{"id":21851510,"url":"https://github.com/xaac-ai/rls-scope","last_synced_at":"2025-04-14T16:20:31.128Z","repository":{"id":264287898,"uuid":"892941890","full_name":"xaac-ai/rls-scope","owner":"xaac-ai","description":"Verify proper scoping of your Supabase project's RLS policies with AI-generated pgTAP tests.","archived":false,"fork":false,"pushed_at":"2024-11-27T09:48:15.000Z","size":480,"stargazers_count":12,"open_issues_count":4,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-28T05:02:27.511Z","etag":null,"topics":["pgtap","rls","supabase"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/rls-scope","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xaac-ai.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-23T05:24:41.000Z","updated_at":"2025-01-28T16:52:15.000Z","dependencies_parsed_at":"2024-11-26T05:32:51.643Z","dependency_job_id":null,"html_url":"https://github.com/xaac-ai/rls-scope","commit_stats":null,"previous_names":["ariel-nathan/supabase-rls-ai-tester","ariel-nathan/suparat","xaac-ai/rls-scope"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xaac-ai%2Frls-scope","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xaac-ai%2Frls-scope/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xaac-ai%2Frls-scope/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xaac-ai%2Frls-scope/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xaac-ai","download_url":"https://codeload.github.com/xaac-ai/rls-scope/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248914127,"owners_count":21182360,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["pgtap","rls","supabase"],"created_at":"2024-11-28T01:08:25.559Z","updated_at":"2025-04-14T16:20:31.106Z","avatar_url":"https://github.com/xaac-ai.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\u003cimg src=\"https://raw.githubusercontent.com/xaac-ai/rls-scope/main/rls-scope.jpg\" width=\"50%\"/\u003e\u003c/p\u003e\n\n# 🔬 RLS Scope\n\nGenerate pgTAP test cases for your Supabase project that verify correctness of Row-Level Security (RLS) policies.\n\n\u003e [!CAUTION]  \n\u003e This tool is meant to help catch permissive RLS policies, however it does not guarantee correctness and it is not a substitute for due diligence. Always remember to review your RLS policies!\n\n## Usage\n\n- Your Supabase project have [dbdev](https://supabase.github.io/dbdev/install-in-db-client/) installed.\n- Your Supabase project have [supabase-test-helpers](https://github.com/supabase/supabase-test-helpers) installed (via `dbdev`). For example:\n\n```\n-- Install pgTAP\n\ncreate extension pgtap;\n\n-- Install basejump-supabase_test_helpers (https://database.dev/basejump/supabase_test_helpers)\nselect dbdev.install('basejump-supabase_test_helpers');\nCREATE EXTENSION \"basejump-supabase_test_helpers\";\n```\n\n- You must define the following environment variables in your `.env` or ` file:\n  - `CLAUDE_API_KEY`\n  - `PG_USER`\n  - `PG_PASSWORD`\n  - `PG_DATABASE`\n  - `PG_PORT`\n  - `PG_HOST`\n- Run `npx rls-scope` to generate test cases\n- Run `npx supabase db test --linked` to execute the tests\n- Evaluate the results to ensure test cases are appropriate and cover all relevant access patterns\n  - The AI may generate incorrect tests. If you encounter issues, please submit a pull request to help improve the test corpus 🎓\n- Commit generated test files to protect policies from regressions\n\n## Contributing\n\nWe welcome contributions to improve the tool! Please open an issue or submit a pull request with your improvements.\n\n### Prerequisites\n\n- [**pgTAP**](https://pgtap.org/) - Unit testing framework for PostgreSQL\n- [**dbdev**](https://database.dev/) - Development environment for database projects\n- [**supabase-test-helpers**](https://github.com/supabase/supabase-test-helpers) - Helper functions for testing Supabase policies\n- [**Claude API Key**](https://anthropic.com/) - Required for AI-generated test cases\n- [**Bun**](https://bun.sh/) - A fast all-in-one JavaScript runtime\n- [**Supabase CLI**](https://supabase.com/docs/reference/cli) - Tooling for managing Supabase projects\n- [**Docker**](https://www.docker.com/) - Containerization platform. Docker must be running to use `supabase db test`\n\n### Environment Variables\n\nCopy the `.env.example` file to `.env` and fill in the values from the Supabase dashboard and add your Claude API Key:\n\n```bash\ncp .env.example .env\n```\n\nUpdate the `.env` file with your Supabase database credentials and Claude API Key.\n\n**Note:** Do not commit your `.env` file or any secrets to version control.\n\n### Dependency Installation\n\nInstall the project dependencies using Bun:\n\n```bash\npnpm install\n```\n\n### Getting Started\n\nTo run the application and generate the automated test cases, cd into the project directory and run:\n\n```bash\npnpm build \u0026\u0026 pnpm start\n```\n\nThis command will:\n\n1. Connect to your Supabase database using the provided credentials.\n2. Fetch all existing RLS policies.\n3. Generate pgTAP test files for each policy using Claude AI.\n4. Save the test files in the `supabase/tests` directory.\n\n### Running the Tests\n\nAfter generating the test cases, you can execute them using the Supabase CLI:\n\n```bash\nnpx supabase db test --linked\n```\n\nThe `--linked` flag runs the tests against your remote Supabase project instead of a local database. Make sure you have linked your project first using:\n\n```bash\nsupabase link\n```\n\n**Note:**\n\n- You'll need your project's reference ID (or name) and database password from the Supabase dashboard to link your project successfully.\n\n- This command runs all SQL test files located in the `supabase/tests` directory.\n\n### Model Providers\n\nCurrently, the only supported model is Claude because Anthropic provided free credits for the Supabase AI Hackathon in which this project was developed. If you prefer to use a different model provider like ChatGPT, LLaMa, or Gemini, please submit a pull request.\n\n### Documents in the Corpus\n\nThe most relevant document is the bad-examples-guide which is meant to steer the LLM away from incorrect code which it has written in the past.\n\nSupabase-test-guide describes proper testing on Supabase with pgTAP.\n\nSupabase-test-helpers describes the supabase-test-helper functions which are available through the TLE and necessary for testing RLS policies.\n\n## License\n\nThis project is licensed under the MIT License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxaac-ai%2Frls-scope","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxaac-ai%2Frls-scope","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxaac-ai%2Frls-scope/lists"}