Skip to main content

Sanctiv Supabase Deployment Guide

Status: Ready for deployment Date: November 18, 2025 Prerequisites: Supabase project created

Step 1: Deploy Database Schema

1.1 Run Complete Schema Migration

  1. Open your Supabase Dashboard
  2. Navigate to SQL Editor
  3. Copy the contents of /supabase/migrations/001_complete_schema.sql
  4. Paste into SQL Editor
  5. Click Run
  6. Verify output shows: “Statements executed successfully”

1.2 Seed Organizations

  1. In SQL Editor, create a new query
  2. Copy the contents of /supabase/seed.sql
  3. Click Run
  4. Verify you see 2 organizations:
    • Sanctiv (slug: sanctiv)
    • Crossroads Church (slug: crossroads)

1.3 Verify Tables Created

Run this query to confirm all tables exist: 
SELECT table_name
FROM information_schema.tables
WHERE table_schema = 'public'
AND table_name IN (
  'organizations',
  'users',
  'journal_entries',
  'ai_summaries',
  'library_items',
  'shared_content',
  'sessions',
  'encouragement_notes',
  'goals',
  'weekly_reports'
)
ORDER BY table_name;
Expected Output: 10 tables

Step 2: Configure Environment Variables

2.1 Get Supabase Credentials

  1. In Supabase Dashboard, go to Project SettingsAPI
  2. Copy these values:
    • Project URL (e.g., https://xxx.supabase.co)
    • Publishable Key (starts with sb_publishable_ - NOT legacy anon key)

2.2 Update Local .env

Update /home/user/workspace/.env: 
EXPO_PUBLIC_SUPABASE_URL=https://your-project.supabase.co
EXPO_PUBLIC_SUPABASE_KEY=sb_publishable_your-key-here

2.3 Configure EAS Secrets (For Production Builds)

Why: Production builds need Supabase credentials. EAS Secrets store these securely for Expo builds. Note: This configures how the mobile app connects to Supabase - it’s part of Supabase infrastructure deployment, not app publishing. 
# Navigate to project directory
cd /home/user/workspace

# Set Supabase URL
eas secret:create --scope project --name EXPO_PUBLIC_SUPABASE_URL --value "https://your-project.supabase.co"

# Set Supabase Key
eas secret:create --scope project --name EXPO_PUBLIC_SUPABASE_KEY --value "sb_publishable_your-key"

# Verify secrets
eas secret:list
For app publishing workflow: See docs/skills/publish/publish.md

2.4 Configure Supabase Edge Function Secrets

Edge Functions require API keys stored as Supabase secrets (not EAS secrets): 
# Set OpenAI API key for edge functions
supabase secrets set OPENAI_API_KEY=sk-your-openai-key-here

# Optional: Set CORS allowed origin (defaults to * for mobile apps)
supabase secrets set ALLOWED_ORIGIN=https://sanctiv.app

# Verify secrets are set
supabase secrets list
Note: Edge Functions use Supabase secrets, not EAS secrets. These are separate from the mobile app environment variables.

Step 3: Test Authentication Flow

3.1 Create Test User

  1. Start the app: bun start
  2. Navigate to Sign Up screen
  3. Fill in:
    • Full Name: “Test User”
    • Email: “[email protected]
    • Organization: Select “Sanctiv”
    • Password: “test1234”
    • Confirm Password: “test1234”
  4. Click Create Account
  5. Check email for verification link
  6. Click verification link

3.2 Verify User in Database

Run in Supabase SQL Editor: 
SELECT
  u.id,
  u.email,
  u.full_name,
  u.role,
  o.name as organization_name
FROM public.users u
JOIN organizations o ON u.org_id = o.id
WHERE u.email = '[email protected]';
Expected: 1 row showing test user linked to Sanctiv organization

3.3 Test Sign In

  1. In app, navigate to Login screen
  2. Enter:
  3. Click Sign In
  4. Should navigate to main app

Step 4: Test Multi-Tenancy

4.1 Create Users in Different Orgs

Create 2 test accounts:

4.2 Verify Data Isolation

  1. Sign in as [email protected]
  2. Create a journal entry
  3. Sign out
  4. Sign in as [email protected]
  5. Verify you cannot see the Sanctiv user’s journal entry
  6. Create a journal entry for Crossroads user
  7. Sign out
  8. Sign in as [email protected]
  9. Verify you cannot see the Crossroads user’s entry

4.3 Verify in Database

-- Check journal entries by organization
SELECT
  je.id,
  je.content,
  u.email,
  o.name as organization
FROM journal_entries je
JOIN users u ON je.user_id = u.id
JOIN organizations o ON je.org_id = o.id
ORDER BY o.name, je.created_at DESC;
Expected: Each entry should be linked to correct organization, no cross-contamination

Step 5: Verify RLS Policies

5.1 Test RLS with SQL

-- Should only return entries for authenticated user's org
SELECT * FROM journal_entries;

-- Should only return user's own profile
SELECT * FROM users;

-- Should only return user's organization
SELECT * FROM organizations;

5.2 Attempt Cross-Org Access (Should Fail)

-- Try to insert entry with wrong org_id (should fail)
INSERT INTO journal_entries (user_id, org_id, journal_type, content)
VALUES (
  '<your-user-id>',
  '<different-org-id>',  -- Wrong org!
  'reflection',
  'This should fail'
);
Expected: Error - RLS policy blocks the insert

Step 6: Production Deployment Checklist

Before Going Live:

  • All tables created successfully
  • Seed data loaded (Sanctiv + Crossroads orgs)
  • RLS policies tested and verified
  • Multi-tenancy tested (users cannot see other org’s data)
  • Email verification working
  • Sign up flow creates both auth user AND public.users profile
  • Environment variables configured in EAS (for production builds)
  • Sentry error tracking configured

Troubleshooting

Issue: “Missing Supabase environment variables”

Solution: Verify .env file has correct values and restart dev server

Issue: “No organization found” error

Solution:
  1. Check user profile has org_id: SELECT * FROM users WHERE id = '<user-id>'
  2. Verify org exists: SELECT * FROM organizations WHERE id = '<org-id>'
  3. Re-create user if needed

Issue: Sign up succeeds but user profile not created

Solution: Check Supabase logs for errors. May need to manually create profile: 
INSERT INTO public.users (id, org_id, email, full_name, role)
VALUES (
  '<auth-user-id>',
  '<org-id>',
  '[email protected]',
  'Full Name',
  'member'
);

Issue: Cannot see journal entries after creating them

Solution:
  1. Check RLS policies are enabled
  2. Verify user’s org_id matches entry’s org_id
  3. Check for deleted_at timestamp (soft deletes)

Next Steps

After Supabase Deployment

Once Supabase infrastructure is deployed and tested:
  1. Publish App Updates: Use /publish skill to release app updates
  2. Future Enhancements:
    • Add real-time subscriptions for live updates
    • Implement offline queue for journal entries
    • Add edge functions for AI analysis
    • Create pastor dashboard for insights

Support

Database Issues: Check Supabase logs in Dashboard → Logs Auth Issues: Check Supabase Dashboard → Authentication → Users App Errors: Check Sentry dashboard
Last Updated: November 18, 2025 Schema Version: 001_complete_schema.sql