[pull] master from supabase:master#684
Merged
pull[bot] merged 5 commits intocode:masterfrom Feb 17, 2026
Merged
Conversation
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Fix: remove tab auto completion in favor of tab handlers
Adds the PITR entitlement check to the `Database Backup` -> `PITR` page.
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Redirect for docs button in [oauth panel](https://supabase.com/dashboard/org/_/apps)
Detects HIPAA customers server-side in the assistant code path. Threads `isHipaaEnabled` boolean through `getOrgAIDetails` → `generate-v4` → `generateAssistantResponse`. The motivation is to support online evals down the road, where we'll want to exclude HIPAA projects from Assistant tracing. This PR follows existing patterns for checking if HIPAA is enabled for a project (org has HIPAA addon + project is sensitive). Example [[1]](https://github.com/supabase/supabase/blob/a5dd0a96716561443778f38a518b61d6cac95c19/apps/studio/components/interfaces/Settings/Addons/Addons.tsx#L75), [[2]](https://github.com/supabase/supabase/blob/6858d4e18d9359d573fe3dff73bc4e5fa1cfe219/apps/studio/hooks/misc/useOrgOptedIntoAi.ts#L69). ```ts const hasHipaaAddon = subscriptionHasHipaaAddon(subscription) && settings?.is_sensitive ``` (I call it `isHipaaEnabled` in this PR to avoid it being misunderstood as just the org-level addon, rather it's a combo of that addon being present AND high compliance being enabled on the project). ### Verification steps <details><summary>Click to view the steps I followed to sanity check it works with the local stack</summary> Tested locally with `mise fullstack`: 1. Found my org's subscription ID: ```sh docker exec platform-db-1 psql -U postgres -c "SELECT id, customer_id, status FROM orb.subscriptions;" ``` 2. Added HIPAA addon to it: ```sh docker exec platform-db-1 psql -U postgres -c " UPDATE orb.subscriptions SET price_intervals = price_intervals || '[{\"price\": {\"unit_config\": {\"unit_amount\": \"350.00\"}, \"external_price_id\": \"addon_security_hipaa\", \"item\": {\"name\": \"HIPAA\"}}}]'::jsonb WHERE id = '<subscription_id>';" ``` 2. Toggled on High Compliance (Project Settings → General) 3. Added a temporary log after `getOrgAIDetails` in `generate-v4.ts`: ```ts console.log('[HIPAA]', { isHipaaEnabled }) ``` 4. Sent a message in the AI Assistant → `isHipaaEnabled: true` 5. Toggled off High Compliance → resent → `isHipaaEnabled: false` 6. Removed addon from subscription, left project toggle on → `isHipaaEnabled: false` ```sql -- Find addon index: SELECT ordinality - 1 as idx FROM orb.subscriptions, jsonb_array_elements(price_intervals) WITH ORDINALITY AS elem(val, ordinality) WHERE id = '<subscription_id>' AND val->'price'->>'external_price_id' = 'addon_security_hipaa'; -- Remove by index: UPDATE orb.subscriptions SET price_intervals = price_intervals - <idx> WHERE id = '<subscription_id>'; ``` All three cases confirm `isHipaaEnabled` requires both the org addon and the project-level toggle. </details> Closes AI-434 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added HIPAA mode detection and exposed it in AI workflows. * API request functions now accept optional custom authorization headers for downstream calls. * **Tests** * Added tests covering HIPAA scenarios and verifying authorization header propagation in related flows. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
github-actions
bot
added
the
documentation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )