@intentsolutionsio/supabase-pack 1.0.0 → 1.0.3

package/skills/supabase-webhooks-events/SKILL.md

@@ -1,199 +1,473 @@
 ---
 name: supabase-webhooks-events
-description: |
-  Implement Supabase webhook signature validation and event handling.
-  Use when setting up webhook endpoints, implementing signature verification,
-  or handling Supabase event notifications securely.
-  Trigger with phrases like "supabase webhook", "supabase events",
-  "supabase webhook signature", "handle supabase events", "supabase notifications".
-allowed-tools: Read, Write, Edit, Bash(curl:*)
+description: 'Implement Supabase database webhooks, pg_net async HTTP, LISTEN/NOTIFY,
+
+  and Edge Function event handlers with signature verification.
+
+  Use when setting up database webhooks for INSERT/UPDATE/DELETE events,
+
+  sending HTTP requests from PostgreSQL triggers, handling Realtime
+
+  postgres_changes as an event source, or building event-driven architectures.
+
+  Trigger with phrases like "supabase webhook", "database events",
+
+  "pg_net trigger", "supabase LISTEN NOTIFY", "webhook signature verify",
+
+  "supabase event-driven", "supabase_functions.http_request".
+
+  '
+allowed-tools: Read, Write, Edit, Bash(supabase:*), Bash(curl:*), Bash(psql:*), Grep
 version: 1.0.0
 license: MIT
 author: Jeremy Longshore <jeremy@intentsolutions.io>
+tags:
+- saas
+- supabase
+- webhooks
+- events
+- triggers
+- pg_net
+- realtime
+compatibility: Designed for Claude Code, also compatible with Codex and OpenClaw
 ---
-
-# Supabase Webhooks & Events
+# Supabase Webhooks & Database Events
 
 ## Overview
-Securely handle Supabase webhooks with signature validation and replay protection.
 
-## Prerequisites
-- Supabase webhook secret configured
-- HTTPS endpoint accessible from internet
-- Understanding of cryptographic signatures
-- Redis or database for idempotency (optional)
+Supabase offers four complementary event mechanisms: **Database Webhooks** (trigger-based HTTP calls via `pg_net`), **`supabase_functions.http_request()`** (call Edge Functions from triggers), **Postgres LISTEN/NOTIFY** (lightweight pub/sub), and **Realtime `postgres_changes`** (client-side event subscriptions). This skill covers all four patterns with production-ready code including signature verification, idempotency, and retry handling.
 
-## Webhook Endpoint Setup
+## Prerequisites
 
-### Express.js
-```typescript
-import express from 'express';
-import crypto from 'crypto';
+- Supabase project (local or hosted) with `supabase` CLI installed
+- `pg_net` extension enabled: Dashboard > Database > Extensions > search "pg_net" > Enable
+- `@supabase/supabase-js` v2+ installed for client-side patterns
+- Edge Functions deployed for webhook receiver patterns
+
+## Step 1 — Database Webhooks with `pg_net` and Trigger Functions
+
+Database webhooks fire HTTP requests when rows change. Under the hood, Supabase uses the `pg_net` extension to make async, non-blocking HTTP calls from within PostgreSQL.
+
+### Enable pg_net and Create the Trigger Function
+
+```sql
+-- Enable the pg_net extension (one-time)
+CREATE EXTENSION IF NOT EXISTS pg_net WITH SCHEMA extensions;
+
+-- Trigger function: POST to an Edge Function on every new order
+CREATE OR REPLACE FUNCTION public.notify_order_created()
+RETURNS trigger AS $$
+BEGIN
+  PERFORM net.http_post(
+    url    := 'https://<project-ref>.supabase.co/functions/v1/on-order-created',
+    headers := jsonb_build_object(
+      'Content-Type', 'application/json',
+      'Authorization', 'Bearer ' || current_setting('app.settings.service_role_key', true)
+    ),
+    body   := jsonb_build_object(
+      'table',  TG_TABLE_NAME,
+      'type',   TG_OP,
+      'record', row_to_json(NEW)::jsonb,
+      'old_record', CASE WHEN TG_OP = 'UPDATE' THEN row_to_json(OLD)::jsonb ELSE NULL END
+    )
+  );
+  RETURN NEW;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+```
 
-const app = express();
+### Attach Triggers for INSERT, UPDATE, DELETE
+
+```sql
+-- Fire on new rows
+CREATE TRIGGER on_order_created
+  AFTER INSERT ON public.orders
+  FOR EACH ROW EXECUTE FUNCTION public.notify_order_created();
+
+-- Fire on status changes only (conditional trigger)
+CREATE OR REPLACE FUNCTION public.notify_order_status_changed()
+RETURNS trigger AS $$
+BEGIN
+  IF OLD.status IS DISTINCT FROM NEW.status THEN
+    PERFORM net.http_post(
+      url    := 'https://<project-ref>.supabase.co/functions/v1/on-status-change',
+      headers := '{"Content-Type": "application/json"}'::jsonb,
+      body   := jsonb_build_object(
+        'order_id',   NEW.id,
+        'old_status', OLD.status,
+        'new_status', NEW.status,
+        'changed_at', now()
+      )
+    );
+  END IF;
+  RETURN NEW;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+CREATE TRIGGER on_order_status_changed
+  AFTER UPDATE ON public.orders
+  FOR EACH ROW EXECUTE FUNCTION public.notify_order_status_changed();
+```
 
-// IMPORTANT: Raw body needed for signature verification
-app.post('/webhooks/supabase',
-  express.raw({ type: 'application/json' }),
-  async (req, res) => {
-    const signature = req.headers['x-supabase-signature'] as string;
-    const timestamp = req.headers['x-supabase-timestamp'] as string;
+### Using `supabase_functions.http_request()` (Built-in Helper)
+
+Supabase provides a built-in wrapper that simplifies calling Edge Functions from triggers without managing headers manually:
+
+```sql
+-- This is the function Supabase auto-creates for Dashboard-configured webhooks
+-- You can also call it directly in your own trigger functions
+CREATE TRIGGER on_profile_updated
+  AFTER UPDATE ON public.profiles
+  FOR EACH ROW
+  EXECUTE FUNCTION supabase_functions.http_request(
+    'https://<project-ref>.supabase.co/functions/v1/on-profile-update',
+    'POST',
+    '{"Content-Type": "application/json"}',
+    '{}',  -- params
+    '5000' -- timeout ms
+  );
+```
 
-    if (!verifySupabaseSignature(req.body, signature, timestamp)) {
-      return res.status(401).json({ error: 'Invalid signature' });
-    }
+### Inspect pg_net Responses
 
-    const event = JSON.parse(req.body.toString());
-    await handleSupabaseEvent(event);
+```sql
+-- Check recent HTTP responses (retained for 6 hours)
+SELECT id, status_code, content, created
+FROM net._http_response
+ORDER BY created DESC
+LIMIT 10;
 
-    res.status(200).json({ received: true });
-  }
-);
+-- Find failed requests
+SELECT id, status_code, content
+FROM net._http_response
+WHERE status_code >= 400
+ORDER BY created DESC;
 ```
 
-## Signature Verification
+## Step 2 — Edge Function Webhook Receivers with Signature Verification
+
+### Webhook Receiver with Signature Verification
 
 ```typescript
-function verifySupabaseSignature(
-  payload: Buffer,
+// supabase/functions/on-order-created/index.ts
+import { createClient } from "https://esm.sh/@supabase/supabase-js@2";
+import { serve } from "https://deno.land/std@0.177.0/http/server.ts";
+
+interface WebhookPayload {
+  type: "INSERT" | "UPDATE" | "DELETE";
+  table: string;
+  record: Record<string, unknown>;
+  old_record: Record<string, unknown> | null;
+}
+
+// Verify webhook signature to prevent spoofing
+async function verifySignature(
+  body: string,
   signature: string,
-  timestamp: string
-): boolean {
-  const secret = process.env.SUPABASE_WEBHOOK_SECRET!;
-
-  // Reject old timestamps (replay attack protection)
-  const timestampAge = Date.now() - parseInt(timestamp) * 1000;
-  if (timestampAge > 300000) { // 5 minutes
-    console.error('Webhook timestamp too old');
-    return false;
+  secret: string
+): Promise<boolean> {
+  const encoder = new TextEncoder();
+  const key = await crypto.subtle.importKey(
+    "raw",
+    encoder.encode(secret),
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    ["sign"]
+  );
+  const signed = await crypto.subtle.sign("HMAC", key, encoder.encode(body));
+  const expected = Array.from(new Uint8Array(signed))
+    .map((b) => b.toString(16).padStart(2, "0"))
+    .join("");
+  // Constant-time comparison
+  if (signature.length !== expected.length) return false;
+  let mismatch = 0;
+  for (let i = 0; i < signature.length; i++) {
+    mismatch |= signature.charCodeAt(i) ^ expected.charCodeAt(i);
+  }
+  return mismatch === 0;
+}
+
+serve(async (req) => {
+  // Verify signature if webhook secret is configured
+  const webhookSecret = Deno.env.get("WEBHOOK_SECRET");
+  const rawBody = await req.text();
+
+  if (webhookSecret) {
+    const signature = req.headers.get("x-webhook-signature") ?? "";
+    const valid = await verifySignature(rawBody, signature, webhookSecret);
+    if (!valid) {
+      return new Response(JSON.stringify({ error: "Invalid signature" }), {
+        status: 401,
+      });
+    }
   }
 
-  // Compute expected signature
-  const signedPayload = `${timestamp}.${payload.toString()}`;
-  const expectedSignature = crypto
-    .createHmac('sha256', secret)
-    .update(signedPayload)
-    .digest('hex');
-
-  // Timing-safe comparison
-  return crypto.timingSafeEqual(
-    Buffer.from(signature),
-    Buffer.from(expectedSignature)
+  const payload: WebhookPayload = JSON.parse(rawBody);
+
+  const supabase = createClient(
+    Deno.env.get("SUPABASE_URL")!,
+    Deno.env.get("SUPABASE_SERVICE_ROLE_KEY")!,
+    { auth: { autoRefreshToken: false, persistSession: false } }
   );
-}
+
+  // Route by event type
+  switch (payload.type) {
+    case "INSERT": {
+      console.log(`New ${payload.table} row:`, payload.record.id);
+
+      // Example: log event, send notification, update related table
+      await supabase.from("audit_log").insert({
+        table_name: payload.table,
+        action: "INSERT",
+        record_id: payload.record.id,
+        payload: payload.record,
+      });
+      break;
+    }
+    case "UPDATE": {
+      console.log(`Updated ${payload.table}:`, payload.record.id);
+      // Compare old and new to detect specific field changes
+      if (payload.old_record?.status !== payload.record.status) {
+        await supabase.from("notifications").insert({
+          user_id: payload.record.user_id,
+          message: `Status changed to ${payload.record.status}`,
+        });
+      }
+      break;
+    }
+    case "DELETE": {
+      console.log(`Deleted from ${payload.table}:`, payload.old_record?.id);
+      break;
+    }
+  }
+
+  return new Response(JSON.stringify({ received: true }), {
+    headers: { "Content-Type": "application/json" },
+  });
+});
 ```
 
-## Event Handler Pattern
+### Idempotent Event Processing
 
-```typescript
-type SupabaseEventType = 'resource.created' | 'resource.updated' | 'resource.deleted';
+Webhooks may be delivered more than once. Use an idempotency table to prevent duplicate processing:
 
-interface SupabaseEvent {
-  id: string;
-  type: SupabaseEventType;
-  data: Record<string, any>;
-  created: string;
-}
+```typescript
+// supabase/functions/idempotent-handler/index.ts
+import { createClient } from "https://esm.sh/@supabase/supabase-js@2";
 
-const eventHandlers: Record<SupabaseEventType, (data: any) => Promise<void>> = {
-  'resource.created': async (data) => { /* handle */ },
-  'resource.updated': async (data) => { /* handle */ },
-  'resource.deleted': async (data) => { /* handle */ }
-};
+serve(async (req) => {
+  const payload = await req.json();
+  const eventId = `${payload.table}:${payload.type}:${payload.record.id}`;
 
-async function handleSupabaseEvent(event: SupabaseEvent): Promise<void> {
-  const handler = eventHandlers[event.type];
+  const supabase = createClient(
+    Deno.env.get("SUPABASE_URL")!,
+    Deno.env.get("SUPABASE_SERVICE_ROLE_KEY")!
+  );
 
-  if (!handler) {
-    console.log(`Unhandled event type: ${event.type}`);
-    return;
+  // Check if already processed (upsert pattern)
+  const { data: existing } = await supabase
+    .from("processed_events")
+    .select("id")
+    .eq("event_id", eventId)
+    .maybeSingle();
+
+  if (existing) {
+    return new Response(
+      JSON.stringify({ skipped: true, reason: "already processed" }),
+      { status: 200, headers: { "Content-Type": "application/json" } }
+    );
   }
 
-  try {
-    await handler(event.data);
-    console.log(`Processed ${event.type}: ${event.id}`);
-  } catch (error) {
-    console.error(`Failed to process ${event.type}: ${event.id}`, error);
-    throw error; // Rethrow to trigger retry
-  }
-}
+  // --- Your business logic here ---
+  console.log(`Processing event: ${eventId}`);
+
+  // Mark as processed (with TTL for cleanup)
+  await supabase.from("processed_events").insert({
+    event_id: eventId,
+    processed_at: new Date().toISOString(),
+  });
+
+  return new Response(JSON.stringify({ processed: true }), {
+    status: 200,
+    headers: { "Content-Type": "application/json" },
+  });
+});
+```
+
+```sql
+-- Idempotency table
+CREATE TABLE public.processed_events (
+  id         bigint GENERATED ALWAYS AS IDENTITY PRIMARY KEY,
+  event_id   text UNIQUE NOT NULL,
+  processed_at timestamptz DEFAULT now()
+);
+
+-- Auto-cleanup old records (run via pg_cron or scheduled function)
+DELETE FROM public.processed_events
+WHERE processed_at < now() - interval '7 days';
 ```
 
-## Idempotency Handling
+## Step 3 — Postgres LISTEN/NOTIFY and Realtime as Event Source
 
-```typescript
-import { Redis } from 'ioredis';
+### Postgres LISTEN/NOTIFY for Lightweight Pub/Sub
 
-const redis = new Redis(process.env.REDIS_URL);
+LISTEN/NOTIFY is PostgreSQL's built-in pub/sub. It does not persist messages and is best for ephemeral notifications between database functions or connected clients:
 
-async function isEventProcessed(eventId: string): Promise<boolean> {
-  const key = `supabase:event:${eventId}`;
-  const exists = await redis.exists(key);
-  return exists === 1;
-}
+```sql
+-- Trigger function that emits a NOTIFY on row change
+CREATE OR REPLACE FUNCTION public.notify_changes()
+RETURNS trigger AS $$
+BEGIN
+  PERFORM pg_notify(
+    'db_changes',
+    json_build_object(
+      'table', TG_TABLE_NAME,
+      'op',    TG_OP,
+      'id',    COALESCE(NEW.id, OLD.id)
+    )::text
+  );
+  RETURN COALESCE(NEW, OLD);
+END;
+$$ LANGUAGE plpgsql;
 
-async function markEventProcessed(eventId: string): Promise<void> {
-  const key = `supabase:event:${eventId}`;
-  await redis.set(key, '1', 'EX', 86400 * 7); // 7 days TTL
-}
+CREATE TRIGGER orders_notify
+  AFTER INSERT OR UPDATE OR DELETE ON public.orders
+  FOR EACH ROW EXECUTE FUNCTION public.notify_changes();
 ```
 
-## Webhook Testing
+```typescript
+// Listen from a Node.js backend using pg driver
+import { Client } from "pg";
+
+const client = new Client({ connectionString: process.env.DATABASE_URL });
+await client.connect();
 
-```bash
-# Use Supabase CLI to send test events
-supabase functions invoke webhook-handler
+await client.query("LISTEN db_changes");
 
-# Or use webhook.site for debugging
-curl -X POST https://webhook.site/your-uuid \
-  -H "Content-Type: application/json" \
-  -d '{"type": "resource.created", "data": {}}'
+client.on("notification", (msg) => {
+  const payload = JSON.parse(msg.payload!);
+  console.log(`${payload.op} on ${payload.table}: id=${payload.id}`);
+});
 ```
 
-## Instructions
+### Realtime `postgres_changes` as Client-Side Event Source
 
-### Step 1: Register Webhook Endpoint
-Configure your webhook URL in the Supabase dashboard.
+Supabase Realtime lets frontend clients subscribe to database changes without polling. Enable Realtime on your table first (Dashboard > Database > Replication).
 
-### Step 2: Implement Signature Verification
-Use the signature verification code to validate incoming webhooks.
+```typescript
+import { createClient } from "@supabase/supabase-js";
 
-### Step 3: Handle Events
-Implement handlers for each event type your application needs.
+const supabase = createClient(
+  process.env.SUPABASE_URL!,
+  process.env.SUPABASE_ANON_KEY!
+);
 
-### Step 4: Add Idempotency
-Prevent duplicate processing with event ID tracking.
+// Subscribe to all changes on the orders table
+const channel = supabase
+  .channel("orders-events")
+  .on(
+    "postgres_changes",
+    {
+      event: "*",           // or 'INSERT' | 'UPDATE' | 'DELETE'
+      schema: "public",
+      table: "orders",
+      filter: "status=eq.pending",  // optional: RLS-style filter
+    },
+    (payload) => {
+      console.log("Change type:", payload.eventType);
+      console.log("New row:", payload.new);
+      console.log("Old row:", payload.old);
+
+      // React to the change
+      switch (payload.eventType) {
+        case "INSERT":
+          showToast(`New order #${payload.new.id}`);
+          break;
+        case "UPDATE":
+          updateOrderInUI(payload.new);
+          break;
+        case "DELETE":
+          removeOrderFromUI(payload.old.id);
+          break;
+      }
+    }
+  )
+  .subscribe((status) => {
+    console.log("Subscription status:", status);
+  });
+
+// Cleanup when done
+// await supabase.removeChannel(channel);
+```
+
+### Event-Driven Architecture: Combining Patterns
+
+Use database triggers for server-side workflows and Realtime for client-side UI updates:
+
+```
+┌──────────────┐     INSERT      ┌──────────────────┐
+│   Client     │ ──────────────► │  orders table     │
+│  (browser)   │                 └────────┬─────────┘
+│              │                          │
+│  Realtime ◄──┼──── postgres_changes ────┤
+│  (UI update) │                          │
+└──────────────┘                          │ AFTER INSERT trigger
+                                          ▼
+                                 ┌──────────────────┐
+                                 │  pg_net HTTP POST │
+                                 │  → Edge Function  │
+                                 └────────┬─────────┘
+                                          │
+                                          ▼
+                                 ┌──────────────────┐
+                                 │  Send email       │
+                                 │  Update inventory │
+                                 │  Log to audit     │
+                                 └──────────────────┘
+```
 
 ## Output
-- Secure webhook endpoint
-- Signature validation enabled
-- Event handlers implemented
-- Replay attack protection active
+
+After implementing these patterns you will have:
+
+- Database trigger functions calling Edge Functions via `pg_net` on row changes
+- Conditional triggers that fire only when specific columns change
+- Edge Function webhook receivers with HMAC signature verification
+- Idempotent event processing preventing duplicate side effects
+- LISTEN/NOTIFY channels for lightweight inter-service communication
+- Realtime subscriptions for live client-side UI updates
+- An event-driven architecture combining server and client patterns
 
 ## Error Handling
-| Issue | Cause | Solution |
-|-------|-------|----------|
-| Invalid signature | Wrong secret | Verify webhook secret |
-| Timestamp rejected | Clock drift | Check server time sync |
-| Duplicate events | Missing idempotency | Implement event ID tracking |
-| Handler timeout | Slow processing | Use async queue |
+
+| Error | Cause | Fix |
+|-------|-------|-----|
+| `pg_net` returns 404 | Edge Function not deployed or wrong URL | Run `supabase functions deploy <name>` and verify the URL matches |
+| Webhook not firing | Trigger not attached or table not in publication | Check `SELECT * FROM pg_trigger WHERE tgrelid = 'orders'::regclass;` |
+| Duplicate events processed | No idempotency layer | Add `processed_events` table with unique `event_id` constraint |
+| Realtime not receiving | Table not added to Realtime publication | Dashboard > Database > Replication > enable the table |
+| `net._http_response` shows 401 | Invalid or missing auth header | Verify `service_role_key` is set in `app.settings` or vault |
+| NOTIFY payload truncated | Payload exceeds 8000 bytes | Send only IDs in NOTIFY, fetch full record in the listener |
+| Auth hook errors | Function raises exception | Check Dashboard > Logs > Auth; ensure function returns valid JSONB |
+| Trigger silently fails | `SECURITY DEFINER` without `search_path` | Add `SET search_path = public, extensions;` to function |
 
 ## Examples
 
-### Testing Webhooks Locally
-```bash
-# Use ngrok to expose local server
-ngrok http 3000
+See [examples.md](references/examples.md) for local webhook testing with ngrok and curl.
 
-# Send test webhook
-curl -X POST https://your-ngrok-url/webhooks/supabase \
-  -H "Content-Type: application/json" \
-  -d '{"type": "test", "data": {}}'
-```
+See [signature-verification.md](references/signature-verification.md) for Node.js HMAC signature verification.
+
+See [event-handler-pattern.md](references/event-handler-pattern.md) for a typed event dispatcher pattern.
 
 ## Resources
-- [Supabase Webhooks Guide](https://supabase.com/docs/webhooks)
-- [Webhook Security Best Practices](https://supabase.com/docs/webhooks/security)
+
+- [Database Webhooks](https://supabase.com/docs/guides/database/webhooks) — configure via Dashboard or SQL
+- [pg_net Extension](https://supabase.com/docs/guides/database/extensions/pg_net) — async HTTP from PostgreSQL
+- [Edge Functions](https://supabase.com/docs/guides/functions) — Deno-based serverless handlers
+- [Realtime postgres_changes](https://supabase.com/docs/guides/realtime/postgres-changes) — client-side subscriptions
+- [Auth Hooks](https://supabase.com/docs/guides/auth/auth-hooks) — custom JWT claims and login events
+- [supabase-js Reference](https://supabase.com/docs/reference/javascript/subscribe) — `channel().on()` API
 
 ## Next Steps
-For performance optimization, see `supabase-performance-tuning`.
+
+For performance optimization of triggers and queries, see `supabase-performance-tuning`. For production hardening including RLS policies on webhook-accessed tables, see `supabase-security-basics`.

package/skills/supabase-webhooks-events/references/errors.md

@@ -0,0 +1,55 @@
+# Error Handling Reference
+
+## Database Trigger Errors
+
+| Issue | Cause | Solution |
+|-------|-------|----------|
+| Trigger not firing | Trigger disabled or not attached | `ALTER TABLE orders ENABLE TRIGGER on_order_created;` and verify with `SELECT tgname, tgenabled FROM pg_trigger WHERE tgrelid = 'orders'::regclass;` |
+| `pg_net` 404 response | Edge Function URL wrong or not deployed | Run `supabase functions deploy <name>`, check URL matches project ref |
+| `pg_net` 401 response | Missing or invalid Authorization header | Set service role key via `ALTER DATABASE postgres SET app.settings.service_role_key = 'your-key';` |
+| Trigger silently fails | `SECURITY DEFINER` without explicit `search_path` | Add `SET search_path = public, extensions;` to the function definition |
+| `net._http_response` empty | Extension not enabled or wrong schema | `CREATE EXTENSION IF NOT EXISTS pg_net WITH SCHEMA extensions;` |
+| Payload too large for NOTIFY | NOTIFY payload exceeds 8000 bytes | Send only record IDs, fetch full data in the listener |
+| Duplicate trigger execution | Multiple triggers on same event | Review with `SELECT * FROM pg_trigger WHERE tgrelid = 'orders'::regclass;` |
+
+## Edge Function Errors
+
+| Issue | Cause | Solution |
+|-------|-------|----------|
+| Invalid signature (401) | Webhook secret mismatch or encoding issue | Verify both sides use the same secret and UTF-8 encoding |
+| Function timeout | Processing takes too long (default 60s) | Offload heavy work to a queue; return 200 immediately |
+| Duplicate processing | No idempotency check | Add `processed_events` table with unique `event_id` constraint |
+| JSON parse error | Malformed payload from trigger | Wrap `JSON.parse()` in try/catch, return 400 with details |
+| CORS errors on Realtime | Browser blocks WebSocket | Ensure Supabase URL is correct; Realtime uses WSS, not HTTP |
+
+## Realtime Subscription Errors
+
+| Issue | Cause | Solution |
+|-------|-------|----------|
+| No events received | Table not in Realtime publication | Dashboard > Database > Replication > toggle table on |
+| Subscription status `CHANNEL_ERROR` | RLS policy blocks the subscription | Ensure anon/authenticated role has SELECT on the table |
+| Stale data after reconnect | Client missed events during disconnect | Re-fetch data on `SUBSCRIBED` status callback |
+| Too many channels | Client opening channels without cleanup | Call `supabase.removeChannel(channel)` when unmounting |
+
+## Debugging Commands
+
+```sql
+-- List all triggers on a table
+SELECT tgname, tgenabled, tgtype, pg_get_triggerdef(oid)
+FROM pg_trigger
+WHERE tgrelid = 'public.orders'::regclass
+AND NOT tgisinternal;
+
+-- Check pg_net response log
+SELECT id, status_code, content, created
+FROM net._http_response
+WHERE status_code >= 400
+ORDER BY created DESC
+LIMIT 20;
+
+-- Verify pg_net extension is active
+SELECT extname, extversion FROM pg_extension WHERE extname = 'pg_net';
+```
+
+---
+*[Tons of Skills](https://tonsofskills.com) by [Intent Solutions](https://intentsolutions.io) | [jeremylongshore.com](https://jeremylongshore.com)*