The #1 Supabase footgun is shipping a table with Row-Level Security off. These tools make the safe path the default — scaffold it, gate it in CI, and prove tenant isolation with tests that run against a real database.
Open source, MIT, no signup. Each one makes RLS the default instead of the thing you forgot.
Auth + one table with RLS + a test that proves isolation. Clone it and start on your product.
Use this template → FREE · npm supabase-saas-kitThe CLI: scaffold a project, check your env + RLS, and generate migrations that ship RLS-safe by default.
npx supabase-saas-kit new → FREE · npm + Action airlock-rlsThe CI gate. Fails your build when a table ships exposed or a policy is permissive. Its paid tier, Airlock Monitor, is below.
npx airlock-rls →The free tools get you shipping. These get you a real SaaS — multi-tenant, billed, secure, and proven. Built and green in CI today; checkout opens the moment our payment processor clears. Reserve the founding price below.
Multi-tenant workspaces, auth, the full RLS isolation suite, tests, and deploy — the boring-but-critical foundation, built and proven. Pro adds Lemon Squeezy billing, an admin panel, and web push.
Already have an app? Just the security layer: multi-tenant auth + RLS + the isolation suite that proves it. Drop it in.
The whole testing pyramid for Next + Supabase: unit, component, e2e, and the RLS isolation harness — as a template.
The paid tier of Airlock: watches your live project between CI runs and alerts on RLS drift — the leak the gate can't catch. Its audit→drift→alert cycle is tested against a real Postgres.
Or grab a Combo and save: Frontend, Security, or the whole line. The more you take, the cheaper each piece gets.
The free tools are yours today. When the paid boilerplate's checkout opens, the list locks in the founding discount — for life. Plus a free Supabase RLS cheat sheet now.
No charge today. You're reserving the price, not buying — we email your checkout once it's live.