supabase-best-practices_skill

This skill enforces Supabase best practices across security, schema design, authentication, real-time, edge functions, and performance for robust apps.
  • JavaScript

0

GitHub Stars

4

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill jcastillotx/vibe-skeleton-app --skill supabase-best-practices

  • metadata.json639 B
  • package.json586 B
  • README.md1.2 KB
  • SKILL.md1.4 KB

Overview

This skill codifies Supabase development standards for secure, maintainable projects. It focuses on Row Level Security, database design, real-time features, Edge Functions, authentication, storage, performance, and client tooling. Use it as a checklist to reduce risks and speed up common Supabase tasks.

How this skill works

The skill inspects project patterns and recommends concrete rules across eight categories: security (RLS), schema design, auth, realtime, Edge Functions, storage, performance, and client libraries. It flags risky configurations, suggests hardened defaults, and provides actionable steps for migrations, policy definitions, subscription handling, and deployment best practices. Outputs aim to be implementable in code or CI checks.

When to use it

  • Designing or migrating Supabase database schemas
  • Implementing Row Level Security policies and auth rules
  • Building realtime subscriptions, presence, or broadcasting features
  • Developing and deploying Edge Functions or serverless endpoints
  • Configuring storage buckets, file transforms, or signed URLs
  • Optimizing queries, indexes, and connection pooling for production

Best practices

  • Enforce Row Level Security with least-privilege policies and test with role-based scenarios
  • Model relationships with explicit foreign keys, unique constraints, and migration scripts
  • Centralize auth flows: use secure JWT handling, session refresh, and multi-factor where needed
  • Limit realtime subscriptions to necessary channels and validate payloads server-side
  • Use Edge Functions for server-side secrets, environment isolation, and robust logging
  • Apply indexes for frequent filters, use connection pooling, and profile slow queries regularly

Example use cases

  • Create RLS policies that allow users to access only their rows and test via service and anon keys
  • Design migration plan adding foreign keys and backfill logic before enabling constraints
  • Replace client-side secret logic with Edge Functions that sign URLs or validate webhooks
  • Implement realtime presence for collaborative sessions and cap event rates to protect DB
  • Add automated checks in CI to validate schema changes, RLS coverage, and Edge Function build

FAQ

No — recommendations prioritize safe rollout: add policies in permissive mode, run tests and gradual enforcement before blocking access.

How do I test Row Level Security effectively?

Use separate test users and service accounts in staging, run integration tests covering allowed and denied access, and include automated policy validations in CI.

Can I use Edge Functions for heavy compute or long-running jobs?

Edge Functions are best for short, secure server-side logic. Offload heavy or long-running tasks to background workers or managed job queues.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational