Prove whether a stale Supabase REST response is database, client, or cache-layer behavior.

Paste redacted REST/RLS evidence and build a packet that separates deleted-row proof, direct SQL/RLS behavior, exact URL-string behavior, client/server cache settings, response headers, and schema-cache misconceptions before changing policies.

Build packet See fixed-scope report

Prove database truth firstRecord direct SQL, RLS role context, deleted-row absence, and policy state separately from REST behavior.

Compare exact URLsOne stale query string and one reordered or cache-busted URL should sit side by side.

Avoid broad RLS fixesA stale response is not automatically an RLS bug, and NOTIFY pgrst reloads schema metadata, not app caches.

Project label

Context

Redacted SQL, REST, header, and client-cache notes Evidence already captured

Direct SQL proves the expected database result under the relevant role/session Deleted or restricted rows are absent in SQL with a redacted row-count proof Exact stale REST URL, method, headers summary, status, and row count are recorded Reordered query params, cache-busted URL, or changed limit/order produces a different result Response headers are recorded: cache-control, age, cf-cache-status, etag, and date Client/server cache path is recorded: Next.js route, server component, browser request, curl, or proxy RLS enablement, force RLS, policy names, and role/JWT claims are summarized Schema-cache reload evidence is recorded separately from data-response caching

This page runs locally in the browser. Paste only redacted notes. Do not paste database URLs, JWTs, API keys, service-role keys, project secrets, real user rows, private screenshots, payment data, full names, private handles, or private account records.

Ready.

Want a 24h second pass on this stale-response packet?

If the checker finds several launch-critical gaps, the fixed-scope Supabase report can review one redacted packet: SQL/RLS proof, exact REST URL behavior, response headers, client/server cache path, and next smoke tests.

Check paid report scope Read sample report

Stale REST response packet

What this checks

Whether direct SQL and RLS role tests prove the rows are deleted or denied before any REST/cache conclusion is drawn.
Whether only one exact URL string is stale while reordered params, changed limits, or cache-busting return fresh data.
Whether the request path is really curl/browser PostgREST, a Next.js server-rendered request, a proxy, or another cacheable layer.
Whether schema-cache reload evidence is being mixed up with data response freshness.

PostgREST schema cacheSchema metadata cache is separate from response freshness evidence. Supabase RLSPolicies execute against table access and should be proven with role/session tests. Next.js cachingServer-side framework caching can change what one URL returns to an app. Exact issueCurrent Supabase stale REST response report with URL-key behavior.