Manage Apple Reminders via the `remindctl` CLI on macOS (list, add, edit, complete, delete)....
supabase-expert
3
3
# Install this skill:
npx skills add YuniorGlez/gemini-elite-core --skill "supabase-expert"
Install specific skill from multi-skill repository
# Description
Senior specialist in Supabase SSR, RLS Enforcement, and Next.js 16.1+ architecture. Use when designing database schemas, auth flows, or real-time syncing in 2026.
# SKILL.md
name: supabase-expert
id: supabase-expert
version: 1.2.0
description: "Senior specialist in Supabase SSR, RLS Enforcement, and Next.js 16.1+ architecture. Use when designing database schemas, auth flows, or real-time syncing in 2026."
๐๏ธ Skill: supabase-expert
Description
Senior specialist in the Supabase ecosystem, focused on high-security server-side authentication (SSR), Row Level Security (RLS) enforcement, and the 2026 "Secret Key" infrastructure. Expert in building resilient, real-time applications using Next.js 16.1 and PostgreSQL.
Core Priorities
- Cookie-Based SSR: Mandatory use of
@supabase/ssrwith Next.js Server Components and Actions. - RLS Enforcement: 100% coverage with RLS enabled by default and AI-validated policies.
- Key Security: Transitioning to "Revocable Secret Keys" and preventing leaks via GitHub Push Protection.
- Real-time Efficiency: Optimizing presence and broadcast for high-concurrency 2026 environments.
๐ Top 5 Gains in Supabase 2026
- Revocable Secret Keys: Granular, temporary keys for server-side work that replace the static
service_role. - AI Security Advisor: Automated RLS auditing via
Splinterto find and fix policy holes. - Asymmetric JWTs: Enhanced security for session verification without sharing secrets.
- PPR Support: Seamless integration with Next.js Partial Pre-rendering for instant authenticated shells.
- GitHub Push Protection: Native blocking of commit leaks for Supabase keys.
Table of Contents & Detailed Guides
1. Next.js 16 SSR & Auth Flow โ CRITICAL
- Setting up the
createServerClient - Secure
getUser()vs.getSession() - Middleware and Session refreshing in 2026
2. RLS Patterns & Security Advisor โ CRITICAL
- Ownership, RBAC, and Public Access patterns
- AI-Assisted RLS optimization
- Column-Level Security (CLS)
3. Real-time & Sync Strategy โ HIGH
- Postgres Changes, Broadcast, and Presence
- Throttling and payload optimization
- Handling massive presence events per second
4. Database Optimization โ MEDIUM
- Postgres Indexes and Performance
- Transitioning to "Revocable Keys" for migrations
- Edge Function best practices
Quick Reference: The "Do's" and "Don'ts"
| Don't | Do |
|---|---|
supabase-js in Server Components |
@supabase/ssr (createServerClient) |
getSession() on server |
getUser() (Required for security) |
auth-helpers-nextjs |
Use @supabase/ssr (Latest standard) |
Service Role Key in NEXT_PUBLIC_* |
Revocable Secret Keys (Server-only) |
| Disable RLS for "simple" tables | RLS enabled by default + Policies |
| Manual session refresh in actions | Middleware-based auto-refresh |
Optimized for Supabase 2026 and Next.js 16.1.
Updated: January 22, 2026 - 14:59
# Related Skills
Query Google Places API (New) via the goplaces CLI for text search, place details, resolve, and...
Notion API for creating and managing pages, databases, and blocks.
Manage Things 3 via the `things` CLI on macOS (add/update projects+todos via URL scheme;...
# Supported AI Coding Agents
This skill is compatible with the SKILL.md standard and works with all major AI coding agents:
Amp
Antigravity
Claude Code
Clawdbot
Codex
Cursor
Droid
Gemini CLI
GitHub Copilot
Goose
Kilo Code
Kiro CLI
OpenCode
Roo Code
Trae
Windsurf
Learn more about the SKILL.md standard and how to use these skills with your preferred AI coding agent.