From 7d6fc52ae3b90380009d864c4029179023bccb54 Mon Sep 17 00:00:00 2001 From: Garry Tan Date: Thu, 19 Mar 2026 00:40:41 -0700 Subject: [PATCH] fix: add SELECT RLS policies to migration for community dashboard reads All telemetry data is anonymous (no PII), so public reads via the publishable key are safe. Needed for the community dashboard to query skill popularity, crash clusters, and version distribution. Co-Authored-By: Claude Opus 4.6 (1M context) --- supabase/migrations/001_telemetry.sql | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/supabase/migrations/001_telemetry.sql b/supabase/migrations/001_telemetry.sql index 2febf4ed..ab26f36f 100644 --- a/supabase/migrations/001_telemetry.sql +++ b/supabase/migrations/001_telemetry.sql @@ -43,17 +43,20 @@ CREATE TABLE update_checks ( os TEXT NOT NULL ); --- RLS: anon key can INSERT only, never SELECT/UPDATE/DELETE +-- RLS: anon key can INSERT and SELECT (all telemetry data is anonymous) ALTER TABLE telemetry_events ENABLE ROW LEVEL SECURITY; CREATE POLICY "anon_insert_only" ON telemetry_events FOR INSERT WITH CHECK (true); +CREATE POLICY "anon_select" ON telemetry_events FOR SELECT USING (true); ALTER TABLE installations ENABLE ROW LEVEL SECURITY; CREATE POLICY "anon_insert_only" ON installations FOR INSERT WITH CHECK (true); +CREATE POLICY "anon_select" ON installations FOR SELECT USING (true); -- Allow upsert (update last_seen) CREATE POLICY "anon_update_last_seen" ON installations FOR UPDATE USING (true) WITH CHECK (true); ALTER TABLE update_checks ENABLE ROW LEVEL SECURITY; CREATE POLICY "anon_insert_only" ON update_checks FOR INSERT WITH CHECK (true); +CREATE POLICY "anon_select" ON update_checks FOR SELECT USING (true); -- Crash clustering view CREATE VIEW crash_clusters AS