Quickback Docs
Quickback for Supabase

Quickback for Supabase RLS

Compile your Quickback definitions into Postgres Row Level Security policies for Supabase. Keep Supabase Auth, Storage, and Realtime — Quickback generates the security layer.

Quickback for Supabase RLS compiles the same defineTable() definitions into PostgreSQL Row Level Security policies for Supabase. You keep Supabase Auth, Storage, and Realtime — Quickback adds the database-level security layer.

Who this is for

You're already on Supabase (or want to be) and you want:

  • Database-level security — RLS policies enforced even if a service role key leaks
  • A type-safe DSL — write security rules in TypeScript, compile to SQL
  • One source of truth — the same firewall and access config that powers a Quickback Hono API also generates RLS policies

What you don't get from this target: generated API routes, batch endpoints, OpenAPI spec, MCP server. Those live with Quickback for Hono API. For Supabase you bring your own application code (PostgREST, Edge Functions, or your own server) and the RLS policies enforce security beneath it.

What compiles to RLS

DefinitionCompiles to
defineTable({ schema })CREATE TABLE + Drizzle schema
firewall: [...]FOR ALL USING policies (data isolation)
access.roles: [...]FOR SELECT/INSERT/UPDATE/DELETE USING policies (role checks)
defineActions()Not compiled — implement in Edge Functions or your app
viewsNot compiled — use Postgres views or column lists
maskingNot compiled — runtime concern, handle in app code
guardsNot compiled — runtime concern, handle in app code

See Mappings for full examples and Limitations for what to handle in app code.

Quick start

quickback/quickback.config.ts
import { defineConfig, defineRuntime, defineDatabase, defineAuth } from "@quickback/compiler";

export default defineConfig({
  name: "my-app",
  providers: {
    runtime: defineRuntime("supabase"),
    database: defineDatabase("supabase"),
    auth: defineAuth("supabase-auth"),
  },
});
quickback compile
supabase db push

The compiler emits RLS migrations under supabase/migrations/. See Setup for the full flow.

In this section

  • Setup — Configure the target, compile, apply migrations
  • Mappings — Which definitions become which RLS policies
  • Limitations — What doesn't compile and how to handle it

Neon

Use Neon serverless PostgreSQL with Quickback. Connection modes, RLS policy generation, Neon Authorize setup, Drizzle integration.

Setup

Configure the Supabase RLS target, compile your definitions, and apply the generated migrations.

On this page

Who this is forWhat compiles to RLSQuick startIn this section