@intentsolutionsio/supabase-pack 1.0.0 → 1.0.3

package/skills/supabase-multi-env-setup/SKILL.md

@@ -1,222 +1,463 @@
 ---
 name: supabase-multi-env-setup
-description: |
-  Configure Supabase across development, staging, and production environments.
-  Use when setting up multi-environment deployments, configuring per-environment secrets,
-  or implementing environment-specific Supabase configurations.
-  Trigger with phrases like "supabase environments", "supabase staging",
-  "supabase dev prod", "supabase environment setup", "supabase config by env".
-allowed-tools: Read, Write, Edit, Bash(aws:*), Bash(gcloud:*), Bash(vault:*)
+description: 'Configure Supabase across development, staging, and production with
+  separate projects,
+
+  environment-specific secrets, and safe migration promotion.
+
+  Use when setting up multi-environment deployments, isolating dev from prod data,
+
+  configuring per-environment Supabase projects, or promoting migrations through environments.
+
+  Trigger: "supabase environments", "supabase staging", "supabase dev prod",
+
+  "supabase multi-project", "supabase env config", "database branching".
+
+  '
+allowed-tools: Read, Write, Edit, Bash(npx supabase:*), Bash(supabase:*), Bash(vercel:*),
+  Grep, Glob
 version: 1.0.0
 license: MIT
 author: Jeremy Longshore <jeremy@intentsolutions.io>
+tags:
+- saas
+- supabase
+- deployment
+- environments
+- multi-env
+- devops
+compatibility: Designed for Claude Code, also compatible with Codex and OpenClaw
 ---
-
 # Supabase Multi-Environment Setup
 
 ## Overview
-Configure Supabase across development, staging, and production environments.
+
+Production Supabase deployments require separate projects per environment — each with its own URL, API keys, database, and RLS policies. This skill configures a three-tier environment architecture (local dev, staging, production) with safe migration promotion via `supabase db push`, environment-aware `createClient` initialization, database branching for preview deployments, and CI/CD pipelines that prevent accidental cross-environment operations.
+
+**When to use:** Setting up a new project with multiple environments, migrating from a single-project setup to multi-env, adding staging to an existing dev/prod split, or configuring preview environments with database branching.
 
 ## Prerequisites
-- Separate Supabase accounts or API keys per environment
-- Secret management solution (Vault, AWS Secrets Manager, etc.)
-- CI/CD pipeline with environment variables
-- Environment detection in application
 
-## Environment Strategy
+- Three separate Supabase projects created at [supabase.com/dashboard](https://supabase.com/dashboard) (dev, staging, production)
+- Supabase CLI installed: `npm install -g supabase` or `npx supabase --version`
+- `@supabase/supabase-js` v2+ installed in your project
+- Node.js 18+ with framework that supports `.env` files (Next.js, Nuxt, SvelteKit, etc.)
+- A secret management solution for CI (GitHub Actions Secrets, Vercel env vars, etc.)
+
+## Instructions
+
+### Step 1: Environment Files and Project Layout
 
-| Environment | Purpose | API Keys | Data |
-|-------------|---------|----------|------|
-| Development | Local dev | Test keys | Sandbox |
-| Staging | Pre-prod validation | Staging keys | Test data |
-| Production | Live traffic | Production keys | Real data |
+Create one Supabase CLI project with shared migrations and per-environment credential files. Each `.env.*` file points to a different Supabase project.
 
-## Configuration Structure
+**Project structure:**
 
 ```
-config/
+my-app/
 ├── supabase/
-│   ├── base.json           # Shared config
-│   ├── development.json    # Dev overrides
-│   ├── staging.json        # Staging overrides
-│   └── production.json     # Prod overrides
-```
-
-### base.json
-```json
-{
-  "timeout": 30000,
-  "retries": 3,
-  "cache": {
-    "enabled": true,
-    "ttlSeconds": 60
-  }
-}
+│   ├── config.toml              # Local CLI config
+│   ├── migrations/              # Shared migrations (all envs use the same schema)
+│   │   └── 20260101000000_initial.sql
+│   ├── seed.sql                 # Dev-only seed data (runs on db reset only)
+│   └── functions/               # Edge Functions (deployed per env)
+├── .env.local                   # Local dev → supabase start
+├── .env.staging                 # Staging project credentials
+├── .env.production              # Production project credentials
+└── .gitignore                   # Must include .env.staging, .env.production
 ```
 
-### development.json
-```json
-{
-  "apiKey": "${SUPABASE_API_KEY}",
-  "baseUrl": "https://api-sandbox.supabase.com",
-  "debug": true,
-  "cache": {
-    "enabled": false
-  }
-}
+**Environment files:**
+
+```bash
+# .env.local — local development (safe defaults from supabase start)
+NEXT_PUBLIC_SUPABASE_URL=http://127.0.0.1:54321
+NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6ImFub24iLCJleHAiOjE5ODM4MTI5OTZ9.CRXP1A7WOeoJeXxjNni43kdQwgnWNReilDMblYTn_I0
+SUPABASE_SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImV4cCI6MTk4MzgxMjk5Nn0.EGIM96RAZx35lJzdJsyH-qQwv8Hdp7fsn3W0YpN81IU
+DATABASE_URL=postgresql://postgres:postgres@127.0.0.1:54322/postgres
+SUPABASE_ENV=local
+
+# .env.staging — staging project
+NEXT_PUBLIC_SUPABASE_URL=https://<staging-ref>.supabase.co
+NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJ...staging-anon-key
+SUPABASE_SERVICE_ROLE_KEY=eyJ...staging-service-key
+DATABASE_URL=postgres://postgres.<staging-ref>:<password>@aws-0-<region>.pooler.supabase.com:6543/postgres
+SUPABASE_ENV=staging
+
+# .env.production — production project (NEVER commit this file)
+NEXT_PUBLIC_SUPABASE_URL=https://<prod-ref>.supabase.co
+NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJ...prod-anon-key
+SUPABASE_SERVICE_ROLE_KEY=eyJ...prod-service-key
+DATABASE_URL=postgres://postgres.<prod-ref>:<password>@aws-0-<region>.pooler.supabase.com:6543/postgres
+SUPABASE_ENV=production
 ```
 
-### staging.json
-```json
-{
-  "apiKey": "${SUPABASE_API_KEY_STAGING}",
-  "baseUrl": "https://api-staging.supabase.com",
-  "debug": false
-}
+**Critical `.gitignore` entries:**
+
+```gitignore
+.env.staging
+.env.production
+# .env.local is safe to commit (contains only local dev keys)
 ```
 
-### production.json
-```json
-{
-  "apiKey": "${SUPABASE_API_KEY_PROD}",
-  "baseUrl": "https://api.supabase.com",
-  "debug": false,
-  "retries": 5
-}
+**Link each environment to the CLI:**
+
+```text
+# Local development
+npx supabase start
+
+# Link staging (stores ref in supabase/.temp/project-ref)
+npx supabase link --project-ref <staging-ref>
+
+# Link production (re-links, overwriting staging ref)
+npx supabase link --project-ref <prod-ref>
 ```
 
-## Environment Detection
+> **Note:** The CLI can only link one project at a time. Switch between environments by re-running `supabase link` with the target project ref before any `db push` or `functions deploy` operation.
+
+### Step 2: Environment-Aware Client and Safeguards
+
+Build a `createClient` wrapper that selects the correct URL and keys based on the active environment, plus production safeguards that block destructive operations.
+
+**Environment detection (`lib/env.ts`):**
 
 ```typescript
-// src/supabase/config.ts
-import baseConfig from '../../config/supabase/base.json';
+export type Environment = 'local' | 'staging' | 'production';
 
-type Environment = 'development' | 'staging' | 'production';
+export function getEnvironment(): Environment {
+  // Explicit env var takes priority
+  const explicit = process.env.SUPABASE_ENV;
+  if (explicit === 'local' || explicit === 'staging' || explicit === 'production') {
+    return explicit;
+  }
 
-function detectEnvironment(): Environment {
-  const env = process.env.NODE_ENV || 'development';
-  const validEnvs: Environment[] = ['development', 'staging', 'production'];
-  return validEnvs.includes(env as Environment)
-    ? (env as Environment)
-    : 'development';
+  // Fallback: detect from URL
+  const url = process.env.NEXT_PUBLIC_SUPABASE_URL ?? '';
+  if (url.includes('127.0.0.1') || url.includes('localhost')) return 'local';
+  if (url.includes('staging')) return 'staging';
+  return 'production';
 }
 
-export function getSupabaseConfig() {
-  const env = detectEnvironment();
-  const envConfig = require(`../../config/supabase/${env}.json`);
+export function isProduction(): boolean {
+  return getEnvironment() === 'production';
+}
 
-  return {
-    ...baseConfig,
-    ...envConfig,
-    environment: env,
-  };
+export function requireNonProduction(operation: string): void {
+  if (isProduction()) {
+    throw new Error(
+      `[BLOCKED] "${operation}" is not allowed in production. ` +
+      `Current SUPABASE_ENV=${process.env.SUPABASE_ENV}`
+    );
+  }
 }
 ```
 
-## Secret Management by Environment
+**Supabase client factory (`lib/supabase.ts`):**
 
-### Local Development
-```bash
-# .env.local (git-ignored)
-SUPABASE_API_KEY=sk_test_dev_***
+```typescript
+import { createClient, type SupabaseClient } from '@supabase/supabase-js';
+import type { Database } from './database.types';
+import { getEnvironment } from './env';
+
+// Browser client (uses anon key, respects RLS)
+export function createBrowserClient(): SupabaseClient<Database> {
+  const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
+  const supabaseAnonKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
+
+  return createClient<Database>(supabaseUrl, supabaseAnonKey, {
+    auth: {
+      autoRefreshToken: true,
+      persistSession: true,
+    },
+    global: {
+      headers: { 'x-environment': getEnvironment() },
+    },
+  });
+}
+
+// Server client (uses service role key, bypasses RLS)
+export function createServerClient(): SupabaseClient<Database> {
+  const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
+  const serviceRoleKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
+
+  return createClient<Database>(supabaseUrl, serviceRoleKey, {
+    auth: {
+      autoRefreshToken: false,
+      persistSession: false,
+    },
+  });
+}
 ```
 
-### CI/CD (GitHub Actions)
-```yaml
-env:
-  SUPABASE_API_KEY: ${{ secrets.SUPABASE_API_KEY_${{ matrix.environment }} }}
+**Production safeguards:**
+
+```typescript
+import { requireNonProduction } from './env';
+import { createServerClient } from './supabase';
+
+// Seed data — only runs in local/staging
+export async function seedTestData(): Promise<void> {
+  requireNonProduction('seedTestData');
+  const supabase = createServerClient();
+  await supabase.from('test_users').insert([
+    { email: 'test@example.com', role: 'admin' },
+    { email: 'user@example.com', role: 'member' },
+  ]);
+}
+
+// Destructive reset — only runs in local
+export async function resetDatabase(): Promise<void> {
+  requireNonProduction('resetDatabase');
+  const supabase = createServerClient();
+  await supabase.rpc('truncate_all_tables');
+}
 ```
 
-### Production (Vault/Secrets Manager)
-```bash
-# AWS Secrets Manager
-aws secretsmanager get-secret-value --secret-id supabase/production/api-key
+**Environment-specific RLS policies:**
 
-# GCP Secret Manager
-gcloud secrets versions access latest --secret=supabase-api-key
+```sql
+-- supabase/migrations/20260115000000_env_rls.sql
+-- Allow broader access in staging for QA testing
+CREATE POLICY "staging_read_all" ON public.profiles
+  FOR SELECT
+  USING (
+    current_setting('app.environment', true) = 'staging'
+    OR auth.uid() = id
+  );
 
-# HashiCorp Vault
-vault kv get -field=api_key secret/supabase/production
+-- Set environment in each request via the x-environment header
+-- or via a Postgres config parameter in your connection string
 ```
 
-## Environment Isolation
+### Step 3: Migration Promotion and Database Branching
 
-```typescript
-// Prevent production operations in non-prod
-function guardProductionOperation(operation: string): void {
-  const config = getSupabaseConfig();
+Promote migrations through environments (local -> staging -> production) and use database branching for preview deployments.
 
-  if (config.environment !== 'production') {
-    console.warn(`[supabase] ${operation} blocked in ${config.environment}`);
-    throw new Error(`${operation} only allowed in production`);
-  }
-}
+**Migration promotion workflow:**
 
-// Usage
-async function deleteAllData() {
-  guardProductionOperation('deleteAllData');
-  // Dangerous operation here
-}
+```text
+# 1. Create migration locally
+npx supabase migration new add_profiles_table
+# Edit: supabase/migrations/20260120000000_add_profiles_table.sql
+
+# 2. Test locally with full reset
+npx supabase db reset          # Applies all migrations + seed.sql
+npx supabase test db           # Run pgTAP tests if configured
+
+# 3. Push to staging
+npx supabase link --project-ref <staging-ref>
+npx supabase db push           # Applies only new migrations
+# Run integration tests against staging URL
+
+# 4. Push to production (after staging verification)
+npx supabase link --project-ref <prod-ref>
+npx supabase db push           # Same migrations, production database
+# Verify with health check endpoint
+
+# 5. Generate types from the canonical source
+npx supabase gen types typescript --local > lib/database.types.ts
+# Or from linked project:
+# npx supabase gen types typescript --linked > lib/database.types.ts
 ```
 
-## Feature Flags by Environment
+**Database branching for preview environments:**
 
-```typescript
-const featureFlags: Record<Environment, Record<string, boolean>> = {
-  development: {
-    newFeature: true,
-    betaApi: true,
-  },
-  staging: {
-    newFeature: true,
-    betaApi: false,
-  },
-  production: {
-    newFeature: false,
-    betaApi: false,
-  },
-};
+```text
+# Create a branch for a feature (requires Supabase Pro plan)
+npx supabase branches create feature-user-profiles \
+  --project-ref <staging-ref>
+
+# Each branch gets its own:
+# - Database with current migrations applied
+# - Unique API URL and keys
+# - Isolated storage buckets
+
+# List active branches
+npx supabase branches list --project-ref <staging-ref>
+
+# Connect preview deployment to the branch
+# In your CI (e.g., Vercel preview deploys):
+NEXT_PUBLIC_SUPABASE_URL=https://<branch-ref>.supabase.co
+NEXT_PUBLIC_SUPABASE_ANON_KEY=<branch-anon-key>
+
+# Delete branch after merge
+npx supabase branches delete feature-user-profiles \
+  --project-ref <staging-ref>
 ```
 
-## Instructions
+**CI/CD per-environment deployment (`.github/workflows/deploy.yml`):**
 
-### Step 1: Create Config Structure
-Set up the base and per-environment configuration files.
+```yaml
+name: Deploy Supabase
+on:
+  push:
+    branches: [develop, main]
+
+jobs:
+  deploy-staging:
+    if: github.ref == 'refs/heads/develop'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: supabase/setup-cli@v1
+        with:
+          version: latest
+      - name: Push migrations to staging
+        run: |
+          npx supabase link --project-ref ${{ secrets.STAGING_PROJECT_REF }}
+          npx supabase db push
+        env:
+          SUPABASE_ACCESS_TOKEN: ${{ secrets.SUPABASE_ACCESS_TOKEN }}
+          SUPABASE_DB_PASSWORD: ${{ secrets.STAGING_DB_PASSWORD }}
+      - name: Deploy Edge Functions
+        run: npx supabase functions deploy --project-ref ${{ secrets.STAGING_PROJECT_REF }}
+        env:
+          SUPABASE_ACCESS_TOKEN: ${{ secrets.SUPABASE_ACCESS_TOKEN }}
+
+  deploy-production:
+    if: github.ref == 'refs/heads/main'
+    runs-on: ubuntu-latest
+    environment: production   # Requires approval in GitHub
+    steps:
+      - uses: actions/checkout@v4
+      - uses: supabase/setup-cli@v1
+        with:
+          version: latest
+      - name: Push migrations to production
+        run: |
+          npx supabase link --project-ref ${{ secrets.PROD_PROJECT_REF }}
+          npx supabase db push
+        env:
+          SUPABASE_ACCESS_TOKEN: ${{ secrets.SUPABASE_ACCESS_TOKEN }}
+          SUPABASE_DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }}
+      - name: Deploy Edge Functions
+        run: npx supabase functions deploy --project-ref ${{ secrets.PROD_PROJECT_REF }}
+        env:
+          SUPABASE_ACCESS_TOKEN: ${{ secrets.SUPABASE_ACCESS_TOKEN }}
+```
 
-### Step 2: Implement Environment Detection
-Add logic to detect and load environment-specific config.
+**Environment-specific seed data:**
 
-### Step 3: Configure Secrets
-Store API keys securely using your secret management solution.
+```sql
+-- supabase/seed.sql (runs ONLY on `supabase db reset`, never in production)
+INSERT INTO public.profiles (id, email, role) VALUES
+  ('00000000-0000-0000-0000-000000000001', 'admin@test.local', 'admin'),
+  ('00000000-0000-0000-0000-000000000002', 'user@test.local', 'member');
 
-### Step 4: Add Environment Guards
-Implement safeguards for production-only operations.
+-- Insert test data for local development
+INSERT INTO public.projects (name, owner_id) VALUES
+  ('Test Project', '00000000-0000-0000-0000-000000000001');
+```
 
 ## Output
-- Multi-environment config structure
-- Environment detection logic
-- Secure secret management
-- Production safeguards enabled
+
+After completing this skill, you will have:
+
+- **Three isolated Supabase projects** — each environment has its own URL, API keys, database, and storage
+- **Environment-specific `.env` files** — `.env.local`, `.env.staging`, `.env.production` with correct credentials
+- **Environment-aware `createClient`** — browser and server clients auto-configured from env vars with `x-environment` header tracking
+- **Production safeguards** — `requireNonProduction()` guard blocks destructive operations outside local/staging
+- **Migration promotion pipeline** — `supabase db push` promotes schema changes local -> staging -> production
+- **Database branching** — preview environments get isolated database branches (Pro plan)
+- **CI/CD workflows** — GitHub Actions deploys migrations and Edge Functions per environment with approval gates for production
+- **Generated TypeScript types** — `database.types.ts` generated from local or linked project schema
 
 ## Error Handling
-| Issue | Cause | Solution |
+
+| Error | Cause | Solution |
 |-------|-------|----------|
-| Wrong environment | Missing NODE_ENV | Set environment variable |
-| Secret not found | Wrong secret path | Verify secret manager config |
-| Config merge fails | Invalid JSON | Validate config files |
-| Production guard triggered | Wrong environment | Check NODE_ENV value |
+| `Cannot find project ref` | CLI not linked to a project | Run `npx supabase link --project-ref <ref>` before `db push` |
+| `Migration has already been applied` | Re-running an existing migration | Check `supabase_migrations.schema_migrations` table; migrations are idempotent by ref |
+| `Permission denied for schema public` | Wrong database password | Verify `SUPABASE_DB_PASSWORD` matches the project's database password in dashboard |
+| `Seed data appeared in production` | Ran `supabase db reset` on prod | `seed.sql` only runs on `db reset` — never reset production; use `db push` instead |
+| `Wrong environment keys in client` | `.env` file mismatch | Check `SUPABASE_ENV` var and verify URL matches expected project ref |
+| `Branch creation failed` | Free plan or branching not enabled | Database branching requires Supabase Pro plan; enable in project settings |
+| `Migration drift between envs` | Skipped staging promotion | Always promote through staging first; compare with `supabase migration list` per project |
+| `Type generation mismatch` | Types generated from wrong env | Regenerate from local (`--local`) or re-link to the canonical environment |
 
 ## Examples
 
-### Quick Environment Check
+**Example 1 — Quick three-env bootstrap:**
+
+```bash
+# Initialize Supabase in existing project
+npx supabase init
+
+# Start local
+npx supabase start
+# Copy output keys to .env.local
+
+# Create staging + production projects in dashboard
+# Copy their URLs and keys to .env.staging / .env.production
+
+# Create first migration
+npx supabase migration new create_users
+# Edit the migration, then:
+npx supabase db reset  # Test locally
+
+# Promote to staging
+npx supabase link --project-ref abcdefghijklmnop
+npx supabase db push
+
+# Promote to production
+npx supabase link --project-ref qrstuvwxyz123456
+npx supabase db push
+```
+
+**Example 2 — Next.js middleware for environment validation:**
+
+```typescript
+// middleware.ts
+import { NextResponse } from 'next/server';
+import type { NextRequest } from 'next/server';
+
+export function middleware(request: NextRequest) {
+  const response = NextResponse.next();
+
+  // Add environment header for observability
+  const env = process.env.SUPABASE_ENV ?? 'unknown';
+  response.headers.set('x-supabase-env', env);
+
+  // Block admin routes in production unless authenticated
+  if (env === 'production' && request.nextUrl.pathname.startsWith('/admin/seed')) {
+    return NextResponse.json({ error: 'Not available in production' }, { status: 403 });
+  }
+
+  return response;
+}
+```
+
+**Example 3 — Verify environment before destructive operations:**
+
 ```typescript
-const env = getSupabaseConfig();
-console.log(`Running in ${env.environment} with ${env.baseUrl}`);
+import { getEnvironment, requireNonProduction } from '@/lib/env';
+
+async function adminResetHandler(req: Request) {
+  const env = getEnvironment();
+  console.log(`[admin-reset] Running in ${env} environment`);
+
+  requireNonProduction('admin-reset');
+
+  // Safe to proceed — we're in local or staging
+  const { error } = await supabase.rpc('reset_test_data');
+  if (error) throw error;
+
+  return Response.json({ status: 'reset complete', environment: env });
+}
 ```
 
 ## Resources
-- [Supabase Environments Guide](https://supabase.com/docs/environments)
-- [12-Factor App Config](https://12factor.net/config)
+
+- [Managing Environments — Supabase Docs](https://supabase.com/docs/guides/deployment/managing-environments)
+- [Database Migrations — Supabase Docs](https://supabase.com/docs/guides/deployment/database-migrations)
+- [Database Branching — Supabase Docs](https://supabase.com/docs/guides/deployment/branching)
+- [Supabase CLI Reference](https://supabase.com/docs/reference/cli/introduction)
+- [createClient — @supabase/supabase-js](https://supabase.com/docs/reference/javascript/initializing)
+- [GitHub Actions with Supabase](https://supabase.com/docs/guides/deployment/managing-environments#using-github-actions)
+- [12-Factor App — Config](https://12factor.net/config)
 
 ## Next Steps
-For observability setup, see `supabase-observability`.
+
+- For authentication patterns across environments, see `supabase-auth-storage-realtime-core`
+- For RLS policy testing and validation, see `supabase-policy-guardrails`
+- For local development workflow optimization, see `supabase-local-dev-loop`
+- For monitoring and observability across environments, see `supabase-observability`

package/skills/supabase-multi-env-setup/references/configuration-structure.md

@@ -0,0 +1,59 @@
+# Configuration Structure
+
+## Configuration Structure
+
+```
+config/
+├── supabase/
+│   ├── base.json           # Shared config
+│   ├── development.json    # Dev overrides
+│   ├── staging.json        # Staging overrides
+│   └── production.json     # Prod overrides
+```
+
+### base.json
+
+```json
+{
+  "timeout": 30000,
+  "retries": 3,
+  "cache": {
+    "enabled": true,
+    "ttlSeconds": 60
+  }
+}
+```
+
+### development.json
+
+```json
+{
+  "apiKey": "${SUPABASE_API_KEY}",
+  "baseUrl": "https://api-sandbox.supabase.com",
+  "debug": true,
+  "cache": {
+    "enabled": false
+  }
+}
+```
+
+### staging.json
+
+```json
+{
+  "apiKey": "${SUPABASE_API_KEY_STAGING}",
+  "baseUrl": "https://api-staging.supabase.com",
+  "debug": false
+}
+```
+
+### production.json
+
+```json
+{
+  "apiKey": "${SUPABASE_API_KEY_PROD}",
+  "baseUrl": "https://api.supabase.com",
+  "debug": false,
+  "retries": 5
+}
+```