playbooks

home / skills / openclaw / skills / supabase-schema-gen

supabase-schema-gen skill

/skills/lxgicstudios/supabase-schema-gen

This skill generates Supabase RLS policies from a Prisma schema to secure multi-tenant apps with minimal config.

npx playbooks add skill openclaw/skills --skill supabase-schema-gen

Review the files below or copy the command above to add this skill to your agents.

Files (2)
SKILL.md
1.9 KB
---
name: supabase-rls-gen
description: Generate Supabase RLS policies from Prisma schema. Use when securing database.
---

# Supabase RLS Generator

Row Level Security is powerful but the policy syntax is tricky. This reads your schema and generates proper RLS policies.

**One command. Zero config. Just works.**

## Quick Start

```bash
npx ai-supabase-gen ./prisma/schema.prisma
```

## What It Does

- Reads your Prisma schema
- Generates Supabase RLS policies
- Handles common patterns (own data, team access)
- Includes policy enable statements

## Usage Examples

```bash
# Generate from Prisma
npx ai-supabase-gen ./prisma/schema.prisma
```

## Best Practices

- **Enable RLS** - it's off by default
- **Test policies** - verify they work as expected
- **Use helper functions** - auth.uid(), auth.role()
- **Think about all operations** - SELECT, INSERT, UPDATE, DELETE

## When to Use This

- Setting up Supabase security
- Adding RLS to existing tables
- Learning RLS patterns
- Securing multi-tenant apps

## Part of the LXGIC Dev Toolkit

This is one of 110+ free developer tools built by LXGIC Studios. No paywalls, no sign-ups, no API keys on free tiers. Just tools that work.

**Find more:**
- GitHub: https://github.com/LXGIC-Studios
- Twitter: https://x.com/lxgicstudios
- Substack: https://lxgicstudios.substack.com
- Website: https://lxgicstudios.com

## Requirements

No install needed. Just run with npx. Node.js 18+ recommended. Needs OPENAI_API_KEY environment variable.

```bash
npx ai-supabase-gen --help
```

## How It Works

Parses your Prisma schema to understand data models and relationships. Then generates appropriate RLS policies based on common access patterns.

## License

MIT. Free forever. Use it however you want.

---

**Built by LXGIC Studios**

- GitHub: [github.com/lxgicstudios/supabase-schema-gen](https://github.com/lxgicstudios/supabase-schema-gen)
- Twitter: [@lxgicstudios](https://x.com/lxgicstudios)

Overview

This skill generates Supabase Row Level Security (RLS) policies from a Prisma schema automatically. It parses your Prisma models and emits ready-to-run SQL policies and enable statements so you can secure tables with one command. No configuration required—just point it at your schema and it produces sensible policies for common patterns like owner-only and team access.

How this skill works

The tool reads your Prisma schema to discover models, fields, and relations, then maps common access patterns to RLS policy templates. It produces policies for SELECT, INSERT, UPDATE, and DELETE and includes statements to enable RLS on the relevant tables. The generator also uses common helper expressions (auth.uid(), auth.role()) in generated policies for immediate use in Supabase.

When to use it

  • Setting up RLS for a new Supabase project from Prisma models
  • Adding or auditing RLS on existing tables derived from your Prisma schema
  • Protecting multi-tenant or team-scoped data with owner and team policies
  • Learning RLS patterns by inspecting example policies generated from real models
  • Rapidly generating baseline policies to iterate from during development

Best practices

  • Always enable RLS after applying generated policies; it is off by default
  • Review and test each generated policy in a staging environment before production
  • Use auth helper functions consistently (auth.uid(), auth.role()) and adapt them to your auth strategy
  • Consider covering all operations (SELECT, INSERT, UPDATE, DELETE) explicitly
  • Tweak generated conditions to reflect custom business rules or complex joins

Example use cases

  • Generate owner-only policies for a posts table where post.userId must match auth.uid()
  • Produce team-access policies so project members with matching team_id can read and write
  • Create baseline RLS for a multi-tenant app so each tenant sees only their rows
  • Quickly scaffold RLS for new tables during a sprint to avoid leaving data unprotected
  • Use generated policies as examples when teaching colleagues RLS concepts

FAQ

Do I need to configure anything?

No. One command reads your Prisma schema and returns policies with no extra config required.

Does it enable RLS automatically?

It generates enable statements, but you should review and run them in your database; enabling RLS is a deliberate step.

Can I customize generated policies?

Yes. The output is meant as a starting point—adjust conditions and helper function usage to match your application logic.