Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt

Use this file to discover all available pages before exploring further.

Date: 2026-01-15
Status: Ready to Execute

Key Findings from Supabase Documentation Review

✅ Use Supabase Branches (Not Separate Projects)

Discovery: Supabase supports branching for staging/testing environments. Benefits:
  • No need to create/manage separate projects
  • Automatic migration sync via GitHub integration
  • Easy branch switching in dashboard
  • Cost-effective (included in plan)
  • Isolated databases per branch
Reference: Supabase Branching Guide Action: Create a persistent branch named “staging” for testing migrations.

✅ RLS WITH CHECK is Critical

Confirmed: UPDATE policies MUST have WITH CHECK clause to prevent organization_id modification. From Supabase Docs:
“The using clause represents the condition that must be true for the update to be allowed, and with check clause ensures that the updates made adhere to the policy constraints.”
Our Status: 118 UPDATE policies missing WITH CHECK (P0 - Critical) Action: Create migration to add WITH CHECK to all affected policies.

✅ Migration Workflow is Well-Documented

Process:
  1. Develop locally with supabase start
  2. Create migrations with supabase migration new
  3. Test locally with supabase db reset
  4. Push to branch/project with supabase db push
  5. Generate types with supabase gen types typescript
Action: Follow standard Supabase migration workflow.

Script Testing Results

✅ Working Scripts

ScriptStatusOutput
lint-migrations.ts✅ WorkingParses 393 migration files
generate-migration-reports.ts✅ WorkingGenerates audit reports
count-tables-by-module.ts✅ WorkingCounts 465 tables across 9 modules

⏳ Needs Database Connection

ScriptStatusRequirement
generate-types.sh⏳ PendingNeeds Supabase project ID
SQL audit scripts⏳ PendingNeeds database connection

Current Database State

Table Inventory

ModuleTablesStatus
PF (Platform)74✅ Complete
HR (Workforce)94✅ Complete
FA (Finance)46✅ Complete
FW (Forms)54✅ Complete
RH (Recovery Housing)51✅ Complete
GR (Governance)49✅ Complete
FM (Facilities)22✅ Complete
LO (Leadership OS)29✅ Complete
IT (IT Operations)35✅ Complete
Other11✅ Complete
Total465✅ Complete

Migration Status

  • Total Migrations: 393 files
  • Chronological Order: ✅ Valid
  • RLS Enabled: ✅ 467 tables
  • SECURITY DEFINER Functions: ✅ 599 functions
  • Update Triggers: ✅ 671 triggers
  • Custom Fields: ✅ 363 tables

Critical Issues (P0)

1. RLS UPDATE Policies Missing WITH CHECK

Count: 118 policies
Risk: Users could modify organization_id, enabling cross-tenant data leakage
Fix: Migration script ready (from audit output)

2. TypeScript Types Empty

Status: src/integrations/supabase/types.ts has no table definitions
Fix: Run ./scripts/generate-types.sh after migration

High Priority Issues (P1)

1. Storage Bucket Naming

Count: 4 non-compliant buckets
Fix: Rename migration ready (from audit output)

2. Missing Audit Columns

Count: ~60 tables missing updated_by (where created_by exists)
Fix: ADD COLUMN migration ready (from audit output)

Next Steps

  1. Set Up Staging Branch
    • Create persistent branch: staging
    • Apply all migrations
    • Verify table counts
  2. Run SQL Audits
    • Execute audit-rls-policies.sql
    • Execute audit-table-columns.sql
    • Execute audit-storage-buckets.sql
    • Save fix statement outputs
  3. Create Fix Migrations
    • RLS WITH CHECK fixes
    • Storage bucket renames
    • Missing audit columns
  4. Validate in Staging
    • Apply fixes
    • Re-run audits
    • Generate types
    • Test application
  5. Production Migration
    • Follow completion plan
    • Execute during maintenance window
    • Validate thoroughly

Documentation

Last Updated: 2026-01-15