Skip to content

Docs V2: Supabase integration section + canonical encryptedSupabase reference (CIP-3328)#39

Open
coderdan wants to merge 3 commits into
v2from
cip-3328-supabase
Open

Docs V2: Supabase integration section + canonical encryptedSupabase reference (CIP-3328)#39
coderdan wants to merge 3 commits into
v2from
cip-3328-supabase

Conversation

@coderdan

@coderdan coderdan commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Part of the docs V2 overhaul (CIP-3307); implements CIP-3328. Stacks on the v2 branch (PR #37).

Pages

  • /reference/stack/supabase — THE canonical encryptedSupabase page. One signature: encryptedSupabase({ encryptionClient, supabaseClient }) + .from(tableName, schema) (verified against the SDK's generated TypeDoc, v0.18.0 @ 917b5c0). Full builder surface, schema-capability → EQL-term table, response/error shapes, deferred-execution model. Kills the legacy (url, key) / single-arg-.from() variant, which never matched the shipped SDK.
  • /integrations/supabase — flagship tutorial, rewritten on EQL v3: install script → typed eql_v3 columns → SDK schema → wrapper → queries (.eq, .gt, .order on _ord, .ilike as token containment). Pays off the marketplace listing's promises; the listing links here.
  • /integrations/supabase/database — migration-file vs SQL-Editor install (zero-timestamp trick, db reset survival), role grants, functional indexes, RLS composition, pooler note.
  • /integrations/supabase/auth — Supabase Auth session JWT → LockContext.withLockContext(); where identity-locking fits and where it doesn't.
  • /integrations/supabase/dashboard-experience — Table Editor expectations (ciphertext payloads, read-only, UI filtering meaningless), SQL-editor schema work, API-settings guidance, CipherStash-dashboard OAuth flow.
  • Placeholders for 6 forward-linked IA URLs (identity-aware-encryption, schema-design, encrypt-existing-data, drizzle, audit-logging, cts) — no internal 404s; each links its legacy page and its ticket.

⚠️ Release-alignment gate: CIP-3355

The wrapper's API surface documented here is shipped (0.18.0). Its wire behaviour is still EQL v2 (composite type, PostgREST like, v: 2 payloads), and the SDK's v3 branches don't touch src/supabase/ yet. CIP-3355 (twin of CIP-3352) itemizes what must land in the SDK before the v2 branch merges — please add the blocks-CIP-3335 relation in Linear (MCP can't set relations).

Notable verification item: the docs claim custom domain types don't show in the Table Editor's type picker (SQL editor recommended) — needs a quick check against a live project.

Notes for review

  • Anti-drift rule respected: EQL mechanics live in /reference/eql/*; these pages link, never restate.
  • .like()/.ilike() are documented as encrypted token containment (their true semantics in 0.18) with an explicit not-SQL-LIKE callout — consistent with the EQL text page.
  • Build passes (676 pages); internal-link sweep clean.

@vercel

vercel Bot commented Jul 2, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
public-docs Ready Ready Preview, 💬 1 unresolved
✅ 1 resolved
Jul 7, 2026 3:59am

Request Review

@coderdan coderdan marked this pull request as ready for review July 2, 2026 12:56
…reference (CIP-3328)

- /reference/stack/supabase: THE canonical encryptedSupabase page —
  one signature ({encryptionClient, supabaseClient}, .from(table,
  schema)), full query-builder surface, schema-capability → EQL-term
  mapping, response/error shapes, deferred-execution model
- /integrations/supabase: flagship tutorial rewritten on EQL v3
  (install script → eql_v3 typed columns → wrapper → queries incl.
  ORDER BY on _ord; free-text as token containment, no LIKE)
- /integrations/supabase/{database,auth,dashboard-experience}:
  migrations-vs-SQL-Editor install, grants, indexes, RLS composition;
  Supabase Auth JWT → LockContext; Table Editor expectations + OAuth
  integration flow
- placeholder pages for 6 forward-linked IA URLs (identity-aware-
  encryption, schema-design, encrypt-existing-data, drizzle,
  audit-logging, cts) so no internal link 404s
- IA.md: tick CIP-3328 items; add CIP-3355 SDK-alignment gate
  (wrapper wire behaviour is still EQL v2 — blocks final merge)
Reorganize /integrations/supabase from 4 pages into: Overview (front
door from the marketplace listing), Quickstart (the tutorial, OAuth
folded in as optional), Fundamentals (database.mdx + dashboard-
experience.mdx merged), Data layer (ORM/framework router), Auth
(rebuilt on OIDC federation), and Edge Functions (new).

- Auth: replace the deprecated LockContext.identify() flow with
  OidcFederationStrategy as config.authStrategy, then
  .withLockContext({ identityClaim }) — lock context now correctly
  documented as requiring federation.
- Data layer: document the PostgREST vs direct-Postgres fork and
  Supabase pooler/connection glue; link out to canonical ORM pages
  rather than duplicating them.
- Edge Functions: written on the @cipherstash/stack/wasm-inline
  surface; wrapper-on-edge question gated behind a callout.
- Add Prisma + Next.js integration placeholders so Data-layer links
  resolve; fix stale /supabase/database link in the stack reference.
- Reorder meta.json; remove merged pages.
Addresses Vercel preview comment: the section folder and the index
page were both labelled 'Supabase', so the sidebar read 'Supabase ›
Supabase'. Title the index page 'Overview' to remove the repeat.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant