Generated Supabase App Launch Check

Build a redacted launch packet for Lovable, v0, Bolt, or AI-generated Supabase apps where tables, policies, functions, storage upserts, and bucket paths may have been created faster than the security review.

Generate launch packet Run grants checker

Generated schema driftPrompt-built tables can look complete while missing explicit Data API grants, RLS enablement, storage-object policies, or role-matrix smoke tests.

Launch-day breakageNew Supabase projects move to explicit grants on May 30, 2026, so generated migrations need grants beside RLS policies.

Redacted and localNo network request, analytics, browser storage, backend upload, or private project data is used by this page.

Project label

Builder source

Redacted schema and migration notes Redacted RLS, auth, and tenant notes Redacted app runtime, RPC, storage, or smoke-test notes

Paste only redacted notes. Do not paste credentials, service-role keys, customer rows, private screenshots, payment data, full names, private handles, or private account records. This is planning help, not legal advice, penetration testing, or a security certification.

Ready.

Launch review packet

What this catches before a paid report

Generated tables in public without explicit GRANT statements for intended Data API callers.
RLS policies that look correct but have no anon, authenticated, owner, wrong-owner, or wrong-tenant smoke-test evidence.
RPCs, Security Definer functions, views, storage upserts, and bucket paths that bypass the caller boundary or keep default exposure.
Lovable Cloud versus directly managed Supabase confusion, where the person launching does not know which backend owns the data and keys.

Check paid report scope Read sample report

Source-backed problem set

Supabase grants rollout Supabase names AI coding tools, migrations, explicit grants, and the May 30 / October 30 timeline. Supabase RLS docs Exposed-schema tables need RLS enabled and explicit role privileges when created with SQL. Supabase Storage docs Storage uploads and overwrites need separate object policies; upsert flows require select and update evidence. Lovable Supabase docs Lovable can generate tables and schema from prompts while connecting apps to Supabase. Backend ownership check Supabase documents the distinction between Lovable Cloud and a Supabase project you directly manage.