supabase-expert_skill

This skill helps you design secure Supabase SSR, enforce RLS, and optimize real-time Next.js 16.1+ apps with revocable keys.
  • Python

7

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill yuniorglez/gemini-elite-core --skill supabase-expert

  • SKILL.md2.9 KB

Overview

This skill is a senior Supabase expert focused on secure server-side rendering (SSR), Row Level Security (RLS) enforcement, and Next.js 16.1+ architecture for 2026 patterns. It helps teams design auth flows, database schemas, revocable secret key strategies, and high-concurrency real-time sync. The skill emphasizes practical, audit-ready defaults and automated RLS validation.

How this skill works

I inspect your Next.js server components and actions to enforce cookie-based SSR using @supabase/ssr and createServerClient. I audit and propose RLS policies, recommend revocable secret key usage, and produce real-time presence/broadcast optimizations for Postgres. Outputs include secure auth flow diagrams, policy rules, migration notes, and performance-tuned realtime configurations.

When to use it

  • Designing or auditing SSR auth flows in Next.js 16.1+ apps
  • Implementing or hardening Row Level Security for production Postgres
  • Migrating away from static service_role keys to revocable secret keys
  • Building high-concurrency realtime features (presence, broadcasts)
  • Preparing repos for GitHub Push Protection and secret-leak prevention

Best practices

  • Always use @supabase/ssr and createServerClient in Server Components and Actions
  • Prefer getUser() on the server instead of getSession() for strict auth checks
  • Enable RLS by default and model policies for ownership, RBAC, and column-level constraints
  • Use revocable secret keys for server-only operations; never expose keys to NEXT_PUBLIC_*
  • Leverage middleware-based session auto-refresh and Partial Pre-rendering (PPR) for instant auth shells
  • Throttle presence events, compress payloads, and batch broadcasts to reduce Postgres load

Example use cases

  • Securely implementing a multi-tenant app with strict row ownership and RBAC policies
  • Replacing service_role workflows with revocable secret keys for migrations and cron jobs
  • Auditing and auto-fixing RLS gaps using an AI security advisor integration
  • Designing a realtime dashboard that supports thousands of concurrent presences per second
  • Configuring Next.js PPR with Supabase to deliver instant authenticated shells

FAQ

getUser() verifies the authenticated identity for server-side logic and avoids ambiguous session states; it reduces attack surface compared with generic session data.

How do revocable secret keys differ from service_role?

Revocable secret keys are short-lived, purpose-scoped credentials that can be revoked and audited, eliminating long-lived static service_role exposure.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
supabase-expert skill by yuniorglez/gemini-elite-core | VeilStrat