Supabase Skill

Guardrails

• Never put Supabase service-role keys in client/browser code.
• Prefer RLS-default-deny for writes; public read only for published content.
• Ask before applying migrations to a real Supabase project.

Workflow checklist

1. Read the canonical schema/RLS docs first.
2. For DDL changes, prefer migrations and keep SQL deterministic/idempotent.
3. Ensure RLS policies match the intended access model (admin-only writes).
4. For server-side writes, validate inputs with Zod before DB calls.
5. Use Supabase MCP for applying migrations, inspecting tables/policies, and fetching logs.