Supabase multi-tenant RLS boundary packet.

A no-login, client-side packet builder for founders who need evidence before launching a multi-tenant Supabase app: tenant-isolation checks, negative tests, storage policies, service-role paths, and written-report scope.

No network request No browser storage Redacted packets only No live credentials

Build the redacted packet

Paste only non-sensitive snippets. Use table and policy names, redacted SQL, role-matrix notes, and test outcomes. Do not paste keys, live URLs, customer data, cookies, private screenshots, or payment details.

This page runs locally in the browser. The generated packet is for planning or a fixed-scope review, not a full penetration test or compliance certification.

npx --package github:kayalopez/ai-agent-launch-tools#v0.1.25 supabase-tenant-boundary-audit --file supabase_tenant_boundary.redacted.sql --fail-on high

Tenant model summary Redacted RLS policy snippets Negative tests already run Service role / RPC / storage notes

Findings preview

The preview intentionally favors review prompts over certainty. The goal is to create a testable boundary checklist before external users see tenant data.

Generated Markdown will appear here.

Need a second pass?

Use the free packet for self-review. The fixed-scope report is only for one redacted Supabase packet where you want a concise 24-hour written review before launch.

Check paid report scope Open scoped checkout

Good fit: one Supabase app, one redacted schema/policy/grants packet, and a need for launch smoke tests.
Not a fit: live credentials, private repos, full app pentesting, incident response, legal/compliance certification, or broad source-code review.
Next step: read the Supabase Launch Risk Report scope and only use checkout after the fixed scope is clear.