[pull] master from supabase:master#1008
Merged
Merged
Conversation
## Problem The date picker pattern we currently have: - requires developers add classes and props themselves to get the expected result. This is cumbersome and prone to error. - does not visually convey the field invalid state like inputs do <img width="702" height="256" alt="image" src="https://github.com/user-attachments/assets/cacd6414-6789-42e3-8d06-88e44fd9fe0a" /> ## Solution Introduce a new `DatePicker` _UI pattern_ that wraps the `Popover` and `Button` components to ease the most common scenarios while still allowing full customization <img width="699" height="250" alt="image" src="https://github.com/user-attachments/assets/e80f842c-28b2-4a4f-b316-c2005e771912" /> ## Component usage Note how we manually pass the `isInvalid` prop to the `<DatePickerButton>` to avoid relying on `react-hook-form` contexts which would make the date picker unusable outside RHF forms. Alternative would be to also have a `<DatePickerInput>` that could be used instead of `<DatePickerButton>` when inside an RHF form. ```tsx <FormField control={form.control} name="expiryDate" render={({ field, fieldState }) => ( <FormItemLayout layout="horizontal" label="Date Picker" description="Date selection with calendar popover" > <FormControl className="col-span-6"> <DatePicker> <DatePickerTrigger asChild> <DatePickerButton isInvalid={fieldState.invalid}> {field.value ? format(field.value, 'PPP') : 'Pick a date'} </DatePickerButton> </DatePickerTrigger> <DatePickerContent> <Calendar mode="single" selected={field.value} onSelect={field.onChange} initialFocus /> </DatePickerContent> </DatePicker> </FormControl> </FormItemLayout> )} /> --------- Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
## What - Route docs page feedback **comments** to Postgres instead of `POST /platform/feedback/docs` (which created duplicate Linear issues); the 👍/👎 vote is unchanged - Store the comment on the **existing `feedback` row**: add `user_id` / `title` / `comment`; submitting a comment updates the vote row the user just created - Capture the real `user_id` (`default auth.uid()`) so feedback is tied to the user - Owner-scoped RLS — `select`/`update` for authenticated users where `user_id = auth.uid()`; anonymous votes stay insert-only - Linear issues still get created, now via the data pipeline instead of directly from the UI ## Linear [DATAENG-1468](https://linear.app/supabase/issue/DATAENG-1468) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Feedback follow-ups now support saving a detailed title and comment, tied to the signed-in user. * **Bug Fixes** * Follow-up submissions are now persisted in Supabase, ensuring the vote and later details stay consistent for logged-in users. * **Tests** * Added coverage for updating a feedback entry’s title and comment. * **Chores** * Removed the previous feedback submission endpoint/mutation flow in favor of a Supabase update-based approach. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
## Summary Updates docs based on stable releases in `supabase/supabase-swift`. ## Changes analyzed - **SDK**: swift - **Repo**: https://github.com/supabase/supabase-swift - **Stable tag range**: `v2.47.2...v2.48.0` - **Commits**: `716e0de6e7e0ec8eba54c6c4dfb8e980b3d51370...e5020ae5a1d01c46cc60fb5eb01157666d7214b6` ## Documentation updates ### `apps/docs/spec/supabase_swift_v2.yml` - Added `sign-in-with-passkey` entry — `signInWithPasskey(presentationAnchor:)` high-level helper (iOS 16+/macOS 13+, experimental) - Added `register-passkey` entry — `registerPasskey(presentationAnchor:)` high-level helper (iOS 16+/macOS 13+, experimental) - Added `passkey-api` group stub with 7 lower-level method entries: - `passkey-list` — `listPasskeys()` - `passkey-update` — `renamePasskey(id:friendlyName:)` - `passkey-delete` — `deletePasskey(id:)` - `passkey-start-registration` — `getPasskeyRegistrationOptions()` - `passkey-verify-registration` — `verifyPasskeyRegistration(challengeId:credentialResponse:)` - `passkey-start-authentication` — `getPasskeyAuthenticationOptions()` - `passkey-verify-authentication` — `verifyPasskeyAuthentication(challengeId:credentialResponse:)` - Updated `auth-mfa-api` overview notes to mention WebAuthn MFA (experimental) - Updated `mfa-enroll` notes and added `enrollWebAuthnFactor` example - Updated `mfa-verify` notes and added `verifyWebAuthnFactor` example ### `apps/docs/content/guides/auth/passkeys.mdx` - Added Swift tabs to: Enable in the client, Register a passkey, Sign in with a passkey, Two-step API, Manage passkeys - Updated SDK version note to include `supabase-swift` v2.48.0 - Updated reference links to include Swift All new Swift passkey APIs are gated behind `@_spi(Experimental) import Supabase`. --- 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Documentation * Expanded Swift SDK passkeys documentation to cover enabling, registering, signing in, managing, and Admin-related notes. * Added experimental Swift guidance for WebAuthn/passkeys, including updated minimum SDK version requirements. * Extended MFA to support WebAuthn/passkeys enrollment and verification (in addition to existing methods). * Added reference documentation for low-level passkey APIs to support custom authentication flows. ## Chores * Updated documentation linting spell-check allow list to include **visionOS**. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude <noreply@anthropic.com>
…46977) ## Context Dashboard currently doesn't have any support for managing stored procedures. In the event that the security advisor surfaces a warning about a stored procedure, users hence run into a dead-end as there's currently no way to self-remediate via the dashboard ## Changes involved We're hence adding support for managing stored procedures within Database Functions <img width="1082" height="546" alt="image" src="https://github.com/user-attachments/assets/2598a5fe-e58f-4e8a-ad2f-9cb6d0eb2f53" /> Creating a function now shows a dropdown to select the type <img width="500" alt="image" src="https://github.com/user-attachments/assets/acc9249d-7b25-4416-aae8-89c630e1c62b" /> In which if stored procedure is selected, the following fields will be hidden since they're irrelevant for stored procedures - Return type - Behaviour (Under advanced settings) Some other minor UI changes as well: - Field inputs are re-ordered a little, opting to group "Schema" and "Name" into one section, followed by "Type" and "Return type" - Opting to show "Return type" when editing a function but disabled - Add schema filter for fetching database functions to reduce unnecessary load on the database ## To test - [ ] Can create, update, delete, read stored procedures via database functions page <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Summary - **New Features** - Added PostgreSQL **procedure** support alongside functions, including a **Type** selector in the create/edit flow. - Updated Functions UI with a new **Type** column and procedure-aware return/argument details. - **Improvements** - Refreshed create/edit headers and language help text for clearer context. - Improved argument parsing/display, including better handling of procedure argument modes. - **Bug Fixes** - Corrected routine-type handling during function/procedure delete and update SQL operations. - **Tests** - Updated unit snapshots and end-to-end UI flows/labels for the new “New function” control. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem When [#46812](#46812) was scoped down to "sidebar visual changes only", Kemal's UI redesign of the Unified Logs sidebar banners was unintentionally reverted back to the older full-bleed strip layout. The shared `UnifiedLogsBanner` component survived, but his actual visual design did not. This PR brings back just Kemal's banner UI changes, with nothing else from that branch. ## Changes - **promo variant** (`LogsSidebarMenuV2`): bordered card with a "New" badge, an "Introducing unified logs" heading, and an "Enable preview" button + "More information" tooltip button - **utility variant** (`FilterSideBar`): bordered card for the "Go back to old logs" action with a "Switch back" tooltip button - Restore the `mx-4 mt-4` placement in both consumers Adapted to the current `Button` `variant` API (the original used the now-removed `type` prop). ## Testing - `pnpm lint --filter=studio` - Visual check of the Logs sidebar for an account eligible for Unified Logs (promo card) and one already on Unified Logs (utility card) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added a "New" badge indicator to the logs interface. * **Style** * Redesigned the unified logs banner with a new card-based layout. * Updated the "Go back to old logs" option with improved visual presentation and tooltip guidance. * Adjusted spacing and alignment of the banner component for better visual hierarchy. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Co-authored-by: kemal <hello@kemal.earth> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…7001) Resolves four docs gaps surfaced in #40985. The Nuxt SSR example in `creating-a-client.mdx` now uses `getClaims()` instead of `getUser()`, matching the file's own guidance at `:253`. The SvelteKit tutorial drops a stale `event.locals.safeGetSession` reference whose linked `app.d.ts` no longer declares one. The Nuxt and SolidJS tutorials each gain a new server-route section using `@supabase/server` (h3 adapter for Nuxt, `createSupabaseContext` for SolidStart), addressing the original complaint that those tutorials had no server setup at all. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Enhanced Nuxt 3 getting-started tutorial with new guidance on adding server routes, validating auth sessions, and using Supabase middleware for protected (and optional public) endpoints. * Updated the Nuxt Server route Supabase SSR example to validate authentication using token claims during server-side refresh. * Added a SolidJS → SolidStart SSR/API migration section, including an example protected profile route and how to make it public. * Refined SvelteKit tutorial wording around TypeScript-related session handling and updated terminology. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
…47027) Reverts #46941 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **New Features** * Feedback is now automatically routed to the appropriate documentation team based on the section being viewed. * **Improvements** * Streamlined feedback submission process—votes and comments are now collected more efficiently in a single submission. * Enhanced feedback data handling and organization for better team collaboration. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **Chores** * Updated shared development dependencies including build tools and code transformation utilities to latest compatible versions for improved performance and stability across the workspace. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
- closes #47033 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Table search now matches fully-qualified table names (e.g., `schema.table`) when no specific schema is selected, enabling searches to work seamlessly across all schemas. * **Tests** * Added comprehensive test coverage validating schema-qualified table name matching in search filters. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem All inputs don't have the same style when focused ## Solution Consolidate focus states across inputs ## How to test Checkout the design system form examples: https://design-system-git-gildasgarcia-depr-354-consoli-0188d7-supabase.vercel.app/design-system/docs/ui-patterns/forms <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Style** * Refined focus-visible ring/outline and ring-offset tokens across buttons, multi-select, radio groups, checkbox, select, and switch for a more consistent accessible experience. * Updated focus-state styling details within the shared Button and related controls (including open-state outline behavior). * **Refactor** * Updated icon upload preview triggers in form examples to use the shared Button component while preserving existing upload behavior and visuals. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Adds a redirect and/or toast depending if there is one for when a feature is enabled via the Feature Preview dialog. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Feature previews now support route-aware enabling: when a dedicated configuration page exists, enabling a feature preview automatically navigates there; otherwise it keeps the standard dashboard activation flow. * Feature preview controls now show contextual tooltips (including guidance based on availability), making it clearer when and how a preview can be enabled or disabled. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Gildas Garcia <1122076+djhi@users.noreply.github.com>
## What kind of change does this PR introduce? Bug fix. Resolves DEPR-594. ## What is the current behavior? On Studio, when an OAuth app provides an `icon` URL that fails to load (e.g. Cursor MCP’s logo on Vercel Blob is blocked by CSP `img-src`), `RequesterLogo` renders an empty gray box on `/authorize` even though a letter fallback already exists when `icon` is null. ## What is the new behavior? `RequesterLogo` tracks image load failures via `onError` and falls back to the app name initial—the same treatment used when no icon URL is provided. Applies to the authorize interstitial and approved state. This is graceful degradation, not a logo-delivery fix. Partner logos that load successfully (e.g. Figma on `*.supabase.co`) are unchanged. ## Additional context **Proper fix (later):** Mirror partner logos to Supabase-controlled storage at dynamic registration time. This is tracked in [DEPR-596](https://linear.app/supabase/issue/DEPR-596). <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Improvements** * OAuth app requester logos now feature enhanced error handling. If a logo image fails to load, the system automatically displays a fallback text-based avatar using the requester's initials. Logo displays refresh correctly when you update app icons, ensuring a consistent and reliable user experience throughout your application management. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Cursor <cursoragent@cursor.com>
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added analytics telemetry for documentation 404 recommendation clicks, recording the clicked destination and the originating page. * **Improvements** * Enhanced the ButtonCard component to optionally handle click actions via an `onClick` callback and forward it to the underlying link element. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
…7048) ## Summary Aligns 16 telemetry event interface identifiers in `packages/common/telemetry-constants.ts` so each interface name equals the PascalCase of its `action` string (`PascalCase(action) + Event`). This is a follow-up to the GROWTH-798 audit (#45964), which fixed the `action` strings and several interface names but left these 16 identifiers mismatched. I renamed identifiers only: every `action` string is untouched, so there is zero impact on PostHog event names or historical data. Before this change, 176/192 interfaces matched the convention. This brings it to 192/192. ## Changes Structural renames (interface name was dropping or reordering words vs the action): - `AskAIEvent` to `AskAiClickedEvent` - `CopyAsMarkdownEvent` to `CopyAsMarkdownClickedEvent` - `DocsRecommendation404ClickedEvent` to `Docs404RecommendationClickedEvent` (from #46990) - `EventPageCtaClickedEvent` to `WwwEventPageCtaClickedEvent` (completes the interface side of GROWTH-798 HIGH #1) - `ImportDataFileAddedEvent` to `ImportDataDropzoneFileAddedEvent` (also updates the consumer `apps/studio/hooks/ui/useCsvFileDrop.ts`) - `QueryPerformanceAIExplanationButtonClickedEvent` to `QueryPerformanceExplainWithAiButtonClickedEvent` Initialism casing (normalized to the file-majority lowercase transform; `Sql` 9:2, `Api` 3:2, `Ai` 6:2): - `CustomReportAddSQLBlockClickedEvent` to `CustomReportAddSqlBlockClickedEvent` - `CustomReportAssistantSQLBlockAddedEvent` to `CustomReportAssistantSqlBlockAddedEvent` - `HomepageGitHubButtonClickedEvent` to `HomepageGithubButtonClickedEvent` - `MetricsAPIBannerCtaButtonClickedEvent` to `MetricsApiBannerCtaButtonClickedEvent` - `MetricsAPIBannerDismissButtonClickedEvent` to `MetricsApiBannerDismissButtonClickedEvent` - `TableRLSEnabledEvent` to `TableRlsEnabledEvent` - `RLSGeneratePoliciesClickedEvent` to `RlsGeneratePoliciesClickedEvent` - `RLSGeneratedPolicyRemovedEvent` to `RlsGeneratedPolicyRemovedEvent` - `RLSGeneratedPoliciesCreatedEvent` to `RlsGeneratedPoliciesCreatedEvent` - `RLSTesterRunQueryClickedEvent` to `RlsTesterRunQueryClickedEvent` ## Testing Type-only change, no runtime or PostHog behavior to exercise. Verified that all 192 interfaces now match `PascalCase(action) + Event` (0 mismatches), the `TelemetryEvent` union has no duplicates, no old identifier names remain anywhere in the repo, and the one external consumer (`useCsvFileDrop.ts`) still resolves via its `['action']` indexed access since the action strings are unchanged. ## Linear - fixes GROWTH-928 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Updated internal telemetry infrastructure for consistency and maintainability. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
- closes #47023 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Modified how connection strings are generated for psql database connections when temporary passwords are in use. Psql connections now return a redacted connection string format instead of directly embedding the temporary credentials in the connection command itself. Other connection types continue using standard password-inclusive connection strings to maintain full compatibility. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
Sweeps the example code that creating-a-client.mdx and other auth docs pull via $CodeSample, so the rendered pages match the "use getClaims()" guidance. Also adds Database type stubs and parameterizes SupabaseClient<Database> across SvelteKit and Hono examples. Fixes #40985 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **Documentation** * Updated OAuth server getting-started guide to use a claims-based consent/auth gate and preserve the authorization identifier on redirect. * Added the `auth_methods` partial across framework sections in the server-side “creating a client” guide. * **Refactor** * Updated authentication examples for Hono, Next.js, and SvelteKit to rely on JWT claims for logged-in checks and protected routes. * Streamlined example auth state and UI rendering to use claims-derived information. * **Type Updates** * Improved TypeScript typing for Supabase clients and app auth data across examples, including generated database type stubs. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? New human. ## What is the current behavior? Please link any relevant issues here. ## What is the new behavior? Feel free to include screenshots if it includes visual changes. ## Additional context Add any other context or screenshots. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Updated team contributors list <!-- end of auto-generated comment: release notes by coderabbit.ai -->
Allow `android:apk-key-hash:<base64url SHA-256>` entries in `WEBAUTHN_RP_ORIGINS` alongside https/localhost-http origins. Non-http(s) origins are matched as-is downstream and Android is responsible to binding the origin to the RP ID via digital asset links.
github-actions
Bot
added
documentation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
16 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )