Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

33prime/skills/stack/supabase-postgrest-patterns

Name: skills/stack/supabase-postgrest-patterns
Author: 33prime

skills/stack/supabase-postgrest-patterns/SKILL.md

npx skillsauth add 33prime/rtg-forge skills/stack/supabase-postgrest-patterns

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Error

VirusTotalMulti-engine malware detection

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Supabase PostgREST Patterns

Patterns for querying Supabase effectively through the PostgREST API. Use resource embedding to avoid N+1 queries, type all responses, handle errors explicitly, and paginate everything.

Select With Specific Columns

Never use select('*') in production. Select only the columns you need.

// YES — specific columns
const { data, error } = await supabase
  .from("invoices")
  .select("id, status, created_at, customer:customers(id, name)")
  .eq("tenant_id", tenantId);

// NO — fetches everything, including large JSONB columns
const { data, error } = await supabase
  .from("invoices")
  .select("*");

Resource Embedding (Joins)

Use PostgREST resource embedding to fetch related data in a single query. This avoids N+1 problems.

// ONE query fetches invoices with their customer and line items
const { data, error } = await supabase
  .from("invoices")
  .select(`
    id,
    status,
    created_at,
    customer:customers (
      id,
      name,
      email
    ),
    line_items (
      id,
      description,
      quantity,
      unit_price
    )
  `)
  .eq("tenant_id", tenantId)
  .order("created_at", { ascending: false });

Embedding Rules

Use foreign key relationships for automatic embedding
Rename embedded resources with alias:table_name(columns) syntax
Nest embeddings for multi-level relationships
Use !inner for INNER JOIN behavior: customer:customers!inner(name)

Filtering

// Equality
.eq("status", "paid")

// Not equal
.neq("status", "cancelled")

// Greater than / less than
.gt("total", 1000)
.lt("created_at", "2026-01-01")

// In a set
.in("status", ["draft", "sent"])

// Pattern matching
.ilike("customer_name", "%acme%")

// JSONB containment
.contains("metadata", { source: "import" })

// NULL checks
.is("deleted_at", null)
.not("assigned_to", "is", null)

// Combining filters (AND)
.eq("tenant_id", tenantId)
.eq("status", "paid")
.gte("created_at", startDate)

// OR conditions
.or("status.eq.draft,status.eq.sent")

Pagination

Always paginate list queries. Never return unbounded result sets.

const PAGE_SIZE = 50;

interface PaginatedResult<T> {
  items: T[];
  total: number;
  page: number;
  pageSize: number;
  hasMore: boolean;
}

async function getInvoices(
  tenantId: string,
  page: number = 1,
  pageSize: number = PAGE_SIZE,
): Promise<PaginatedResult<Invoice>> {
  const from = (page - 1) * pageSize;
  const to = from + pageSize - 1;

  const { data, error, count } = await supabase
    .from("invoices")
    .select("id, status, created_at, customer:customers(name)", { count: "exact" })
    .eq("tenant_id", tenantId)
    .order("created_at", { ascending: false })
    .range(from, to);

  if (error) throw new SupabaseQueryError("Failed to fetch invoices", error);

  return {
    items: data as Invoice[],
    total: count ?? 0,
    page,
    pageSize,
    hasMore: (count ?? 0) > page * pageSize,
  };
}

Pagination Rules

Always use range(from, to) for offset pagination
Pass { count: "exact" } to select() to get total count
Default page size of 50, max of 100
Return pagination metadata alongside results
Consider cursor-based pagination for large datasets

Error Handling

ALWAYS check the error property on Supabase responses. Never assume success.

// Custom error class for Supabase query errors
class SupabaseQueryError extends Error {
  constructor(
    message: string,
    public readonly pgError: { message: string; code: string; details: string | null },
  ) {
    super(`${message}: ${pgError.message} (code: ${pgError.code})`);
    this.name = "SupabaseQueryError";
  }
}

// Helper function that throws on error
async function queryOrThrow<T>(
  query: PromiseLike<{ data: T | null; error: any }>,
): Promise<T> {
  const { data, error } = await query;
  if (error) throw new SupabaseQueryError("Query failed", error);
  if (data === null) throw new Error("Query returned null data without error");
  return data;
}

// Usage
const invoices = await queryOrThrow(
  supabase
    .from("invoices")
    .select("id, status")
    .eq("tenant_id", tenantId),
);

RPC (Remote Procedure Calls)

Use Postgres functions (RPC) for complex operations that don't fit the REST model.

-- Define the function in a migration
CREATE OR REPLACE FUNCTION calculate_invoice_total(p_invoice_id UUID)
RETURNS TABLE(subtotal NUMERIC, tax NUMERIC, total NUMERIC)
LANGUAGE sql
STABLE
SECURITY INVOKER  -- Respects RLS
AS $$
  SELECT
    SUM(quantity * unit_price) AS subtotal,
    SUM(quantity * unit_price) * 0.08 AS tax,
    SUM(quantity * unit_price) * 1.08 AS total
  FROM line_items
  WHERE invoice_id = p_invoice_id;
$$;

// Call from TypeScript
const { data, error } = await supabase
  .rpc("calculate_invoice_total", { p_invoice_id: invoiceId });

if (error) throw new SupabaseQueryError("Failed to calculate total", error);
// data is { subtotal: number, tax: number, total: number }

RPC Rules

Use RPC for aggregations, multi-table operations, or complex logic
Use SECURITY INVOKER to respect RLS
Name functions clearly: calculate_invoice_total, get_dashboard_stats
Return typed results (TABLE or specific type)
Prefer STABLE or IMMUTABLE volatility when possible

TypeScript Typing

Generate types from your database schema and use them for all queries.

// Generated types (from supabase gen types typescript)
import type { Database } from "./database.types";

type Invoice = Database["public"]["Tables"]["invoices"]["Row"];
type InvoiceInsert = Database["public"]["Tables"]["invoices"]["Insert"];
type InvoiceUpdate = Database["public"]["Tables"]["invoices"]["Update"];

// Typed client
const supabase = createClient<Database>(url, key);

// Queries are now typed
const { data } = await supabase
  .from("invoices")        // TypeScript knows this table exists
  .select("id, status")    // TypeScript knows these columns exist
  .eq("status", "paid");   // TypeScript validates the column name and value type

Typing Rules

Generate types with supabase gen types typescript after every migration
Use generated types for all query results
Use Insert and Update types for mutations
Keep generated types in version control
Re-generate types in CI to catch schema drift

Realtime Subscriptions

Use Supabase Realtime for live data updates:

const channel = supabase
  .channel("invoice-changes")
  .on<Invoice>(
    "postgres_changes",
    {
      event: "*",
      schema: "public",
      table: "invoices",
      filter: `tenant_id=eq.${tenantId}`,
    },
    (payload) => {
      switch (payload.eventType) {
        case "INSERT":
          handleNewInvoice(payload.new);
          break;
        case "UPDATE":
          handleUpdatedInvoice(payload.new);
          break;
        case "DELETE":
          handleDeletedInvoice(payload.old);
          break;
      }
    },
  )
  .subscribe();

// Cleanup
channel.unsubscribe();

Realtime Rules

Always filter subscriptions to the minimum scope (use filter)
Handle all event types (INSERT, UPDATE, DELETE)
Clean up subscriptions on component unmount
Don't use Realtime as a replacement for initial data fetch

33prime/skills/stack/supabase-postgrest-patterns

skills/stack/supabase-postgrest-patterns/SKILL.md

# Supabase PostgREST Patterns Patterns for querying Supabase effectively through the PostgREST API. Use resource embedding to avoid N+1 queries, type all responses, handle errors explicitly, and paginate everything. --- ## Select With Specific Columns Never use `select('*')` in production. Select only the columns you need. ```typescript // YES — specific columns const { data, error } = await supabase .from("invoices") .select("id, status, created_at, customer:customers(id, name)") .eq

development

Updated Mar 25, 2026

$ install --global

skillsauth

npx skillsauth add 33prime/rtg-forge skills/stack/supabase-postgrest-patterns

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Error

VirusTotalMulti-engine malware detection

70%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Mar 25, 2026, 12:54 PM44.0s4 files scanned

SKILL.md

Supabase PostgREST Patterns

Patterns for querying Supabase effectively through the PostgREST API. Use resource embedding to avoid N+1 queries, type all responses, handle errors explicitly, and paginate everything.

Select With Specific Columns

Never use select('*') in production. Select only the columns you need.

// YES — specific columns
const { data, error } = await supabase
  .from("invoices")
  .select("id, status, created_at, customer:customers(id, name)")
  .eq("tenant_id", tenantId);

// NO — fetches everything, including large JSONB columns
const { data, error } = await supabase
  .from("invoices")
  .select("*");

Resource Embedding (Joins)

Use PostgREST resource embedding to fetch related data in a single query. This avoids N+1 problems.

// ONE query fetches invoices with their customer and line items
const { data, error } = await supabase
  .from("invoices")
  .select(`
    id,
    status,
    created_at,
    customer:customers (
      id,
      name,
      email
    ),
    line_items (
      id,
      description,
      quantity,
      unit_price
    )
  `)
  .eq("tenant_id", tenantId)
  .order("created_at", { ascending: false });

Embedding Rules

Use foreign key relationships for automatic embedding
Rename embedded resources with alias:table_name(columns) syntax
Nest embeddings for multi-level relationships
Use !inner for INNER JOIN behavior: customer:customers!inner(name)

Filtering

// Equality
.eq("status", "paid")

// Not equal
.neq("status", "cancelled")

// Greater than / less than
.gt("total", 1000)
.lt("created_at", "2026-01-01")

// In a set
.in("status", ["draft", "sent"])

// Pattern matching
.ilike("customer_name", "%acme%")

// JSONB containment
.contains("metadata", { source: "import" })

// NULL checks
.is("deleted_at", null)
.not("assigned_to", "is", null)

// Combining filters (AND)
.eq("tenant_id", tenantId)
.eq("status", "paid")
.gte("created_at", startDate)

// OR conditions
.or("status.eq.draft,status.eq.sent")

Pagination

Always paginate list queries. Never return unbounded result sets.

const PAGE_SIZE = 50;

interface PaginatedResult<T> {
  items: T[];
  total: number;
  page: number;
  pageSize: number;
  hasMore: boolean;
}

async function getInvoices(
  tenantId: string,
  page: number = 1,
  pageSize: number = PAGE_SIZE,
): Promise<PaginatedResult<Invoice>> {
  const from = (page - 1) * pageSize;
  const to = from + pageSize - 1;

  const { data, error, count } = await supabase
    .from("invoices")
    .select("id, status, created_at, customer:customers(name)", { count: "exact" })
    .eq("tenant_id", tenantId)
    .order("created_at", { ascending: false })
    .range(from, to);

  if (error) throw new SupabaseQueryError("Failed to fetch invoices", error);

  return {
    items: data as Invoice[],
    total: count ?? 0,
    page,
    pageSize,
    hasMore: (count ?? 0) > page * pageSize,
  };
}

Pagination Rules

Always use range(from, to) for offset pagination
Pass { count: "exact" } to select() to get total count
Default page size of 50, max of 100
Return pagination metadata alongside results
Consider cursor-based pagination for large datasets

Error Handling

ALWAYS check the error property on Supabase responses. Never assume success.

// Custom error class for Supabase query errors
class SupabaseQueryError extends Error {
  constructor(
    message: string,
    public readonly pgError: { message: string; code: string; details: string | null },
  ) {
    super(`${message}: ${pgError.message} (code: ${pgError.code})`);
    this.name = "SupabaseQueryError";
  }
}

// Helper function that throws on error
async function queryOrThrow<T>(
  query: PromiseLike<{ data: T | null; error: any }>,
): Promise<T> {
  const { data, error } = await query;
  if (error) throw new SupabaseQueryError("Query failed", error);
  if (data === null) throw new Error("Query returned null data without error");
  return data;
}

// Usage
const invoices = await queryOrThrow(
  supabase
    .from("invoices")
    .select("id, status")
    .eq("tenant_id", tenantId),
);

RPC (Remote Procedure Calls)

Use Postgres functions (RPC) for complex operations that don't fit the REST model.

-- Define the function in a migration
CREATE OR REPLACE FUNCTION calculate_invoice_total(p_invoice_id UUID)
RETURNS TABLE(subtotal NUMERIC, tax NUMERIC, total NUMERIC)
LANGUAGE sql
STABLE
SECURITY INVOKER  -- Respects RLS
AS $$
  SELECT
    SUM(quantity * unit_price) AS subtotal,
    SUM(quantity * unit_price) * 0.08 AS tax,
    SUM(quantity * unit_price) * 1.08 AS total
  FROM line_items
  WHERE invoice_id = p_invoice_id;
$$;

// Call from TypeScript
const { data, error } = await supabase
  .rpc("calculate_invoice_total", { p_invoice_id: invoiceId });

if (error) throw new SupabaseQueryError("Failed to calculate total", error);
// data is { subtotal: number, tax: number, total: number }

RPC Rules

Use RPC for aggregations, multi-table operations, or complex logic
Use SECURITY INVOKER to respect RLS
Name functions clearly: calculate_invoice_total, get_dashboard_stats
Return typed results (TABLE or specific type)
Prefer STABLE or IMMUTABLE volatility when possible

TypeScript Typing

Generate types from your database schema and use them for all queries.

// Generated types (from supabase gen types typescript)
import type { Database } from "./database.types";

type Invoice = Database["public"]["Tables"]["invoices"]["Row"];
type InvoiceInsert = Database["public"]["Tables"]["invoices"]["Insert"];
type InvoiceUpdate = Database["public"]["Tables"]["invoices"]["Update"];

// Typed client
const supabase = createClient<Database>(url, key);

// Queries are now typed
const { data } = await supabase
  .from("invoices")        // TypeScript knows this table exists
  .select("id, status")    // TypeScript knows these columns exist
  .eq("status", "paid");   // TypeScript validates the column name and value type

Typing Rules

Generate types with supabase gen types typescript after every migration
Use generated types for all query results
Use Insert and Update types for mutations
Keep generated types in version control
Re-generate types in CI to catch schema drift

Realtime Subscriptions

Use Supabase Realtime for live data updates:

const channel = supabase
  .channel("invoice-changes")
  .on<Invoice>(
    "postgres_changes",
    {
      event: "*",
      schema: "public",
      table: "invoices",
      filter: `tenant_id=eq.${tenantId}`,
    },
    (payload) => {
      switch (payload.eventType) {
        case "INSERT":
          handleNewInvoice(payload.new);
          break;
        case "UPDATE":
          handleUpdatedInvoice(payload.new);
          break;
        case "DELETE":
          handleDeletedInvoice(payload.old);
          break;
      }
    },
  )
  .subscribe();

// Cleanup
channel.unsubscribe();

Realtime Rules

Always filter subscriptions to the minimum scope (use filter)
Handle all event types (INSERT, UPDATE, DELETE)
Clean up subscriptions on component unmount
Don't use Realtime as a replacement for initial data fetch

Related Skills

33prime/skills/workflows/parallel-execution

development

VerifiedTrustedCommunity

# Parallel Execution > This skill is under development. Workflow patterns for running independent tasks in parallel to improve performance and throughput. ## Topics to Cover - Identifying independent tasks suitable for parallel execution - `asyncio.gather()` with `return_exceptions=True` - `asyncio.TaskGroup` for structured concurrency (Python 3.11+) - Semaphores for bounded concurrency - `Promise.all()` and `Promise.allSettled()` in TypeScript - Handling partial failures (some tasks succeed

SKILL.mdUpdated Mar 25, 2026

33prime/skills/workflows/parallel-execution

33prime/skills/workflows/module-extraction

development

VerifiedTrustedCommunity

# Module Extraction > This skill is under development. Workflow for identifying and extracting reusable modules from existing codebases. Extract when a pattern is used in 3+ places and has stabilized. ## Topics to Cover - Identifying extraction candidates (rule of three) - Defining module boundaries and public interface - Dependency analysis: what does the module need? - Interface design: protocols, abstract base classes - Step-by-step extraction process - Testing strategy: tests before, dur

SKILL.mdUpdated Mar 25, 2026

33prime/skills/workflows/module-extraction

33prime/skills/workflows/forge-orchestrate

development

VerifiedTrustedCommunity

# Forge Orchestrate — Intelligent Build Orchestration You are a build planner, not a build executor. Your job is to look at a project, figure out what's left to build, decompose the work into parallel streams, assign the right intelligence level to each stream, estimate cost, and hand the user a set of terminal commands they can run. You plan. They execute. --- ## Stream Decomposition The unit of parallelism is a **stream** — a self-contained bundle of tasks that one Claude session handles e

SKILL.mdUpdated Mar 25, 2026

33prime/skills/workflows/forge-orchestrate

33prime/skills/workflows/code-review

development

VerifiedTrustedCommunity

# Code Review > This skill is under development. Workflow for conducting effective code reviews that catch real issues and improve code quality. ## Topics to Cover - Review priorities: correctness > design > performance > style - What to check in every review (checklist) - How to give constructive feedback - Automated checks that should run before human review - Review scope: how big is too big? - Patterns for reviewing database migrations - Patterns for reviewing API changes - When to reque

SKILL.mdUpdated Mar 25, 2026

33prime/skills/workflows/code-review

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/33prime/rtg-forge.git

# Copy into Claude Code skills folder (global)
cp -r rtg-forge/skills/stack/supabase-postgrest-patterns ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

33prime/rtg-forge

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT