refactor: flatten monorepo structure to backend/ frontend/ devops/

Rename subdirectories for a cleaner single-repo layout: - website-monitoring-backend/ → backend/ - website-monitoring-frontend/ → frontend/ - website-monitoring-devops/ → devops/ Update all references in package.json scripts, CI workflows, docker-compose, pre-commit hooks, and documentation. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-03-07 00:25:29 +01:00
parent 4607af8def
commit 50e25e3ee8
253 changed files with 54 additions and 51 deletions
@@ -0,0 +1,8 @@
+# Supabase
+.branches
+.temp
+
+# dotenvx
+.env.keys
+.env.local
+.env.*.local
@@ -0,0 +1,334 @@
+# For detailed configuration reference documentation, visit:
+# https://supabase.com/docs/guides/local-development/cli/config
+# A string used to distinguish different Supabase projects on the same host. Defaults to the
+# working directory name when running `supabase init`.
+project_id = "website-monitoring"
+
+[api]
+enabled = true
+# Port to use for the API URL.
+port = 54321
+# Schemas to expose in your API. Tables, views and stored procedures in this schema will get API
+# endpoints. `public` and `graphql_public` schemas are included by default.
+schemas = ["public", "graphql_public"]
+# Extra schemas to add to the search_path of every request.
+extra_search_path = ["public", "extensions"]
+# The maximum number of rows returns from a view, table, or stored procedure. Limits payload size
+# for accidental or malicious requests.
+max_rows = 1000
+
+[api.tls]
+# Enable HTTPS endpoints locally using a self-signed certificate.
+enabled = false
+
+[db]
+# Port to use for the local database URL.
+port = 54322
+# Port used by db diff command to initialize the shadow database.
+shadow_port = 54320
+# The database major version to use. This has to be the same as your remote database's. Run `SHOW
+# server_version;` on the remote database to check.
+major_version = 17
+
+[db.pooler]
+enabled = false
+# Port to use for the local connection pooler.
+port = 54329
+# Specifies when a server connection can be reused by other clients.
+# Configure one of the supported pooler modes: `transaction`, `session`.
+pool_mode = "transaction"
+# How many server connections to allow per user/database pair.
+default_pool_size = 20
+# Maximum number of client connections allowed.
+max_client_conn = 100
+
+# [db.vault]
+# secret_key = "env(SECRET_VALUE)"
+
+[db.migrations]
+# If disabled, migrations will be skipped during a db push or reset.
+enabled = true
+# Specifies an ordered list of schema files that describe your database.
+# Supports glob patterns relative to supabase directory: "./schemas/*.sql"
+schema_paths = []
+
+[db.seed]
+# If enabled, seeds the database after migrations during a db reset.
+enabled = true
+# Specifies an ordered list of seed files to load during db reset.
+# Supports glob patterns relative to supabase directory: "./seeds/*.sql"
+sql_paths = ["./seed.sql"]
+
+[db.network_restrictions]
+# Enable management of network restrictions.
+enabled = false
+# List of IPv4 CIDR blocks allowed to connect to the database.
+# Defaults to allow all IPv4 connections. Set empty array to block all IPs.
+allowed_cidrs = ["0.0.0.0/0"]
+# List of IPv6 CIDR blocks allowed to connect to the database.
+# Defaults to allow all IPv6 connections. Set empty array to block all IPs.
+allowed_cidrs_v6 = ["::/0"]
+
+[realtime]
+enabled = true
+# Bind realtime via either IPv4 or IPv6. (default: IPv4)
+# ip_version = "IPv6"
+# The maximum length in bytes of HTTP request headers. (default: 4096)
+# max_header_length = 4096
+
+[studio]
+enabled = true
+# Port to use for Supabase Studio.
+port = 54323
+# External URL of the API server that frontend connects to.
+api_url = "http://127.0.0.1"
+# OpenAI API Key to use for Supabase AI in the Supabase Studio.
+openai_api_key = "env(OPENAI_API_KEY)"
+
+# Email testing server. Emails sent with the local dev setup are not actually sent - rather, they
+# are monitored, and you can view the emails that would have been sent from the web interface.
+[inbucket]
+enabled = true
+# Port to use for the email testing server web interface.
+port = 54324
+# Uncomment to expose additional ports for testing user applications that send emails.
+# smtp_port = 54325
+# pop3_port = 54326
+# admin_email = "admin@email.com"
+# sender_name = "Admin"
+
+[storage]
+enabled = true
+# The maximum file size allowed (e.g. "5MB", "500KB").
+file_size_limit = "50MiB"
+
+# Image transformation API is available to Supabase Pro plan.
+# [storage.image_transformation]
+# enabled = true
+
+# Uncomment to configure local storage buckets
+# [storage.buckets.images]
+# public = false
+# file_size_limit = "50MiB"
+# allowed_mime_types = ["image/png", "image/jpeg"]
+# objects_path = "./images"
+
+[auth]
+enabled = true
+# The base URL of your website. Used as an allow-list for redirects and for constructing URLs used
+# in emails.
+site_url = "http://127.0.0.1:3000"
+# A list of *exact* URLs that auth providers are permitted to redirect to post authentication.
+additional_redirect_urls = ["https://127.0.0.1:3000"]
+# How long tokens are valid for, in seconds. Defaults to 3600 (1 hour), maximum 604,800 (1 week).
+jwt_expiry = 3600
+# Path to JWT signing key. DO NOT commit your signing keys file to git.
+# signing_keys_path = "./signing_keys.json"
+# If disabled, the refresh token will never expire.
+enable_refresh_token_rotation = true
+# Allows refresh tokens to be reused after expiry, up to the specified interval in seconds.
+# Requires enable_refresh_token_rotation = true.
+refresh_token_reuse_interval = 10
+# Allow/disallow new user signups to your project.
+enable_signup = true
+# Allow/disallow anonymous sign-ins to your project.
+enable_anonymous_sign_ins = false
+# Allow/disallow testing manual linking of accounts
+enable_manual_linking = false
+# Passwords shorter than this value will be rejected as weak. Minimum 6, recommended 8 or more.
+minimum_password_length = 6
+# Passwords that do not meet the following requirements will be rejected as weak. Supported values
+# are: `letters_digits`, `lower_upper_letters_digits`, `lower_upper_letters_digits_symbols`
+password_requirements = ""
+
+[auth.rate_limit]
+# Number of emails that can be sent per hour. Requires auth.email.smtp to be enabled.
+email_sent = 2
+# Number of SMS messages that can be sent per hour. Requires auth.sms to be enabled.
+sms_sent = 30
+# Number of anonymous sign-ins that can be made per hour per IP address. Requires enable_anonymous_sign_ins = true.
+anonymous_users = 30
+# Number of sessions that can be refreshed in a 5 minute interval per IP address.
+token_refresh = 150
+# Number of sign up and sign-in requests that can be made in a 5 minute interval per IP address (excludes anonymous users).
+sign_in_sign_ups = 30
+# Number of OTP / Magic link verifications that can be made in a 5 minute interval per IP address.
+token_verifications = 30
+# Number of Web3 logins that can be made in a 5 minute interval per IP address.
+web3 = 30
+
+# Configure one of the supported captcha providers: `hcaptcha`, `turnstile`.
+# [auth.captcha]
+# enabled = true
+# provider = "hcaptcha"
+# secret = ""
+
+[auth.email]
+# Allow/disallow new user signups via email to your project.
+enable_signup = true
+# If enabled, a user will be required to confirm any email change on both the old, and new email
+# addresses. If disabled, only the new email is required to confirm.
+double_confirm_changes = true
+# If enabled, users need to confirm their email address before signing in.
+enable_confirmations = false
+# If enabled, users will need to reauthenticate or have logged in recently to change their password.
+secure_password_change = false
+# Controls the minimum amount of time that must pass before sending another signup confirmation or password reset email.
+max_frequency = "1s"
+# Number of characters used in the email OTP.
+otp_length = 6
+# Number of seconds before the email OTP expires (defaults to 1 hour).
+otp_expiry = 3600
+
+# Use a production-ready SMTP server
+# [auth.email.smtp]
+# enabled = true
+# host = "smtp.sendgrid.net"
+# port = 587
+# user = "apikey"
+# pass = "env(SENDGRID_API_KEY)"
+# admin_email = "admin@email.com"
+# sender_name = "Admin"
+
+# Uncomment to customize email template
+# [auth.email.template.invite]
+# subject = "You have been invited"
+# content_path = "./supabase/templates/invite.html"
+
+[auth.sms]
+# Allow/disallow new user signups via SMS to your project.
+enable_signup = false
+# If enabled, users need to confirm their phone number before signing in.
+enable_confirmations = false
+# Template for sending OTP to users
+template = "Your code is {{ .Code }}"
+# Controls the minimum amount of time that must pass before sending another sms otp.
+max_frequency = "5s"
+
+# Use pre-defined map of phone number to OTP for testing.
+# [auth.sms.test_otp]
+# 4152127777 = "123456"
+
+# Configure logged in session timeouts.
+# [auth.sessions]
+# Force log out after the specified duration.
+# timebox = "24h"
+# Force log out if the user has been inactive longer than the specified duration.
+# inactivity_timeout = "8h"
+
+# This hook runs before a new user is created and allows developers to reject the request based on the incoming user object.
+# [auth.hook.before_user_created]
+# enabled = true
+# uri = "pg-functions://postgres/auth/before-user-created-hook"
+
+# This hook runs before a token is issued and allows you to add additional claims based on the authentication method used.
+# [auth.hook.custom_access_token]
+# enabled = true
+# uri = "pg-functions://<database>/<schema>/<hook_name>"
+
+# Configure one of the supported SMS providers: `twilio`, `twilio_verify`, `messagebird`, `textlocal`, `vonage`.
+[auth.sms.twilio]
+enabled = false
+account_sid = ""
+message_service_sid = ""
+# DO NOT commit your Twilio auth token to git. Use environment variable substitution instead:
+auth_token = "env(SUPABASE_AUTH_SMS_TWILIO_AUTH_TOKEN)"
+
+# Multi-factor-authentication is available to Supabase Pro plan.
+[auth.mfa]
+# Control how many MFA factors can be enrolled at once per user.
+max_enrolled_factors = 10
+
+# Control MFA via App Authenticator (TOTP)
+[auth.mfa.totp]
+enroll_enabled = false
+verify_enabled = false
+
+# Configure MFA via Phone Messaging
+[auth.mfa.phone]
+enroll_enabled = false
+verify_enabled = false
+otp_length = 6
+template = "Your code is {{ .Code }}"
+max_frequency = "5s"
+
+# Configure MFA via WebAuthn
+# [auth.mfa.web_authn]
+# enroll_enabled = true
+# verify_enabled = true
+
+# Use an external OAuth provider. The full list of providers are: `apple`, `azure`, `bitbucket`,
+# `discord`, `facebook`, `github`, `gitlab`, `google`, `keycloak`, `linkedin_oidc`, `notion`, `twitch`,
+# `twitter`, `slack`, `spotify`, `workos`, `zoom`.
+[auth.external.apple]
+enabled = false
+client_id = ""
+# DO NOT commit your OAuth provider secret to git. Use environment variable substitution instead:
+secret = "env(SUPABASE_AUTH_EXTERNAL_APPLE_SECRET)"
+# Overrides the default auth redirectUrl.
+redirect_uri = ""
+# Overrides the default auth provider URL. Used to support self-hosted gitlab, single-tenant Azure,
+# or any other third-party OIDC providers.
+url = ""
+# If enabled, the nonce check will be skipped. Required for local sign in with Google auth.
+skip_nonce_check = false
+
+# Allow Solana wallet holders to sign in to your project via the Sign in with Solana (SIWS, EIP-4361) standard.
+# You can configure "web3" rate limit in the [auth.rate_limit] section and set up [auth.captcha] if self-hosting.
+[auth.web3.solana]
+enabled = false
+
+# Use Firebase Auth as a third-party provider alongside Supabase Auth.
+[auth.third_party.firebase]
+enabled = false
+# project_id = "my-firebase-project"
+
+# Use Auth0 as a third-party provider alongside Supabase Auth.
+[auth.third_party.auth0]
+enabled = false
+# tenant = "my-auth0-tenant"
+# tenant_region = "us"
+
+# Use AWS Cognito (Amplify) as a third-party provider alongside Supabase Auth.
+[auth.third_party.aws_cognito]
+enabled = false
+# user_pool_id = "my-user-pool-id"
+# user_pool_region = "us-east-1"
+
+# Use Clerk as a third-party provider alongside Supabase Auth.
+[auth.third_party.clerk]
+enabled = false
+# Obtain from https://clerk.com/setup/supabase
+# domain = "example.clerk.accounts.dev"
+
+[edge_runtime]
+enabled = true
+# Configure one of the supported request policies: `oneshot`, `per_worker`.
+# Use `oneshot` for hot reload, or `per_worker` for load testing.
+policy = "oneshot"
+# Port to attach the Chrome inspector for debugging edge functions.
+inspector_port = 8083
+# The Deno major version to use.
+deno_version = 1
+
+# [edge_runtime.secrets]
+# secret_key = "env(SECRET_VALUE)"
+
+[analytics]
+enabled = false
+port = 54327
+# Configure one of the supported backends: `postgres`, `bigquery`.
+backend = "postgres"
+
+# Experimental features may be deprecated any time
+[experimental]
+# Configures Postgres storage engine to use OrioleDB (S3)
+orioledb_version = ""
+# Configures S3 bucket URL, eg. <bucket_name>.s3-<region>.amazonaws.com
+s3_host = "env(S3_HOST)"
+# Configures S3 bucket region, eg. us-east-1
+s3_region = "env(S3_REGION)"
+# Configures AWS_ACCESS_KEY_ID for S3 bucket
+s3_access_key = "env(S3_ACCESS_KEY)"
+# Configures AWS_SECRET_ACCESS_KEY for S3 bucket
+s3_secret_key = "env(S3_SECRET_KEY)"
@@ -0,0 +1,424 @@
+revoke delete on table "auth"."audit_log_entries" from "postgres";
+
+revoke insert on table "auth"."audit_log_entries" from "postgres";
+
+revoke references on table "auth"."audit_log_entries" from "postgres";
+
+revoke select on table "auth"."audit_log_entries" from "postgres";
+
+revoke trigger on table "auth"."audit_log_entries" from "postgres";
+
+revoke truncate on table "auth"."audit_log_entries" from "postgres";
+
+revoke update on table "auth"."audit_log_entries" from "postgres";
+
+revoke delete on table "auth"."flow_state" from "postgres";
+
+revoke insert on table "auth"."flow_state" from "postgres";
+
+revoke references on table "auth"."flow_state" from "postgres";
+
+revoke select on table "auth"."flow_state" from "postgres";
+
+revoke trigger on table "auth"."flow_state" from "postgres";
+
+revoke truncate on table "auth"."flow_state" from "postgres";
+
+revoke update on table "auth"."flow_state" from "postgres";
+
+revoke delete on table "auth"."identities" from "postgres";
+
+revoke insert on table "auth"."identities" from "postgres";
+
+revoke references on table "auth"."identities" from "postgres";
+
+revoke select on table "auth"."identities" from "postgres";
+
+revoke trigger on table "auth"."identities" from "postgres";
+
+revoke truncate on table "auth"."identities" from "postgres";
+
+revoke update on table "auth"."identities" from "postgres";
+
+revoke delete on table "auth"."instances" from "postgres";
+
+revoke insert on table "auth"."instances" from "postgres";
+
+revoke references on table "auth"."instances" from "postgres";
+
+revoke select on table "auth"."instances" from "postgres";
+
+revoke trigger on table "auth"."instances" from "postgres";
+
+revoke truncate on table "auth"."instances" from "postgres";
+
+revoke update on table "auth"."instances" from "postgres";
+
+revoke delete on table "auth"."mfa_amr_claims" from "postgres";
+
+revoke insert on table "auth"."mfa_amr_claims" from "postgres";
+
+revoke references on table "auth"."mfa_amr_claims" from "postgres";
+
+revoke select on table "auth"."mfa_amr_claims" from "postgres";
+
+revoke trigger on table "auth"."mfa_amr_claims" from "postgres";
+
+revoke truncate on table "auth"."mfa_amr_claims" from "postgres";
+
+revoke update on table "auth"."mfa_amr_claims" from "postgres";
+
+revoke delete on table "auth"."mfa_challenges" from "postgres";
+
+revoke insert on table "auth"."mfa_challenges" from "postgres";
+
+revoke references on table "auth"."mfa_challenges" from "postgres";
+
+revoke select on table "auth"."mfa_challenges" from "postgres";
+
+revoke trigger on table "auth"."mfa_challenges" from "postgres";
+
+revoke truncate on table "auth"."mfa_challenges" from "postgres";
+
+revoke update on table "auth"."mfa_challenges" from "postgres";
+
+revoke delete on table "auth"."mfa_factors" from "postgres";
+
+revoke insert on table "auth"."mfa_factors" from "postgres";
+
+revoke references on table "auth"."mfa_factors" from "postgres";
+
+revoke select on table "auth"."mfa_factors" from "postgres";
+
+revoke trigger on table "auth"."mfa_factors" from "postgres";
+
+revoke truncate on table "auth"."mfa_factors" from "postgres";
+
+revoke update on table "auth"."mfa_factors" from "postgres";
+
+revoke delete on table "auth"."one_time_tokens" from "postgres";
+
+revoke insert on table "auth"."one_time_tokens" from "postgres";
+
+revoke references on table "auth"."one_time_tokens" from "postgres";
+
+revoke select on table "auth"."one_time_tokens" from "postgres";
+
+revoke trigger on table "auth"."one_time_tokens" from "postgres";
+
+revoke truncate on table "auth"."one_time_tokens" from "postgres";
+
+revoke update on table "auth"."one_time_tokens" from "postgres";
+
+revoke delete on table "auth"."refresh_tokens" from "postgres";
+
+revoke insert on table "auth"."refresh_tokens" from "postgres";
+
+revoke references on table "auth"."refresh_tokens" from "postgres";
+
+revoke select on table "auth"."refresh_tokens" from "postgres";
+
+revoke trigger on table "auth"."refresh_tokens" from "postgres";
+
+revoke truncate on table "auth"."refresh_tokens" from "postgres";
+
+revoke update on table "auth"."refresh_tokens" from "postgres";
+
+revoke delete on table "auth"."saml_providers" from "postgres";
+
+revoke insert on table "auth"."saml_providers" from "postgres";
+
+revoke references on table "auth"."saml_providers" from "postgres";
+
+revoke select on table "auth"."saml_providers" from "postgres";
+
+revoke trigger on table "auth"."saml_providers" from "postgres";
+
+revoke truncate on table "auth"."saml_providers" from "postgres";
+
+revoke update on table "auth"."saml_providers" from "postgres";
+
+revoke delete on table "auth"."saml_relay_states" from "postgres";
+
+revoke insert on table "auth"."saml_relay_states" from "postgres";
+
+revoke references on table "auth"."saml_relay_states" from "postgres";
+
+revoke select on table "auth"."saml_relay_states" from "postgres";
+
+revoke trigger on table "auth"."saml_relay_states" from "postgres";
+
+revoke truncate on table "auth"."saml_relay_states" from "postgres";
+
+revoke update on table "auth"."saml_relay_states" from "postgres";
+
+revoke select on table "auth"."schema_migrations" from "postgres";
+
+revoke delete on table "auth"."sessions" from "postgres";
+
+revoke insert on table "auth"."sessions" from "postgres";
+
+revoke references on table "auth"."sessions" from "postgres";
+
+revoke select on table "auth"."sessions" from "postgres";
+
+revoke trigger on table "auth"."sessions" from "postgres";
+
+revoke truncate on table "auth"."sessions" from "postgres";
+
+revoke update on table "auth"."sessions" from "postgres";
+
+revoke delete on table "auth"."sso_domains" from "postgres";
+
+revoke insert on table "auth"."sso_domains" from "postgres";
+
+revoke references on table "auth"."sso_domains" from "postgres";
+
+revoke select on table "auth"."sso_domains" from "postgres";
+
+revoke trigger on table "auth"."sso_domains" from "postgres";
+
+revoke truncate on table "auth"."sso_domains" from "postgres";
+
+revoke update on table "auth"."sso_domains" from "postgres";
+
+revoke delete on table "auth"."sso_providers" from "postgres";
+
+revoke insert on table "auth"."sso_providers" from "postgres";
+
+revoke references on table "auth"."sso_providers" from "postgres";
+
+revoke select on table "auth"."sso_providers" from "postgres";
+
+revoke trigger on table "auth"."sso_providers" from "postgres";
+
+revoke truncate on table "auth"."sso_providers" from "postgres";
+
+revoke update on table "auth"."sso_providers" from "postgres";
+
+revoke delete on table "auth"."users" from "postgres";
+
+revoke insert on table "auth"."users" from "postgres";
+
+revoke references on table "auth"."users" from "postgres";
+
+revoke select on table "auth"."users" from "postgres";
+
+revoke trigger on table "auth"."users" from "postgres";
+
+revoke truncate on table "auth"."users" from "postgres";
+
+revoke update on table "auth"."users" from "postgres";
+
+set check_function_bodies = off;
+
+CREATE OR REPLACE FUNCTION public.handle_new_user()
+ RETURNS trigger
+ LANGUAGE plpgsql
+ SECURITY DEFINER
+ SET search_path TO 'public'
+AS $function$
+DECLARE
+  organization_id UUID;
+BEGIN
+  -- First create organization if it doesn't exist
+  INSERT INTO public.organizations (
+    name,
+    subscription_tier,
+    subscription_status
+  ) VALUES (
+    COALESCE(NEW.raw_user_meta_data->>'organization_name', NEW.raw_user_meta_data->>'name' || '''s Organization'),
+    'free',
+    'active'
+  )
+  RETURNING id INTO organization_id;
+
+  -- Then create the user profile
+  INSERT INTO public.users (
+    id,
+    email,
+    name,
+    organization_id,
+    role,
+    is_active,
+    settings,
+    created_at,
+    updated_at
+  ) VALUES (
+    NEW.id,
+    NEW.email,
+    COALESCE(NEW.raw_user_meta_data->>'name', split_part(NEW.email, '@', 1)),
+    organization_id,
+    COALESCE(NEW.raw_user_meta_data->>'role', 'viewer')::user_role,
+    true,
+    jsonb_build_object(
+      'email_notifications', true,
+      'notification_frequency', 'instant',
+      'dashboard_layout', 'default'
+    ),
+    NOW(),
+    NOW()
+  );
+
+  RETURN NEW;
+EXCEPTION
+  WHEN others THEN
+    -- Log the error (will appear in Postgres logs)
+    RAISE LOG 'Error in handle_new_user: %', SQLERRM;
+    RETURN NEW;
+END;
+$function$
+;
+
+DROP TRIGGER IF EXISTS on_auth_user_created ON auth.users;
+CREATE TRIGGER on_auth_user_created AFTER INSERT ON auth.users FOR EACH ROW EXECUTE FUNCTION public.handle_new_user();
+
+revoke delete on table "storage"."buckets" from "anon";
+
+revoke insert on table "storage"."buckets" from "anon";
+
+revoke references on table "storage"."buckets" from "anon";
+
+revoke select on table "storage"."buckets" from "anon";
+
+revoke trigger on table "storage"."buckets" from "anon";
+
+revoke truncate on table "storage"."buckets" from "anon";
+
+revoke update on table "storage"."buckets" from "anon";
+
+revoke delete on table "storage"."buckets" from "authenticated";
+
+revoke insert on table "storage"."buckets" from "authenticated";
+
+revoke references on table "storage"."buckets" from "authenticated";
+
+revoke select on table "storage"."buckets" from "authenticated";
+
+revoke trigger on table "storage"."buckets" from "authenticated";
+
+revoke truncate on table "storage"."buckets" from "authenticated";
+
+revoke update on table "storage"."buckets" from "authenticated";
+
+revoke delete on table "storage"."buckets" from "postgres";
+
+revoke insert on table "storage"."buckets" from "postgres";
+
+revoke references on table "storage"."buckets" from "postgres";
+
+revoke select on table "storage"."buckets" from "postgres";
+
+revoke trigger on table "storage"."buckets" from "postgres";
+
+revoke truncate on table "storage"."buckets" from "postgres";
+
+revoke update on table "storage"."buckets" from "postgres";
+
+revoke delete on table "storage"."buckets" from "service_role";
+
+revoke insert on table "storage"."buckets" from "service_role";
+
+revoke references on table "storage"."buckets" from "service_role";
+
+revoke select on table "storage"."buckets" from "service_role";
+
+revoke trigger on table "storage"."buckets" from "service_role";
+
+revoke truncate on table "storage"."buckets" from "service_role";
+
+revoke update on table "storage"."buckets" from "service_role";
+
+revoke delete on table "storage"."objects" from "anon";
+
+revoke insert on table "storage"."objects" from "anon";
+
+revoke references on table "storage"."objects" from "anon";
+
+revoke select on table "storage"."objects" from "anon";
+
+revoke trigger on table "storage"."objects" from "anon";
+
+revoke truncate on table "storage"."objects" from "anon";
+
+revoke update on table "storage"."objects" from "anon";
+
+revoke delete on table "storage"."objects" from "authenticated";
+
+revoke insert on table "storage"."objects" from "authenticated";
+
+revoke references on table "storage"."objects" from "authenticated";
+
+revoke select on table "storage"."objects" from "authenticated";
+
+revoke trigger on table "storage"."objects" from "authenticated";
+
+revoke truncate on table "storage"."objects" from "authenticated";
+
+revoke update on table "storage"."objects" from "authenticated";
+
+revoke delete on table "storage"."objects" from "postgres";
+
+revoke insert on table "storage"."objects" from "postgres";
+
+revoke references on table "storage"."objects" from "postgres";
+
+revoke select on table "storage"."objects" from "postgres";
+
+revoke trigger on table "storage"."objects" from "postgres";
+
+revoke truncate on table "storage"."objects" from "postgres";
+
+revoke update on table "storage"."objects" from "postgres";
+
+revoke delete on table "storage"."objects" from "service_role";
+
+revoke insert on table "storage"."objects" from "service_role";
+
+revoke references on table "storage"."objects" from "service_role";
+
+revoke select on table "storage"."objects" from "service_role";
+
+revoke trigger on table "storage"."objects" from "service_role";
+
+revoke truncate on table "storage"."objects" from "service_role";
+
+revoke update on table "storage"."objects" from "service_role";
+
+revoke select on table "storage"."s3_multipart_uploads" from "anon";
+
+revoke select on table "storage"."s3_multipart_uploads" from "authenticated";
+
+revoke delete on table "storage"."s3_multipart_uploads" from "service_role";
+
+revoke insert on table "storage"."s3_multipart_uploads" from "service_role";
+
+revoke references on table "storage"."s3_multipart_uploads" from "service_role";
+
+revoke select on table "storage"."s3_multipart_uploads" from "service_role";
+
+revoke trigger on table "storage"."s3_multipart_uploads" from "service_role";
+
+revoke truncate on table "storage"."s3_multipart_uploads" from "service_role";
+
+revoke update on table "storage"."s3_multipart_uploads" from "service_role";
+
+revoke select on table "storage"."s3_multipart_uploads_parts" from "anon";
+
+revoke select on table "storage"."s3_multipart_uploads_parts" from "authenticated";
+
+revoke delete on table "storage"."s3_multipart_uploads_parts" from "service_role";
+
+revoke insert on table "storage"."s3_multipart_uploads_parts" from "service_role";
+
+revoke references on table "storage"."s3_multipart_uploads_parts" from "service_role";
+
+revoke select on table "storage"."s3_multipart_uploads_parts" from "service_role";
+
+revoke trigger on table "storage"."s3_multipart_uploads_parts" from "service_role";
+
+revoke truncate on table "storage"."s3_multipart_uploads_parts" from "service_role";
+
+revoke update on table "storage"."s3_multipart_uploads_parts" from "service_role";
+
+
@@ -0,0 +1,86 @@
+-- Add missing enum types
+DO $$ BEGIN
+    CREATE TYPE scan_status AS ENUM ('pending', 'queued', 'running', 'completed', 'failed', 'cancelled');
+EXCEPTION
+    WHEN duplicate_object THEN null;
+END $$;
+
+DO $$ BEGIN
+    CREATE TYPE severity_level AS ENUM ('low', 'medium', 'high', 'critical');
+EXCEPTION
+    WHEN duplicate_object THEN null;
+END $$;
+
+DO $$ BEGIN
+    CREATE TYPE comparison_operator AS ENUM ('equals', 'not_equals', 'greater_than', 'less_than', 'contains', 'not_contains');
+EXCEPTION
+    WHEN duplicate_object THEN null;
+END $$;
+
+-- Add missing columns to scans table
+ALTER TABLE scans ADD COLUMN IF NOT EXISTS scheduled_at TIMESTAMP WITH TIME ZONE;
+ALTER TABLE scans ADD COLUMN IF NOT EXISTS trigger_type TEXT DEFAULT 'manual';
+ALTER TABLE scans ADD COLUMN IF NOT EXISTS website_id UUID REFERENCES websites(id);
+ALTER TABLE scans ADD COLUMN IF NOT EXISTS triggered_by UUID REFERENCES auth.users(id);
+ALTER TABLE scans ADD COLUMN IF NOT EXISTS scan_type TEXT DEFAULT 'lighthouse';
+ALTER TABLE scans ADD COLUMN IF NOT EXISTS priority INTEGER DEFAULT 5;
+ALTER TABLE scans ADD COLUMN IF NOT EXISTS categories TEXT[] DEFAULT ARRAY['performance', 'seo', 'accessibility', 'best_practices'];
+ALTER TABLE scans ADD COLUMN IF NOT EXISTS device_type TEXT DEFAULT 'desktop';
+ALTER TABLE scans ADD COLUMN IF NOT EXISTS user_agent TEXT;
+ALTER TABLE scans ADD COLUMN IF NOT EXISTS lighthouse_version TEXT;
+ALTER TABLE scans ADD COLUMN IF NOT EXISTS chrome_version TEXT;
+ALTER TABLE scans ADD COLUMN IF NOT EXISTS environment TEXT DEFAULT 'production';
+ALTER TABLE scans ADD COLUMN IF NOT EXISTS started_at TIMESTAMP WITH TIME ZONE;
+ALTER TABLE scans ADD COLUMN IF NOT EXISTS completed_at TIMESTAMP WITH TIME ZONE;
+ALTER TABLE scans ADD COLUMN IF NOT EXISTS duration_ms INTEGER;
+ALTER TABLE scans ADD COLUMN IF NOT EXISTS error_message TEXT;
+ALTER TABLE scans ADD COLUMN IF NOT EXISTS retry_count INTEGER DEFAULT 0;
+ALTER TABLE scans ADD COLUMN IF NOT EXISTS metadata JSONB DEFAULT '{}';
+ALTER TABLE scans ADD COLUMN IF NOT EXISTS updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW();
+
+-- Add missing columns to pages table
+ALTER TABLE pages ADD COLUMN IF NOT EXISTS status scan_status DEFAULT 'pending';
+ALTER TABLE pages ADD COLUMN IF NOT EXISTS last_scanned_at TIMESTAMP WITH TIME ZONE;
+ALTER TABLE pages ADD COLUMN IF NOT EXISTS scan_count INTEGER DEFAULT 0;
+ALTER TABLE pages ADD COLUMN IF NOT EXISTS metadata JSONB DEFAULT '{}';
+
+-- Add missing columns to websites table
+ALTER TABLE websites ADD COLUMN IF NOT EXISTS crawl_settings JSONB DEFAULT '{}';
+ALTER TABLE websites ADD COLUMN IF NOT EXISTS alert_settings JSONB DEFAULT '{}';
+ALTER TABLE websites ADD COLUMN IF NOT EXISTS last_crawled_at TIMESTAMP WITH TIME ZONE;
+ALTER TABLE websites ADD COLUMN IF NOT EXISTS crawl_session_id UUID;
+ALTER TABLE websites ADD COLUMN IF NOT EXISTS metadata JSONB DEFAULT '{}';
+
+-- Add missing columns to users table
+ALTER TABLE users ADD COLUMN IF NOT EXISTS organization_id UUID REFERENCES organizations(id);
+ALTER TABLE users ADD COLUMN IF NOT EXISTS role TEXT DEFAULT 'user';
+ALTER TABLE users ADD COLUMN IF NOT EXISTS preferences JSONB DEFAULT '{}';
+
+-- Add missing columns to organizations table
+ALTER TABLE organizations ADD COLUMN IF NOT EXISTS settings JSONB DEFAULT '{}';
+ALTER TABLE organizations ADD COLUMN IF NOT EXISTS subscription_plan TEXT DEFAULT 'free';
+ALTER TABLE organizations ADD COLUMN IF NOT EXISTS subscription_status TEXT DEFAULT 'active';
+
+-- Create indexes for better performance
+CREATE INDEX IF NOT EXISTS idx_scans_website_id ON scans(website_id);
+CREATE INDEX IF NOT EXISTS idx_scans_status ON scans(status);
+CREATE INDEX IF NOT EXISTS idx_scans_created_at ON scans(created_at);
+CREATE INDEX IF NOT EXISTS idx_pages_website_id ON pages(website_id);
+CREATE INDEX IF NOT EXISTS idx_pages_status ON pages(status);
+CREATE INDEX IF NOT EXISTS idx_users_organization_id ON users(organization_id);
+
+-- Add triggers for updated_at
+CREATE OR REPLACE FUNCTION update_updated_at_column()
+RETURNS TRIGGER AS $$
+BEGIN
+    NEW.updated_at = NOW();
+    RETURN NEW;
+END;
+$$ language 'plpgsql';
+
+CREATE TRIGGER update_scans_updated_at BEFORE UPDATE ON scans FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();
+CREATE TRIGGER update_websites_updated_at BEFORE UPDATE ON websites FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();
+CREATE TRIGGER update_pages_updated_at BEFORE UPDATE ON pages FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();
+
+-- Refresh schema cache
+NOTIFY pgrst, 'reload schema';
@@ -0,0 +1,13 @@
+-- Fix RLS policies for organization creation during registration
+-- Allow anonymous users to create organizations during signup
+
+-- Add policy for anonymous organization creation
+CREATE POLICY "Allow organization insert for anon during registration" ON "public"."organizations" 
+FOR INSERT TO "anon" WITH CHECK (true);
+
+-- Add policy for anonymous organization selection (needed to get the created org)
+CREATE POLICY "Allow organization select for anon during registration" ON "public"."organizations" 
+FOR SELECT TO "anon" USING (true);
+
+-- Refresh schema cache
+NOTIFY pgrst, 'reload schema';
@@ -0,0 +1,14 @@
+-- Fix RLS policies for user profile creation during registration
+-- The issue is that during registration, auth.uid() might not be available yet
+
+-- Add a more permissive policy for user profile creation during registration
+-- This allows inserting user profiles with the user's own ID
+CREATE POLICY "Allow user profile creation during registration" ON "public"."users" 
+FOR INSERT TO "anon" WITH CHECK (true);
+
+-- Also allow authenticated users to create their own profile
+CREATE POLICY "Allow authenticated user profile creation" ON "public"."users" 
+FOR INSERT TO "authenticated" WITH CHECK (auth.uid() = id);
+
+-- Refresh schema cache
+NOTIFY pgrst, 'reload schema';
@@ -0,0 +1,24 @@
+-- Final fix for user RLS policies
+-- Drop the conflicting policies and create the correct ones
+
+-- Drop existing conflicting policies
+DROP POLICY IF EXISTS "Allow user insert for anon" ON "public"."users";
+DROP POLICY IF EXISTS "Allow user insert for authenticated" ON "public"."users";
+DROP POLICY IF EXISTS "Allow user insert for authenticator" ON "public"."users";
+DROP POLICY IF EXISTS "Allow user insert for dashboard_user" ON "public"."users";
+
+-- Create the correct policies
+DROP POLICY IF EXISTS "Allow user profile creation during registration" ON "public"."users";
+CREATE POLICY "Allow user profile creation during registration" ON "public"."users" 
+FOR INSERT TO "anon" WITH CHECK (true);
+
+DROP POLICY IF EXISTS "Allow authenticated user profile creation" ON "public"."users";
+CREATE POLICY "Allow authenticated user profile creation" ON "public"."users" 
+FOR INSERT TO "authenticated" WITH CHECK (auth.uid() = id);
+
+DROP POLICY IF EXISTS "Allow user profile creation for service role" ON "public"."users";
+CREATE POLICY "Allow user profile creation for service role" ON "public"."users" 
+FOR INSERT TO "service_role" WITH CHECK (true);
+
+-- Refresh schema cache
+NOTIFY pgrst, 'reload schema';
@@ -0,0 +1,60 @@
+-- Comprehensive fix for user RLS policies
+-- Drop ALL existing policies and recreate them correctly
+
+-- First, disable RLS temporarily to clear all policies
+ALTER TABLE "public"."users" DISABLE ROW LEVEL SECURITY;
+
+-- Re-enable RLS
+ALTER TABLE "public"."users" ENABLE ROW LEVEL SECURITY;
+
+-- Drop ALL existing policies (if they exist)
+DROP POLICY IF EXISTS "Allow user insert for anon" ON "public"."users";
+DROP POLICY IF EXISTS "Allow user insert for authenticated" ON "public"."users";
+DROP POLICY IF EXISTS "Allow user insert for authenticator" ON "public"."users";
+DROP POLICY IF EXISTS "Allow user insert for dashboard_user" ON "public"."users";
+DROP POLICY IF EXISTS "Allow user profile creation during registration" ON "public"."users";
+DROP POLICY IF EXISTS "Allow authenticated user profile creation" ON "public"."users";
+DROP POLICY IF EXISTS "Allow user profile creation for service role" ON "public"."users";
+DROP POLICY IF EXISTS "Users can view their own profile" ON "public"."users";
+DROP POLICY IF EXISTS "Users can update their own profile" ON "public"."users";
+DROP POLICY IF EXISTS "Users can view profiles in their organization" ON "public"."users";
+
+-- Create comprehensive policies for all scenarios
+-- 1. Allow anonymous users to create profiles during registration
+CREATE POLICY "Allow user profile creation during registration" ON "public"."users" 
+FOR INSERT TO "anon" WITH CHECK (true);
+
+-- 2. Allow authenticated users to create their own profile
+CREATE POLICY "Allow authenticated user profile creation" ON "public"."users" 
+FOR INSERT TO "authenticated" WITH CHECK (auth.uid() = id);
+
+-- 3. Allow service role to create user profiles
+CREATE POLICY "Allow user profile creation for service role" ON "public"."users" 
+FOR INSERT TO "service_role" WITH CHECK (true);
+
+-- 4. Allow users to view their own profile
+CREATE POLICY "Users can view their own profile" ON "public"."users" 
+FOR SELECT TO "authenticated" USING (auth.uid() = id);
+
+-- 5. Allow users to view profiles in their organization
+CREATE POLICY "Users can view profiles in their organization" ON "public"."users" 
+FOR SELECT TO "authenticated" USING (
+  organization_id IN (
+    SELECT organization_id FROM "public"."users" WHERE id = auth.uid()
+  )
+);
+
+-- 6. Allow users to update their own profile
+CREATE POLICY "Users can update their own profile" ON "public"."users" 
+FOR UPDATE TO "authenticated" USING (auth.uid() = id);
+
+-- 7. Allow service role to view all users
+CREATE POLICY "Service role can view all users" ON "public"."users" 
+FOR SELECT TO "service_role" USING (true);
+
+-- 8. Allow service role to update all users
+CREATE POLICY "Service role can update all users" ON "public"."users" 
+FOR UPDATE TO "service_role" USING (true);
+
+-- Refresh schema cache
+NOTIFY pgrst, 'reload schema';
@@ -0,0 +1,8 @@
+-- Final fix for user RLS - temporarily disable RLS to allow user profile creation
+-- This is a temporary solution to get the registration working
+
+-- Disable RLS on users table completely
+ALTER TABLE "public"."users" DISABLE ROW LEVEL SECURITY;
+
+-- Refresh schema cache
+NOTIFY pgrst, 'reload schema';
@@ -0,0 +1,66 @@
+-- Fix the handle_new_user function to use existing organization if provided
+CREATE OR REPLACE FUNCTION public.handle_new_user()
+ RETURNS trigger
+ LANGUAGE plpgsql
+ SECURITY DEFINER
+ SET search_path TO 'public', 'auth'
+AS $function$
+DECLARE
+  organization_id UUID;
+BEGIN
+  -- Check if organization_id is provided in metadata
+  IF NEW.raw_user_meta_data->>'organization_id' IS NOT NULL THEN
+    -- Use the existing organization
+    organization_id := (NEW.raw_user_meta_data->>'organization_id')::UUID;
+  ELSE
+    -- Create new organization if none provided
+    INSERT INTO public.organizations (
+      name,
+      subscription_tier,
+      subscription_status
+    ) VALUES (
+      COALESCE(NEW.raw_user_meta_data->>'organization_name', NEW.raw_user_meta_data->>'name' || '''s Organization'),
+      'free',
+      'active'
+    )
+    RETURNING id INTO organization_id;
+  END IF;
+
+  -- Create the user profile
+  INSERT INTO public.users (
+    id,
+    email,
+    name,
+    organization_id,
+    role,
+    is_active,
+    settings,
+    created_at,
+    updated_at
+  ) VALUES (
+    NEW.id,
+    NEW.email,
+    COALESCE(NEW.raw_user_meta_data->>'name', split_part(NEW.email, '@', 1)),
+    organization_id,
+    COALESCE(NEW.raw_user_meta_data->>'role', 'owner')::user_role,
+    true,
+    jsonb_build_object(
+      'email_notifications', true,
+      'notification_frequency', 'instant',
+      'dashboard_layout', 'default'
+    ),
+    NOW(),
+    NOW()
+  );
+
+  RETURN NEW;
+EXCEPTION
+  WHEN others THEN
+    -- Log the error (will appear in Postgres logs)
+    RAISE LOG 'Error in handle_new_user: %', SQLERRM;
+    RETURN NEW;
+END;
+$function$;
+
+-- Refresh schema cache
+NOTIFY pgrst, 'reload schema';
@@ -0,0 +1,11 @@
+-- Fix crawl_sessions table by adding missing columns
+-- Add missing columns to crawl_sessions table
+ALTER TABLE crawl_sessions ADD COLUMN IF NOT EXISTS processed_urls TEXT[] DEFAULT ARRAY[]::TEXT[];
+ALTER TABLE crawl_sessions ADD COLUMN IF NOT EXISTS pages_discovered INTEGER DEFAULT 0;
+ALTER TABLE crawl_sessions ADD COLUMN IF NOT EXISTS pages_processed INTEGER DEFAULT 0;
+ALTER TABLE crawl_sessions ADD COLUMN IF NOT EXISTS current_url VARCHAR;
+ALTER TABLE crawl_sessions ADD COLUMN IF NOT EXISTS error_message TEXT;
+ALTER TABLE crawl_sessions ADD COLUMN IF NOT EXISTS metadata JSONB DEFAULT '{}'::jsonb;
+
+-- Refresh schema cache to pick up new columns
+NOTIFY pgrst, 'reload schema';
@@ -0,0 +1,21 @@
+-- Fix RLS policies for users table to allow proper user details loading
+-- Add policies for SELECT operations on users table
+
+-- Allow users to select their own profile
+CREATE POLICY "Users can select their own profile" ON public.users
+FOR SELECT USING (auth.uid() = id);
+
+-- Allow users to select profiles in their organization
+CREATE POLICY "Users can select profiles in their organization" ON public.users
+FOR SELECT USING (
+  organization_id IN (
+    SELECT organization_id FROM public.users WHERE id = auth.uid()
+  )
+);
+
+-- Allow service role to select any user (for admin operations)
+CREATE POLICY "Service role can select any user" ON public.users
+FOR SELECT USING (auth.role() = 'service_role');
+
+-- Refresh schema cache
+NOTIFY pgrst, 'reload schema';
@@ -0,0 +1,6 @@
+-- Fix crawl_sessions table by adding missing progress_percentage column
+-- Add missing progress_percentage column to crawl_sessions table
+ALTER TABLE crawl_sessions ADD COLUMN IF NOT EXISTS progress_percentage INTEGER DEFAULT 0;
+
+-- Refresh schema cache to pick up new column
+NOTIFY pgrst, 'reload schema';
@@ -0,0 +1,8 @@
+-- Add missing columns to crawl_sessions table that the API expects
+-- Add total_urls and processed_urls columns that the API is trying to insert
+ALTER TABLE crawl_sessions ADD COLUMN IF NOT EXISTS total_urls INTEGER DEFAULT 0;
+ALTER TABLE crawl_sessions ADD COLUMN IF NOT EXISTS processed_urls INTEGER DEFAULT 0;
+
+-- Refresh schema cache to pick up new columns
+NOTIFY pgrst, 'reload schema';
+
@@ -0,0 +1,6 @@
+-- Enable realtime for crawl_sessions table
+ALTER PUBLICATION supabase_realtime ADD TABLE crawl_sessions;
+
+-- Also enable for pages table for real-time page updates
+ALTER PUBLICATION supabase_realtime ADD TABLE pages;
+