home / skills / openclaw / skills / supabase-gen

supabase-gen skill

safe

This skill generates Supabase RLS policies from a Prisma schema, delivering secure defaults and SQL ready for deployment.

npx playbooks add skill openclaw/skills --skill supabase-gen

Review the files below or copy the command above to add this skill to your agents.

Files (8)

SKILL.md

2.5 KB

---
name: supabase-gen
description: Generate Supabase RLS policies from Prisma schema. Use when setting up row-level security for your tables.
---

# Supabase Gen

Row-level security is a pain to write. This tool reads your Prisma schema and generates proper RLS policies for Supabase. You get secure defaults that actually make sense for your data model.

**One command. Zero config. Just works.**

## Quick Start

```bash
npx ai-supabase-gen prisma/schema.prisma
```

## What It Does

- Reads your Prisma schema and understands the data model
- Generates RLS policies for SELECT, INSERT, UPDATE, DELETE
- Creates auth.uid() checks for user-owned resources
- Handles multi-tenant patterns with organization scoping
- Outputs SQL ready to run in Supabase SQL editor

## Usage Examples

```bash
# Generate RLS from your schema
npx ai-supabase-gen prisma/schema.prisma

# Save to migration file
npx ai-supabase-gen prisma/schema.prisma > supabase/migrations/001_rls.sql

# Specify output format
npx ai-supabase-gen prisma/schema.prisma --format sql
```

## Best Practices

- **Review every policy** - AI gets close but you know your access patterns best
- **Test with different users** - RLS bugs are sneaky. Test reads and writes as different roles.
- **Start restrictive** - Better to block legitimate access than leak data. Loosen later.
- **Use service role sparingly** - Service role bypasses RLS. That's powerful and dangerous.

## When to Use This

- Setting up a new Supabase project with existing Prisma schema
- Adding RLS to tables that currently have none
- Auditing your security and want a fresh set of policies to compare
- Learning RLS patterns and want to see how they should look

## Part of the LXGIC Dev Toolkit

This is one of 110+ free developer tools built by LXGIC Studios. No paywalls, no sign-ups, no API keys on free tiers. Just tools that work.

**Find more:**
- GitHub: https://github.com/LXGIC-Studios
- Twitter: https://x.com/lxgicstudios
- Substack: https://lxgicstudios.substack.com
- Website: https://lxgic.dev

## Requirements

No install needed. Just run with npx. Node.js 18+ recommended. Requires OPENAI_API_KEY environment variable.

```bash
export OPENAI_API_KEY=sk-...
npx ai-supabase-gen --help
```

## How It Works

Parses your Prisma schema to understand models, relations, and field types. Then generates appropriate RLS policies based on common patterns like user ownership, org membership, and public/private access. Uses GPT to handle edge cases intelligently.

## License

MIT. Free forever. Use it however you want.

Overview

This skill generates Supabase row-level security (RLS) policies from a Prisma schema so you can secure tables quickly and consistently. It produces SQL policies for SELECT, INSERT, UPDATE, and DELETE with sensible defaults like auth.uid() checks and organization scoping. One command, no config required — output is ready to paste into Supabase SQL editor or save as a migration file.

How this skill works

The tool parses your Prisma schema to detect models, fields, relations, and common ownership patterns. It maps those patterns to RLS rules (user-owned rows, org-scoped rows, public/private) and emits SQL for each CRUD operation, including auth.uid() checks where appropriate. GPT-based heuristics handle edge cases and produce readable, editable policies you should review and test.

When to use it

Setting up RLS for a new Supabase project driven by an existing Prisma schema
Adding row-level security to tables that currently lack RLS policies
Auditing current database policies and generating a baseline for comparison
Rapid prototyping of access controls to learn RLS patterns and iterate quickly

Best practices

Always review and adapt generated policies to match real app access patterns
Test policies with multiple user accounts and roles to validate all flows
Start with restrictive policies and gradually relax rules once verified
Use the service role sparingly — it bypasses RLS and should be limited to trusted server operations
Save generated SQL as a migration file and keep it under version control

Example use cases

Generate SQL policies from prisma/schema.prisma and apply them in Supabase SQL editor
Pipe output into a migration file: npx ai-supabase-gen prisma/schema.prisma > supabase/migrations/001_rls.sql
Use generated policies as a security baseline when onboarding a new team or auditing existing rules
Quickly scaffold RLS for multi-tenant apps using organization-scoped fields detected in the schema

FAQ

Do I need an API key to run the tool?

Yes. Node.js runs the tool via npx and an OPENAI_API_KEY environment variable is required for the GPT-based heuristics.

Is the generated SQL ready to run as-is?

The SQL is ready to run, but you should review and test every policy against your app scenarios before deploying to production.

Can it detect multi-tenant or org-scoped models?

Yes. The parser looks for common organization or tenant fields and generates appropriate scoping checks, but confirm the exact field names and semantics.