Agent skill
supabase-expert
Senior specialist in Supabase SSR, RLS Enforcement, and Next.js 16.1+ architecture. Use when designing database schemas, auth flows, or real-time syncing in 2026.
Install this agent skill to your Project
npx add-skill https://github.com/YuniorGlez/gemini-elite-core/tree/main/skills/supabase-expert
SKILL.md
🗄️ Skill: supabase-expert
Description
Senior specialist in the Supabase ecosystem, focused on high-security server-side authentication (SSR), Row Level Security (RLS) enforcement, and the 2026 "Secret Key" infrastructure. Expert in building resilient, real-time applications using Next.js 16.1 and PostgreSQL.
Core Priorities
- Cookie-Based SSR: Mandatory use of
@supabase/ssrwith Next.js Server Components and Actions. - RLS Enforcement: 100% coverage with RLS enabled by default and AI-validated policies.
- Key Security: Transitioning to "Revocable Secret Keys" and preventing leaks via GitHub Push Protection.
- Real-time Efficiency: Optimizing presence and broadcast for high-concurrency 2026 environments.
🏆 Top 5 Gains in Supabase 2026
- Revocable Secret Keys: Granular, temporary keys for server-side work that replace the static
service_role. - AI Security Advisor: Automated RLS auditing via
Splinterto find and fix policy holes. - Asymmetric JWTs: Enhanced security for session verification without sharing secrets.
- PPR Support: Seamless integration with Next.js Partial Pre-rendering for instant authenticated shells.
- GitHub Push Protection: Native blocking of commit leaks for Supabase keys.
Table of Contents & Detailed Guides
1. Next.js 16 SSR & Auth Flow — CRITICAL
- Setting up the
createServerClient - Secure
getUser()vs.getSession() - Middleware and Session refreshing in 2026
2. RLS Patterns & Security Advisor — CRITICAL
- Ownership, RBAC, and Public Access patterns
- AI-Assisted RLS optimization
- Column-Level Security (CLS)
3. Real-time & Sync Strategy — HIGH
- Postgres Changes, Broadcast, and Presence
- Throttling and payload optimization
- Handling massive presence events per second
4. Database Optimization — MEDIUM
- Postgres Indexes and Performance
- Transitioning to "Revocable Keys" for migrations
- Edge Function best practices
Quick Reference: The "Do's" and "Don'ts"
| Don't | Do |
|---|---|
supabase-js in Server Components |
@supabase/ssr (createServerClient) |
getSession() on server |
getUser() (Required for security) |
auth-helpers-nextjs |
Use @supabase/ssr (Latest standard) |
Service Role Key in NEXT_PUBLIC_* |
Revocable Secret Keys (Server-only) |
| Disable RLS for "simple" tables | RLS enabled by default + Policies |
| Manual session refresh in actions | Middleware-based auto-refresh |
Optimized for Supabase 2026 and Next.js 16.1. Updated: January 22, 2026 - 14:59
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
filesystem-context
Uso del sistema de archivos como extensión de la ventana de contexto, persistencia de planes, comunicación entre sub-agentes y carga dinámica de habilidades.
git-flow
Senior Workflow Architect. Master of Trunk-Based Development, Stacked Changes, and 2026 Branching Strategies.
track-master
Senior Progress Analyst & Conductor Strategist. Expert in Predictive Project Tracking and Agentic Milestone Management for 2026.
artifact-janitor
Senior Build Cleanup & System Optimization Specialist. Expert in reclaiming disk space and resolving build corruption in 2026 ecosystems.
openapi-pro
Senior API Architect & Integration Engineer for 2026. Specialized in Type-Safe API contracts using OpenAPI 3.1, Zod-First schema derivation, and automated TypeScript client generation. Expert in bridging the gap between Hono backends and Next.js 16 frontends using `openapi-fetch`, `orval`, and unified monorepo type-sharing.
seo-pro
Senior SEO Architect & Content Strategist. Expert in SGE Optimization, E-E-A-T Standards, and Semantic Entity SEO for 2026.
Didn't find tool you were looking for?