VibeRaven

Supabase Auth and RLS Checklist for AI-Built Apps

VibeRaven helps builders check Supabase launch readiness by scanning repo evidence for auth usage, RLS assumptions, service-role key risk, migrations, storage access, environment variables, and the next prompt for a coding agent.

Check Supabase auth and RLS before launch

Confirm RLS is enabled for user-owned and sensitive tables in the production project.
Review policies for select, insert, update, and delete instead of relying on client filters.
Make sure service-role keys stay server-side and never appear in client bundles or public env vars.
Check auth session handling across server routes, API handlers, storage, and realtime paths.
Verify migrations, seed data, backups, and production-vs-local project separation.
Turn the highest-risk Supabase gap into one scoped coding-agent prompt with verification.

Can VibeRaven prove RLS is enabled in Supabase?

Not by repo evidence alone. VibeRaven can show code and migration evidence, then call out dashboard checks that still need manual confirmation.