Demo: the real backend contract of MercyNight, a party-music app ← back to landing
Contract Cockpit mercy_night_supabase_contract v1.0.0 2026-06-11 · ref: atoqfwltxzwjsuyfudif

Drift

Findings from doctor — contract lint rules (DR0xx) and, when run with --db-url, real drift between the contract and the live database (DR1xx).

0 error
2 warn
0 info
report: /Users/udi/work/moinsen/opensource/supabase_client_gen/landing/.astro-demo-doctor.json

warn security smell or contract gap — review

DR003 data_model.public.user_public_profiles.client_access

View 'user_public_profiles' declares insert/update/delete access, but views never get mutation methods.

fix Remove the mutation entries from client_access — only select applies to a view.

DR007 storage.buckets.avatars

Bucket 'avatars' is public — every object is readable (and listable via the API) by anyone with the URL.

fix Confirm nothing sensitive lands here, or set public: false and serve signed URLs.