public
Published on 7/23/2025
Supabase Rules
Rules
- Use Supabase for backend services: authentication, database (PostgreSQL), and storage.
- Integrate Supabase via its official client SDK.
- Store all Supabase credentials and project secrets in
.envfiles and never expose them to the frontend. - Prefer Row-Level Security (RLS) and Supabase Policies to secure database operations.
- Use Supabase Auth for sign-in/sign-up, and persist session client-side securely.
- Use strongly typed APIs (via Supabase's TypeScript types) when querying or mutating data.