Backend Safeguard Protocol (Supabase + Vercel API)

1. Database Schema & Migration Safety

• Migrations:
  • NEVER edit a previous migration. Always create a new one.
  • Migration files must be numbered/timestamped sequentially.
  • Destructive changes (DROP COLUMN) require explicit user confirmation.
• Supabase Specifics:
  • Use pg_jsonschema (if available) or CHECK constraints for complex JSON data.
  • Indexes: Ensure Foreign Keys have indices if used in JOINs frequentyl.

2. RLS (Row Level Security) "Ironclad" Rules

• Enablement: ALTER TABLE "table_name" ENABLE ROW LEVEL SECURITY; is MANDATORY.
• Policies:
  • Must have separate policies for SELECT, INSERT, UPDATE, DELETE (unless absolutely identical).
  • auth.uid() MUST be checked for user-specific data.
  • service_role usage in client is FORBIDDEN.