PromptArchPromptArch.ai
Next.js + Supabase

Cursor rule: Supabase data access & RLS

Score: A

An auto-attached .mdc rule that enforces the Supabase client split, RLS-first policy work, and typed queries — with a copyable policy snippet.

---
description: Supabase data-access and RLS conventions for app code
globs: app/**/*.ts,app/**/*.tsx,lib/**/*.ts
alwaysApply: false
---

# Supabase access rules

- Server Components and route handlers import from `@/lib/supabase/server`;
  browser code imports from `@/lib/supabase/client`. Never cross the two.
- The service-role client (`@/lib/supabase/admin`) is reserved for webhook
  handlers. If a query fails under RLS, fix the policy - don't switch clients.
- Type every query result from `Database` in `@/lib/database.types`.
- New tables enable RLS in the same migration that creates them:

```sql
alter table public.notes enable row level security;

create policy "notes_owner_all" on public.notes
  for all using (auth.uid() = user_id) with check (auth.uid() = user_id);
```

- Follow @lib/queries/projects.ts for the query-helper pattern: typed arguments,
  narrow `select` lists, `throwOnError`.
- Migrations are append-only: one new numbered file per change.

These examples are released under CC0. Use them freely, no attribution required. They are provided as is, without warranty of any kind: review and adapt them to your project before use, as you are responsible for the outcome of applying them.

Bring PromptArch to your team

Deploy PromptArch as an internal tool across every area of your company. Get team accounts with shared preloaded credits and custom domains tailored to your organization.

Contact Us
Cursor rule: Supabase data access & RLS - Example | PromptArch | PromptArch