use the doittimer Supabase workflow for schema changes, migrations, SQL inspection, RLS policy work, migration verification, and local seeding against the doittimer Supabase project. trigger when Codex is asked to inspect Supabase schema, write or apply migration SQL, verify Supabase changes, generate RLS policies, run safe one-off data queries, or seed the doittimer database.
Use the DoItTimer-specific Supabase workflow without leaking secrets into the repo and without treating production inspection as generic guidance.
Apply this skill only to the DoItTimer Supabase project at https://blwcedhzlrwlnnixtwpi.supabase.co.
Treat this as a project-specific workflow. Do not generalize it to other Supabase projects unless the user explicitly changes the target.
Do not write the live database password or raw connection string into repo files, commits, or user-visible code blocks unless the user explicitly asks for that and accepts the risk.
When direct database access is needed, prefer a local secret-backed command such as:
psql "$env:DOITTIMER_SUPABASE_DB_URL"
Assume DOITTIMER_SUPABASE_DB_URL points to the real DoItTimer Postgres connection unless the user explicitly overrides it.
If the variable is missing, say so clearly and continue by providing the SQL and exact command shape needed.
psql for rows, tables, and one-off queries.Before running commands, inspect the repo for:
supabase/config.tomlsupabase/migrations/supabase/seed.sqlpackage.jsonMakefile.env* files that indicate local or linked project setupPrefer repo conventions over generic defaults.
supabase db push when the user asks to execute or apply.For migration names, prefer concise names such as:
create-users-tableadd-user-timezone-columnenable-rls-on-usersadd-users-select-policyadd-tasks-tableUse psql directly for inspection queries and clearly bounded one-off data operations.
Common examples:
\dt
SELECT * FROM public.projects LIMIT 10;
INSERT INTO public.projects (name) VALUES ('test');
UPDATE public.projects SET name = 'x' WHERE id = '...';
DELETE FROM public.projects WHERE id = '...';
\q
Interpret them this way:
\dt lists tablesSELECT is inspectionINSERT, UPDATE, and DELETE are direct data changes\q exits psqlFor schema changes, durable fixes, or policy changes, do not prefer ad hoc direct execution over a migration.
select, insert, update, and delete unless a broader rule is clearly justified.using and with check behavior independently.Avoid permissive policies such as using (true) unless the table is intentionally public.
Use this ownership pattern by default only when the table design shows the authenticated user owns rows by id:
alter table public.users enable row level security;
create policy "users_select_own"
on public.users
for select
using (auth.uid() = id);
create policy "users_update_own"
on public.users
for update
using (auth.uid() = id)
with check (auth.uid() = id);
Adjust the owner column or access model when the schema shows a different design.
public. unless another schema is intentionally required.supabase CLI or psql is missing, explain the blocker and still provide the SQL and exact commands.drop table, drop column, truncate, broad deletes, or policy rewrites that may lock users out, pause and flag the risk before continuing.When inspecting schema or verifying a change, check as many of these as the environment allows:
Use references/inspection-checklist.md when a fuller inspection or verification pass is needed.