace the current impactDescription with a quantified benefit statement
(e.g., "Reduces latency by ~50% for real-time updates and supports X concurrent
connections," or "Enables real-time bidirectional messaging, improving update
delivery for Y% of use cases") so it clearly states the measurable outcome;
ensure tags remain present and relevant in the tags field.
| --- | ||
| title: JWT Verification and Authentication | ||
| impact: CRITICAL | ||
| impactDescription: Prevents unauthorized access and security vulnerabilities | ||
| tags: edge-functions, jwt, authentication, jose, security |
There was a problem hiding this comment.
Frontmatter needs action‑oriented title and quantified impactDescription.
Please update the title to an action‑oriented phrasing and quantify the impactDescription.
As per coding guidelines: “Reference files must include YAML frontmatter with title (action-oriented), impact (CRITICAL|HIGH|MEDIUM-HIGH|MEDIUM|LOW-MEDIUM|LOW), impactDescription (quantified benefit), and tags (keywords)”.
🤖 Prompt for AI Agents
In `@skills/supabase/references/edge-auth-jwt-verification.md` around lines 1 - 5,
Update the YAML frontmatter so the title is action‑oriented (e.g., "Verify JWTs
and Authenticate Edge Requests") and replace the generic impactDescription with
a quantified benefit (e.g., "Reduces unauthorized access incidents by X% by
validating JWTs at the edge" or "Prevents unauthorized access for all edge
requests by enforcing JWT verification"), while leaving impact (CRITICAL) and
tags intact; edit the frontmatter keys title, impactDescription, impact, and
tags accordingly in the existing document.
| // Simple: getClaims() verifies via JWKS (initial fetch required, then cached ~10min) | ||
| const token = req.headers.get("Authorization")?.replace("Bearer ", ""); | ||
| const { data, error } = await supabase.auth.getClaims(token); | ||
| if (error) return new Response("Invalid JWT", { status: 401 }); | ||
| const userId = data.claims.sub; |
There was a problem hiding this comment.
Add a missing‑token guard in the “Correct” example.
If the Authorization header is absent, getClaims(token) will be called with undefined. Add a 401 guard to keep the example accurate.
✅ Suggested fix
-const token = req.headers.get("Authorization")?.replace("Bearer ", "");
-const { data, error } = await supabase.auth.getClaims(token);
+const token = req.headers.get("Authorization")?.replace("Bearer ", "");
+if (!token) return new Response("Unauthorized", { status: 401 });
+const { data, error } = await supabase.auth.getClaims(token);🤖 Prompt for AI Agents
In `@skills/supabase/references/edge-auth-jwt-verification.md` around lines 23 -
27, The example calls supabase.auth.getClaims(token) even when token may be
undefined; add a guard after extracting token (from
req.headers.get("Authorization")?.replace("Bearer ", "")) that returns new
Response("Missing token", { status: 401 }) (or similar 401) when token is falsy,
and only then call supabase.auth.getClaims(token) and proceed to use
data.claims.sub.
| const supabase = createClient( | ||
| Deno.env.get("SUPABASE_URL")!, | ||
| Deno.env.get("SUPABASE_ANON_KEY")!, | ||
| { global: { headers: { Authorization: req.headers.get("Authorization")! } } } | ||
| ); |
There was a problem hiding this comment.
Avoid crashing when Authorization is absent.
The non-null assertion on req.headers.get("Authorization")! will throw for unauthenticated requests. This makes the sample brittle.
🛠️ Safer header handling
- const supabase = createClient(
- Deno.env.get("SUPABASE_URL")!,
- Deno.env.get("SUPABASE_ANON_KEY")!,
- { global: { headers: { Authorization: req.headers.get("Authorization")! } } }
- );
+ const authHeader = req.headers.get("Authorization");
+ const supabase = createClient(
+ Deno.env.get("SUPABASE_URL")!,
+ Deno.env.get("SUPABASE_ANON_KEY")!,
+ { global: { headers: authHeader ? { Authorization: authHeader } : {} } }
+ );🤖 Prompt for AI Agents
In `@skills/supabase/references/edge-db-supabase-client.md` around lines 33 - 37,
The code currently force-unwraps req.headers.get("Authorization") when calling
createClient (supabase), which will throw on unauthenticated requests; change it
to read the header into a variable (e.g., const auth =
req.headers.get("Authorization")), and only include the Authorization header in
the global headers object if auth is truthy (or omit headers entirely when
absent) so that createClient/supabase initialization does not crash for
unauthenticated requests.
| --- | ||
| title: Limits and Troubleshooting | ||
| impact: HIGH | ||
| impactDescription: Prevents production failures and debugging bottlenecks | ||
| tags: edge-functions, limits, debugging, troubleshooting |
There was a problem hiding this comment.
Make the frontmatter title action-oriented and quantify impactDescription.
Both fields are required by the reference-file guidelines but are currently non‑compliant.
As per coding guidelines: “Reference files must include YAML frontmatter with title (action-oriented), impactDescription (quantified benefit)”.
🤖 Prompt for AI Agents
In `@skills/supabase/references/edge-dbg-limits.md` around lines 1 - 5, Update the
YAML frontmatter to make the title action-oriented and to quantify the
impactDescription: change the title field to an imperative/action phrase (e.g.,
"Mitigate Edge Function Debugging Limits" or similar) and rewrite
impactDescription to include a measurable benefit (e.g., "Reduces production
failures by X% and speeds debugging by Y hours per incident") so both `title`
and `impactDescription` comply with the reference-file guidelines.
| --- | ||
| title: Project Structure and Organization | ||
| impact: HIGH | ||
| impactDescription: Proper organization reduces cold starts and improves maintainability | ||
| tags: edge-functions, structure, shared, organization |
There was a problem hiding this comment.
Use an action-oriented title and quantify impactDescription.
These frontmatter fields need to comply with the reference-file requirements.
As per coding guidelines: “Reference files must include YAML frontmatter with title (action-oriented), impactDescription (quantified benefit)”.
🤖 Prompt for AI Agents
In `@skills/supabase/references/edge-fun-project-structure.md` around lines 1 - 5,
The frontmatter uses a non-action title and an unquantified impactDescription;
update the YAML so `title` is action-oriented (e.g., start with a verb like
"Optimize", "Organize", or "Reduce") and change `impactDescription` to quantify
the benefit (e.g., "Reduces cold start latency by X% and improves
maintainability by Y") while keeping existing fields (`tags`, `impact`) intact;
specifically edit the `title` and `impactDescription` frontmatter keys in this
file so they comply with the reference-file requirements.
| --- | ||
| title: Edge Functions Quick Start | ||
| impact: CRITICAL | ||
| impactDescription: Foundation for all Edge Function development | ||
| tags: edge-functions, quickstart, deployment, cli, deno |
There was a problem hiding this comment.
Frontmatter: make the title action-oriented and quantify impactDescription.
These are required fields for reference files.
As per coding guidelines: “Reference files must include YAML frontmatter with title (action-oriented), impactDescription (quantified benefit)”.
🤖 Prompt for AI Agents
In `@skills/supabase/references/edge-fun-quickstart.md` around lines 1 - 5, Update
the YAML frontmatter: change the title field to an action-oriented phrase (e.g.,
start with a verb like "Deploy Edge Functions: Quickstart" or "Quickstart —
Deploy Edge Functions") and replace the impactDescription with a quantified
benefit (e.g., "Enables developers to deploy production-ready Edge Functions in
under 15 minutes, reducing deployment friction by X%") so both title and
impactDescription fields are present and meet the guideline; modify the existing
title and impactDescription keys in the frontmatter accordingly.
| --- | ||
| title: Routing and Multi-Route Functions | ||
| impact: MEDIUM-HIGH | ||
| impactDescription: Reduces cold starts and simplifies API architecture | ||
| tags: edge-functions, routing, hono, url-pattern |
There was a problem hiding this comment.
Frontmatter needs action-oriented title + quantified impactDescription.
Please update per reference-file requirements.
As per coding guidelines: “Reference files must include YAML frontmatter with title (action-oriented), impactDescription (quantified benefit)”.
🤖 Prompt for AI Agents
In `@skills/supabase/references/edge-pat-routing.md` around lines 1 - 5, Update
the YAML frontmatter: change the title to an action-oriented phrase (e.g.,
"Route Edge PATs with Multi-Route Functions" or similar) and replace the generic
impactDescription with a quantified benefit (include numeric metrics or
percentages and timeframe, e.g., "Reduces cold-start latency by ~30% and
simplifies API maintenance, lowering operational overhead by X%"). Ensure you
edit the frontmatter keys `title` and `impactDescription` in this file so they
follow the reference-file requirements and include concrete, quantifiable
outcomes.
Adds the supabase agent skill with comprehensive references for: - Database: schema design, RLS policies, migrations, indexing, query optimization, security - Realtime: channels, broadcast, presence, postgres changes, auth setup, error handling
The model cannot access the Supabase Dashboard directly, so instruct it to ask the user to perform dashboard actions instead. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* rebase and house keeping * fix: storage reference accuracy after docs review Fix RLS permission mappings, CDN cache behavior, file management limits, image transform descriptions, and S3 upload API signatures based on official Supabase documentation audit. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix offset * fix move and copy instructions --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* rebase and house keeping * fix edge functions reference files after docs review * update agents.mdd
* rebase and house keeping * fix supabase sdk reference files after docs review * update agents.md
* feat: auth agent references * Update skills/supabase/references/auth-core-sessions.md Co-authored-by: Stojan Dimitrovski <sdimitrovski@gmail.com> * refactor: improve auth state management and update session handling examples * docs: update performance note for asymmetric JWTs * fix: correct signOut() default scope to 'global' signOut() defaults to scope: 'global' (all sessions on all devices), not current session only. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: improve signOut() examples to show all three scope options Replace redundant explicit 'global' example with 'local' scope, making all three options (global, local, others) visible. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor: flatten auth references to root references directory Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * correct auth hooks * correct auth server ssr * fix auth reference files * fix paths inside skill.md * update agents.md --------- Co-authored-by: Greg Richardson <greg.nmr@gmail.com> Co-authored-by: Stojan Dimitrovski <sdimitrovski@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Rodriguespn
force-pushed
the
feature/supabase-skill
branch
from
5bf5ee3 to
3e05038
Compare
2 participants
What kind of change does this PR introduce?
Introduces the foundational structure for the
supabaseagent skill - a comprehensive guide for AI agents working with Supabase products.What is the current behavior?
There is no skill available to guide AI agents on how to properly use Supabase products.
What is the new behavior?
This PR adds the
supabaseskill scaffolding that will serve as a comprehensive guide covering Supabase core products: Auth, Database, Storage, Edge Functions, Realtime, CLI, supabase-js SDK, and MCP server.Files Added
SKILL.mdAGENTS.mdnpm run build.GETTING_STARTED.mdreferences/_template.mdThese files files were revised by Opus 4.5 with the Anthropic skill-creator skill
How to Contribute
To add content for your product, follow the instructions in
GETTING_STARTED.md.Quick summary:
feature/supabase-skillreferences/_template.mdtoreferences/{your-product}.mdSKILL.mdnpm run validate && npm run build && npm run checkfeature/supabase-skillSummary by CodeRabbit