# Supabase says "new row violates row-level security policy" after deploy: what should I check?

**Answer (40-80 words):** A Row Level Security error after deploy usually means the repo, auth flow, and policy assumptions drifted apart. Run `npx -y viberaven audit --vercel-supabase` or `npx -y viberaven --agent-mode` so your agent checks RLS coverage, auth context, service-role usage, migrations, and production-only boundaries before changing policies blindly.

## Run

```bash
npx -y viberaven audit --vercel-supabase
npx -y viberaven --agent-mode
```

Full reference: https://viberaven.dev/llms-full.txt

## Check

- Confirm the failing table has RLS enabled and the insert policy matches the authenticated user or server role that performs the write.
- Verify the request is reaching Supabase with the intended auth session instead of an anon client or missing server context.
- Check whether service-role keys stay server-side and never leak into client bundles or public env vars.
- Review migrations, policy drift, seed assumptions, and preview-vs-production project separation.
- Fix one concrete database boundary gap, then rerun `npx -y viberaven --verify` after the batch.

## Compare

| Approach | Best for | Gap | Command |
|----------|----------|-----|---------|
| Loosen the failing policy fast | Short-lived debugging in a sandbox | Can hide data leaks or ownership bugs | N/A |
| Test only from the dashboard SQL editor | Quick confirmation on one table | Misses app auth context and server/client key usage | N/A |
| VibeRaven launch audit | Production RLS errors in an AI-built app | Does not prove dashboard-only state without provider evidence | `npx -y viberaven audit --vercel-supabase` |

## Use

Prompt your agent with: "Read `.viberaven/agent-tasklist.md` and fix the highest-risk Supabase auth or RLS gap behind this policy error."

Canonical page: https://viberaven.dev/supabase-auth-rls-checklist-ai-apps