[pull] master from supabase:master#936
Merged
Merged
Conversation
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Docs (new Claude Code skill). ## What is the current behavior? There is no shared, written-down reference for the SQL safety model in Studio. The rules around `SafeSqlFragment`/`UntrustedSqlFragment`, sanitization utilities, and how to promote snippet content live only in code and contributor knowledge, which makes it easy for AI-assisted changes to bypass the type-based guarantees. ## What is the new behavior? Adds a `safe-sql-execution` skill under `.claude/skills/` that documents the proven-authorship security model: the three classes of SQL fragments, provenance tracking with branded types, sanitization utilities (`ident`/`literal`/`keyword`), the `acceptUntrustedSql` rule (event handlers only), and the special case that snippet content (`unchecked_sql`) must never be considered safe. Includes good/bad examples for the common patterns. ## Additional context <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Added a comprehensive guide on secure SQL execution in Supabase Studio: explains provenance-based SQL safety, distinct categories of SQL fragments, how unsafe snippets must be explicitly promoted before execution, available sanitization helpers for user input, strict execution constraints to prevent accidental runs, and numerous examples demonstrating safe vs. unsafe usage and safe preview/runner patterns. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46171?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->
Updating and adding Chris Chapman to humans.txt ## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? docs update: Adding to humans.txt ## What is the current behavior? n/a ## What is the new behavior? n/a ## Additional context n/a
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46171?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack){kind=link}
github-actions
Bot
added
the
documentation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )