Terry Sutton

40 minutes! Nice post, thanks for sharing!

Has this resolved? That instance looks healthy now

great!

Hey! You'll should be able to contact support via the dashboard (top right corner). Happy to take a look as well — submit a ticket and pass your ticket id here

It’s a very hard problem! We’d love for everyone to be able to send unlimited emails, but is a very tricky balance to maintain deliverability for everyone.

Hey there Are you sure this is the correct account that you've logged in with? Do you normally login via Bolt? Are they visible there?

As others have said, the built-in email service is really meant for testing/dev, not production sending. For that, you need to setup a custom smtp of your choice. Auth emails are are very hard to run at scale because they attract tons of abuse: spam signups, bots, credential stuffing, phishing attempts, bounce spam, etc. If every free project could send unlimited emails from shared Supabase infrastructure, the sender reputation would get destroyed pretty quickly and legit auth emails would start landing in spam for everyone.

Will address, thanks.

Yes this is an important distinction. “RLS enabled” just means policies are being enforced — not that the policies are restrictive. A policy like `USING (true)` without `TO authenticated` can still allow reads from the `anon` role, which is what your public anon key uses. Agents do a good job of auditing your RLS policies if you ask them (with a set of local schema files, or by connecting to an mcp server). We've also been working on a new RLS testing tool that we'd love to get feedback on: [https://github.com/orgs/supabase/discussions/45233](https://github.com/orgs/supabase/discussions/45233) (disclosure: i work at supabase)

One thing to check: are you always using getUser? If you switch these to getClaims you’ll reduce a round trip each time and rely on the user’s local session.

The end of the survey specifically says the t-shirts will be sent out when the results are available.

We have many, many users running their own self-hosted installs. This subreddit is also very helpful when it comes to issues/advice.

Good callout — that is annoying. Will flag with the Dashboard team!

Please submit a support request and we'll try and sort you out. We end up banning a lot of accounts for spam reasons. You might have been mis-flagged.

Yes this is definitely on our radar to improve.

Give discord a look. You’ll do best with on going help with your errors there.

The pausing email warning from Ant you mean? I just looked at one and it had the name and the ref: “Your project functions-secrets-tester (ID: kqfibelntndwwafgmeb) from your organization abc's org has been paused.”

This is a little overstated I think. On Decoupling**,** Supabase Auth isn’t that tightly coupled. It’s just JWTs + user tables. You can bring your own auth or swap in providers like Clerk/Auth0. It’s work, but that’s true of any auth system. Our goal is to make it \_easy\_ to use whatever auth solution you want, not hard. We have a bunch of 3rd party providers here [https://supabase.com/docs/guides/auth/third-party/overview](https://supabase.com/docs/guides/auth/third-party/overview) **Pricing:** Auth being the biggest cost driver isn’t what we typically see. It’s based on MAU (not total users), there’s a solid free tier, and at scale your costs are usually compute, storage, bandwidth, etc. On your way to 1M+ users, you’ll have plenty of flexibility to optimize or swap things anyway. Avoiding a built-in tool upfront because you might want to swap it later feels premature.

You’ll need to submit a support ticket to move from GitHub login to username/password.

+1 for a seed.ts file. I make sure everything tears down and sets back up with a quick run of npm run seed:users/data/whatever I also do RLS testing this way. I have a script that I keep up to date as I build. It creates users, checks what they have access to, and reports it back to me.

These actually aren't false positives. They are warning level, so you can assess your own risk and deal with them accordingly. If you can disable pg\_graphql, you should be able to resolve all of them at once.

kk replying there from now on.

Aha! Related to some new advisor rules released a day or so ago: [https://supabase.com/docs/guides/database/database-advisors?lint=0026\_pg\_graphql\_anon\_table\_exposed](https://supabase.com/docs/guides/database/database-advisors?lint=0026_pg_graphql_anon_table_exposed) If you're not using it, the easiest fix is to disable `pg_graphql` [`https://supabase.com/dashboard/project/_/integrations/graphiql/overview`](https://supabase.com/dashboard/project/_/integrations/graphiql/overview)

Hey there — could you submit a ticket for this? Happy to take a look.

Yeah you don’t want a half and half for sure. If you have an export or an api, the amazing folks on discord will be able to help you get rolling for sure.

I'm +1 on migrating to Supabase before you launch. It shouldn't take you that long with Claude Code. I'd have claude code write a script to import that data into Supabase. Question — I'm not sure how Create Anything AI works: how would you get the data out? Do they have an api you can query data from to insert into Supabase? Is your frontend and backend in Create Anything? What will you do with the frontend now? Have that query Supabase? Also +1 on not self-hosting, at least at this stage. You don't need to be a total devops person, but you'll likely want some level of server managing under your belt. Last, I should note that Discord would be super helpful to guide you through this process. [https://discord.supabase.com/](https://discord.supabase.com/) (Disclosure: I work at Supabase, so I'm quite biased. I'd be +1 on moving everything to one system, even if it wasn't Supabase though! :\^)

Lot's of customer stories here from YC companies and beyond: [https://supabase.com/customers](https://supabase.com/customers)

Got a support ticket number? Can check if it's been triaged to the right team.

Yes, this is intended. If you use the new keys, the same applies to the new PUBLISHABLE key. But as u/ashkanahmadi said, you must have RLS enabled and policies set to manage permissions to the table. Lots of info in the docs: [https://supabase.com/docs/guides/database/postgres/row-level-security](https://supabase.com/docs/guides/database/postgres/row-level-security)

Want to quickly clarify the pricing scenario mentioned above: * If you already have 2 Free projects and upgrade to Pro, you can keep those Free projects by moving them into a separate organization under the same email. * The Pro plan is charged once per organization, not per project. * Pro also includes $10/month in compute credits. * Each Micro compute project costs $10/month. Example with 4 total projects: * Project 1 — Free * Project 2 — Free * Pro subscription — $25 * Compute credits — -$10 * Project 3 — $10 Micro instance * Project 4 — $10 Micro instance Total: $0 + $0 + $25 - $10 + $10 + $10 = $35/month The calculator under "How compute pricing works" on the pricing page can help visualize this: [https://supabase.com/pricing](https://supabase.com/pricing?utm_source=chatgpt.com)

We've chosen to do immediate, pro-rated credits instead of allowing you to finish the billing period with the features you've paid for. Tbh, I'm not sure why we decided to do it this way — likely because it was simpler to implement back when the company was much smaller a few years ago.

To be clear, we only pause accounts after 7 days of inactivity. If OpenClaw was doing stuff with your project during that time, the project would not have been paused.

What's your ticket ID? I can look at it first thing tomorrow.

We’d be happy to use a refund in this case. Submit a support ticket for it.

Two active projects. The issue is that active projects have a direct cost for us so we can’t offer unlimited. You can have an unlimited number of projects but only two can be active at a time.

This is great feedback. There are a few areas here where we can do a better job clarifying and improving the experience. I'll chat with the team about the points you've outlined. On compute being charged separately: the Pro plan is an organization subscription that includes benefits like email support, backups, longer log retention, and other paid-plan features. That $25 Pro fee is charged once per organization, regardless of how many projects you have. Project compute is billed separately based on the size of each project's instance. For example, you might run one project on Small compute ($15/mo) and another on XL ($210/mo), while still only paying the single $25 Pro subscription fee for the organization. And on refunds: while refunds are not automatic, we do review requests and provide them when situations warrant. Please feel free to submit a support ticket and the team can take a look at this billing period for you. On post-downgrade credits, we outline how all of this works here: [https://supabase.com/docs/guides/platform/manage-your-subscription](https://supabase.com/docs/guides/platform/manage-your-subscription) In short, downgrades take effect immediately, but you are credited for the unused part of the billing period. Appreciate you taking the time to put this together.

Very cool that you're still running this on the free tier! Thanks for sharing this!

Sorry you've been affected by this. Re: the status page seeming busy — our goal is to be highly transparent, so users aren't left guessing whether an issue is on their side or ours. That means we post updates for incidents with broad impact, like today's auth issue, as well as smaller degradations that only affect a subset of projects or regions. We're providing updates about the auth issue on this thread: [https://www.reddit.com/r/Supabase/comments/1so179w/supabase\_auth\_down\_for\_useast\_2/](https://www.reddit.com/r/Supabase/comments/1so179w/supabase_auth_down_for_useast_2/)

Update: Our upstream networking provider has discovered an issue and has declared an incident on their side. We are working directly with them and provide updates as we soon as we have them. See the latest here: [https://status.supabase.com/](https://status.supabase.com/)

What's your support ticket id?

One project per app for sure. If you weren't using auth it might be feasible (though still not a good idea), but with users, I think you'll regret combining apps pretty quickly.

Try a new browser? Incognito? A VPN? What region are you in?

pdf-lib requires fontkit to be registered before embedding custom fonts. Without it, \`embedFont()\` can fail as you're seeing. Try this: `import fontkit from 'npm:@pdf-lib/fontkit';` `const pdfDoc = await PDFDocument.create();` `pdfDoc.registerFontkit(fontkit);` `const fontResponse = await fetch(fontUrl);` `const fontBytes = new Uint8Array(await fontResponse.arrayBuffer());` `const font = await pdfDoc.embedFont(fontBytes);`

Really cool use case! Thanks for sharing.

Do you mean db egress? Some useful tips here for debugging in the "What is contributing to egress?" section: [https://supabase.com/docs/guides/troubleshooting/all-about-supabase-egress-a\_Sg\_e](https://supabase.com/docs/guides/troubleshooting/all-about-supabase-egress-a_Sg_e)