Supabase Hakke

Supabase integration for Hakke Studio projects. Auth, database, storage, edge functions. Use with vercel skill for full-stack deployment.

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 256 · 2 current installs · 2 all-time installs

byBastian Berrios Alarcon@studio-hakke

MIT-0

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The name/description (Supabase integration for Hakke) aligns with the commands and SQL in SKILL.md, but the metadata and instructions include surprising items: the metadata 'requires' lists 'vercel' which is reasonable, however the SKILL.md references an author-specific project path (/home/bastianberrios/...) and a hard-coded login email (contacto@hakke.cl). These author-specific artifacts are not justified by a generic Supabase integration and suggest the instructions are a direct dump of the maintainer's local workflow rather than a general-purpose skill.

Instruction Scope

The runtime instructions tell the agent to run CLI commands (supabase login, link, db push, functions deploy) and to place/expect env variables. They also reference a specific local path and instruct logging in with the author's OAuth account. The SKILL.md refers to sensitive keys (.env variables) and server-side operations (service_role key), but the skill declares no required env vars. The instructions therefore request access to secrets and local filesystem locations not declared in the skill metadata.

✓

Install Mechanism

This is an instruction-only skill with no install spec and no bundled code, so nothing is written to disk by the skill itself. That keeps install risk low.

Credentials

The SKILL.md shows and expects sensitive environment variables (NEXT_PUBLIC_SUPABASE_ANON_KEY and SUPABASE_SERVICE_ROLE_KEY) and suggests operations that require the service_role key (server-side/admin tasks). However, the skill metadata declares no required credentials or primary credential. The absence of declared env requirements while the instructions clearly use/require secrets is a proportionality mismatch and a red flag for accidental or deliberate omission.

✓

Persistence & Privilege

The skill is not always-enabled and does not request persistent system modifications. It does declare use of an exec tool (invoking shell commands), which is expected for a CLI-focused integration, but there is no evidence it alters other skills or global agent settings.

What to consider before installing

This skill appears to be a legitimate Supabase how‑to for the author's Hakke project, but it contains author-specific paths and an explicit OAuth login email and references server-side secrets without declaring them. Before installing or running it: 1) do not provide any credentials unless you understand which key is needed (server_role keys are highly sensitive and should only be used in secure server environments); 2) remove or adapt hard-coded local paths and the example login email to your own environment; 3) treat the SKILL.md as documentation rather than an automated routine — running the 'supabase login' and CLI commands from the agent could attempt to use or modify your local files and environment; and 4) if you plan to allow the agent to invoke this skill autonomously, restrict it from accessing secrets or running CLI commands until you have sanitized the instructions. If you want a safer integration, ask the author to provide a cleaned, generalized SKILL.md that declares required env vars explicitly and removes author-specific artifacts.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.1.0

Download zip

latestvk9757vdvxpw8j9cmnhh1rd24sd823a3d

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Supabase for Hakke Studio

Supabase integration específica para proyectos de Hakke Studio.

Proyectos Actuales

Proyecto	Supabase URL	Uso
hakke-app	`https://[project].supabase.co`	SaaS multi-tenant

CLI Installation

# Supabase CLI (ya instalado)
supabase --version

# Si no está instalado
npm install -g supabase

Authentication

Login to Supabase

supabase login

This opens browser for OAuth login with contacto@hakke.cl.

Link Project

cd /home/bastianberrios/proyectos/HAKKE/hakke-app
supabase link --project-ref <project-id>

Database Operations

Generate Types

supabase gen types typescript --local > lib/supabase/database.types.ts

Create Migration

supabase migration new <migration_name>

Apply Migration

supabase db push

Reset Database (DEV ONLY)

supabase db reset

Auth Operations

Get API Keys

supabase status

Returns:

anon key - Public key (client-side)
service_role key - Secret key (server-side ONLY)

Create User (Admin)

-- In Supabase Dashboard SQL Editor
INSERT INTO auth.users (email, encrypted_password, email_confirmed_at)
VALUES (
  'user@example.com',
  crypt('password123', gen_salt('bf')),
  NOW()
);

RLS (Row Level Security)

Enable RLS

ALTER TABLE users ENABLE ROW LEVEL SECURITY;

Create Policy

-- Users can only see their own data
CREATE POLICY "Users can view own data"
ON users
FOR SELECT
USING (auth.uid() = id);

-- Users can update own data
CREATE POLICY "Users can update own data"
ON users
FOR UPDATE
USING (auth.uid() = id);

Storage Operations

Create Bucket

-- In Supabase Dashboard SQL Editor
INSERT INTO storage.buckets (id, name, public)
VALUES ('avatars', 'avatars', false);

Storage Policy

-- Users can upload to own folder
CREATE POLICY "Users can upload avatars"
ON storage.objects
FOR INSERT
WITH CHECK (
  bucket_id = 'avatars'
  AND auth.uid()::text = (storage.foldername(name))[1]
);

Edge Functions

Create Function

supabase functions new <function-name>

Deploy Function

supabase functions deploy <function-name>

Invoke Function

curl -i -L --request POST 'https://<project>.supabase.co/functions/v1/<function-name>' \
  --header 'Authorization: Bearer <anon-key>' \
  --header 'Content-Type: application/json' \
  --data '{"name":"Functions"}'

Multi-Tenant SaaS (hakke-app)

Architecture

┌─────────────────────────────────────────┐
│           hakke-app (SaaS)              │
├─────────────────────────────────────────┤
│  tenants table (multi-tenant)           │
│  - id, slug, name, plan                 │
│  - owner_id (FK → auth.users)           │
│  - subscription_status                  │
├─────────────────────────────────────────┤
│  Row Level Security (RLS)               │
│  - tenant_id = current_tenant()         │
└─────────────────────────────────────────┘

Tenant Isolation

-- Function to get current tenant
CREATE OR REPLACE FUNCTION current_tenant_id()
RETURNS uuid AS $$
BEGIN
  RETURN (auth.jwt()->>'tenant_id')::uuid;
END;
$$ LANGUAGE plpgsql SECURITY DEFINER;

-- RLS Policy example
CREATE POLICY "Users can only see own tenant data"
ON appointments
FOR ALL
USING (tenant_id = current_tenant_id());

Subscription Management

-- Check subscription status
CREATE OR REPLACE FUNCTION has_active_subscription()
RETURNS boolean AS $$
DECLARE
  tenant_record tenants%ROWTYPE;
BEGIN
  SELECT * INTO tenant_record
  FROM tenants
  WHERE id = current_tenant_id();
  
  RETURN tenant_record.subscription_status = 'active';
END;
$$ LANGUAGE plpgsql SECURITY DEFINER;

Common Queries

List Tables

SELECT table_name
FROM information_schema.tables
WHERE table_schema = 'public';

Describe Table

SELECT
  column_name,
  data_type,
  is_nullable,
  column_default
FROM information_schema.columns
WHERE table_name = 'users';

Check RLS

SELECT
  schemaname,
  tablename,
  rowsecurity
FROM pg_tables
WHERE schemaname = 'public';

Environment Variables

.env.local

NEXT_PUBLIC_SUPABASE_URL=https://<project>.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=<anon-key>
SUPABASE_SERVICE_ROLE_KEY=<service-role-key>

.env.example (commit to git)

NEXT_PUBLIC_SUPABASE_URL=
NEXT_PUBLIC_SUPABASE_ANON_KEY=
SUPABASE_SERVICE_ROLE_KEY=

Client Setup

Server Client (Next.js)

// lib/supabase/server.ts
import { createClient } from '@supabase/supabase-js';
import { cookies } from 'next/headers';

export function createServerClient() {
  const cookieStore = cookies();
  
  return createClient(
    process.env.NEXT_PUBLIC_SUPABASE_URL!,
    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
    {
      auth: {
        persistSession: false,
      },
    }
  );
}

Browser Client (Next.js)

// lib/supabase/client.ts
import { createClient } from '@supabase/supabase-js';

export const supabase = createClient(
  process.env.NEXT_PUBLIC_SUPABASE_URL!,
  process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!
);

Troubleshooting

Connection Issues

# Check if Supabase is accessible
curl -I https://<project>.supabase.co/rest/v1/

# Expected: 401 Unauthorized (means API is working, just need auth)

RLS Not Working

-- Check if RLS is enabled
SELECT tablename, rowsecurity
FROM pg_tables
WHERE schemaname = 'public';

-- Check policies
SELECT
  schemaname,
  tablename,
  policyname,
  permissive,
  roles,
  cmd,
  qual,
  with_check
FROM pg_policies
WHERE schemaname = 'public';

Auth Issues

# Check if user exists
supabase auth list

# Check logs
supabase logs auth

Integration with Vercel

Deploy with Vercel

# In hakke-app directory
vercel

# Add env vars in Vercel Dashboard or CLI
vercel env add NEXT_PUBLIC_SUPABASE_URL
vercel env add NEXT_PUBLIC_SUPABASE_ANON_KEY
vercel env add SUPABASE_SERVICE_ROLE_KEY

Best Practices

Practice	Why
RLS always on	Security first
Service key server-only	Never expose to client
Type generation	Type-safe queries
Migrations in git	Reproducible DB
Separate anon/service keys	Principle of least privilege

Resources

Docs: https://supabase.com/docs
Dashboard: https://supabase.com/dashboard
CLI Reference: https://supabase.com/docs/reference/cli
SQL Editor: Dashboard → SQL Editor
Logs: Dashboard → Logs

Supabase Hakke v1.1.0 - Production-ready for Hakke Studio

Files

1 total

Select a file

Select a file to preview.

Comments

Loading comments…