Verification and Operations

• Requirements and security invariants are written down.
• The reviewed migration is committed and checksummed before hosted execution.
• Locks, compatibility, data loss, grants, RLS, functions, and recovery have been reviewed where applicable.
• Post-apply schema inspection and relevant Supabase Advisor checks pass.
• Real allowed and denied access paths have been tested.
• A deployment record captures the observed outcome.

The SQL Editor normally runs with privileged administrative context. When exposure changes, test unauthenticated Data API requests, ordinary signed-in users, cross-user or cross-tenant denials, and any Storage, Realtime, Edge Function, or backend path actually used. A secret/service-role request cannot prove that an ordinary user is denied.

If hosted state disagrees with migrations or deployment records, stop new schema changes, investigate the actual difference, and reconcile it with a new reviewed migration and deployment record. Do not edit old applied migrations to make the history appear clean.

Monitor authorization failures, Storage failures, database timeouts, deadlocks, slow critical queries, and background processing without logging secrets or unnecessary personal data.