Supabase Development Rules

supabasedatabasebackendrealtime

Rules for building secure and efficient applications with Supabase

Целевые файлы

Файл	Формат
.cursorrules	plaintext
CLAUDE.md	markdown

Содержимое

Use the supabase-js client for all data access; never call PostgREST endpoints directly. Always enable Row Level Security (RLS) on every table before exposing it to clients. Write RLS policies for SELECT, INSERT, UPDATE, DELETE separately for fine-grained control. Use auth.uid() in RLS policies to scope rows to the authenticated user. Never use the service role key on the client side; restrict it to server-only code. Use Supabase Edge Functions for business logic that must not run on the client. Store file metadata in a database table; use Supabase Storage for the binary objects. Set bucket policies to private by default; generate signed URLs for temporary access. Use realtime subscriptions only on tables where live updates are required. Define database functions in SQL migrations, not inline in application code. Keep migrations in supabase/migrations; run supabase db push for local and CI deploys. Use TypeScript types generated by supabase gen types typescript for type-safe queries. Validate all user inputs server-side before inserting into the database. Monitor slow queries via Supabase Dashboard → Reports → Slow Queries regularly.

CLI

npx mindaxis apply supabase-rules --target cursor --scope project

Используется в паках

BaaS Rapid Dev

Ship backend features in hours

Открыть пак →

← Правила