Check the Supabase RPC your AI builder generated to make the error disappear.

Paste redacted Lovable, Bolt, Replit, Cursor, or v0-generated Supabase SQL and check for the privilege patterns that often hide behind a green launch: SECURITY DEFINER RPCs, auth.role() = 'authenticated' policy drift, public views that lost security_invoker = true, and Security Advisor search_path tradeoffs.

AI-generated SQL triage

1
Find quick-fix RPCsFlag security definer, exposed schemas, missing search_path, and comments showing the function was generated to bypass a permission failure.
2
Check caller reachabilityLook for broad grant execute / grant select access to anon, authenticated, or all public users.
3
Keep auth separate from authorizationFlag auth.role() = 'authenticated' when the policy still needs ownership, team, tenant, or admin checks.

Project label Paste redacted SQL, RPC, or view notes

Use redacted text only. Do not paste secrets, private connection strings, real user data, customer records, payment data, private screenshots, full names, private handles, full transaction identifiers, credential values, or service-role keys. This page runs locally in the browser and does not use network requests, browser storage, or a backend.

Ready.

AI SQL findings

Acceptance checks before launch

Every SECURITY DEFINER function lives in a non-exposed schema unless there is a documented reason.
Every AI-generated permission fix is traced to the original error before accepting a privileged RPC, broad grant, or permissive policy.
auth.role() = 'authenticated' is not used as a substitute for ownership, membership, tenant, or admin authorization checks.
Every function with a Security Advisor Function Search Path Mutable warning has a documented remediation: pinned search_path, schema-qualified references, captured FROM CURRENT evidence, or explicit review evidence for an intentional tradeoff.
Every definer function sets a narrow search_path and does not rely on caller-controlled object resolution.
EXECUTE is revoked from broad roles first, then granted only to the roles that should call the RPC.
The function body enforces caller identity, ownership, team membership, tenant boundary, or admin role before returning data or mutating rows.
Anon and authenticated test calls prove the RPC or view cannot bypass the direct-table RLS result the caller should see.
Public views that should obey underlying table RLS preserve WITH (security_invoker = true) after dashboard edits, migrations, and copy/paste recreation.

Check paid report scope Open CLI release Open grants checker Read sample report

CI guard

For generated migration output, fail the build when a high-risk definer RPC or public view drift appears in redacted SQL.

npx --package github:kayalopez/ai-agent-launch-tools#v0.1.29 supabase-rpc-audit --file supabase_migration.redacted.sql --fail-on high

For Security Advisor Function Search Path Mutable packets, the report also calls out SQL-function inlining/performance review when a stable set-returning SQL function has SET search_path.

The command exits 2 after printing the report when a high-severity finding is present. Keep migration SQL redacted before sharing logs publicly.

Need a second pass?

The fixed-scope report can review one redacted generated-app Supabase SQL/RPC/view packet: likely RLS-bypass path, exposed function or view risk, auth.role() policy drift, grants to tighten, and concrete anon/authenticated regression checks. The sample report is fictional and shows the shape before checkout.

Buy $25 Supabase report Read sample report

Source-backed problem set

Supabase RLS docs Official docs warn that views bypass RLS by default and can obey underlying table policies in Postgres 15+ with security_invoker. Supabase view security Official table docs describe security-definer views and the security-invoker modifier. Securing the Data API Official docs call out EXECUTE grants and careful review of SECURITY DEFINER functions. Dashboard view-definition issue Public issue reports dashboard SQL that can drop WITH (security_invoker = true) when a view is recreated. Search-path inlining issue Public issue describes the Function Search Path Mutable remediation tradeoff for stable SQL functions and query-plan inlining. Self-hosted search-path issue Public issue reports local Security Advisor warnings for hard-coded and FROM CURRENT search paths. Default EXECUTE exposure issue Public issue reports unexpected function execution from browser-facing roles after default EXECUTE revocation.