A web application for verifying and enforcing security compliance requirements in Supabase projects. This tool performs automated checks for Multi-Factor Authentication (MFA), Row Level Security (RLS), and Point in Time Recovery (PITR) configurations, with an integrated AI assistant for compliance guidance.
🚀 Live Demo: https://supabase-compliance-tool-kxdr.vercel.app/
- (Fake credentials 😊)
-
Automated Compliance Checks
- Multi-Factor Authentication (MFA) status verification for all users
- Row Level Security (RLS) configuration checks for database tables
- Point in Time Recovery (PITR) settings validation
- Subscription tier compatibility checks
-
Security Features
- Secure credential input with show/hide toggles
- Input validation for all API keys and URLs
- Separate handling of service role and management API keys
-
Evidence Logging
- Detailed timestamped logs of all compliance checks
- Export evidence in CSV or JSON format
- Clear audit trail for compliance documentation
-
AI Assistant
- Integrated chatbot for compliance guidance
- Context-aware responses based on check results
- Help with interpreting compliance findings
- Powered by GPT API (requires your own API key)
Try the live demo at: https://supabase-compliance-tool-kxdr.vercel.app/
Or run locally:
- Node.js and npm installed
- A Supabase project
- Service Role API key from your Supabase project
- Management API key from your Supabase dashboard
- OpenAI API key for the AI assistant (get one at https://platform.openai.com/api-keys)
- Clone the repository:
git clone https://github.com/yourusername/supabase-compliance-checker.git
cd supabase-compliance-checker- Install dependencies:
npm install- Set up environment variables:
cp .env.example .env- Add your OpenAI API key to the
.envfile:
OPENAI_API_KEY=your_api_key_here # Get this from https://platform.openai.com/api-keys- Run the development server:
cd frontendnpm run dev- Access the application through your web browser (or use the live demo)
- Enter your Supabase project credentials:
- Project URL (e.g., https://your-project.supabase.co)
- Service Role Key (starts with 'eyJ')
- Management API Key (starts with 'sbp_')
- Click "Run Checks" to start the compliance assessment
- Review the detailed results for each compliance check
- Use the AI assistant for guidance on addressing any issues
- Export compliance evidence as needed
- Verifies MFA status for all users in the system
- Identifies users without MFA enabled
- Provides detailed user-level compliance reporting
- Validates RLS status for all public tables
- Excludes system tables (auth, storage, etc.)
- Reports on tables requiring RLS implementation
- Verifies Point in Time Recovery configuration
- Checks subscription tier compatibility
- Provides upgrade guidance if needed
The tool maintains comprehensive logs including:
- Timestamp of each compliance check
- Check type and result status
- Detailed findings and recommendations
- Export options in multiple formats (JSON, CSV)
- Clear audit trail for compliance documentation
The integrated chatbot provides:
- Guidance on compliance requirements
- Explanations of check results
- Recommendations for addressing issues
To use the AI assistant:
- Ensure your OpenAI API key is properly configured
- Type your question in the chat interface
- Get instant responses about compliance issues and solutions
- All API keys are handled securely with show/hide options
- Input validation prevents malformed credentials
- Service Role Key and Management API Key are kept separate
- Credentials are never stored or logged
- All API calls are made server-side
- OpenAI API key is securely stored in environment variables
- Fork the repository
- Create a feature branch
- Commit your changes (excluding any API keys or sensitive data)
- Push to the branch
- Create a Pull Request
The application includes comprehensive error handling for:
- Invalid credentials
- API rate limits
- Network issues
- Permission problems
- Subscription tier limitations
- For code-related issues, please open an issue in the GitHub repository
- For Supabase-related questions, refer to Supabase documentation
- For OpenAI API questions, check OpenAI's documentation
- Built with Next.js
- UI components from shadcn/ui
- Powered by Supabase and OpenAI
- Development assisted by Anthropic's Claude AI:
- GPT prompt engineering guidance
- Code refactoring suggestions
- Documentation structure and content
For the compliance checks, the following setup is assumed:
- Users with varying MFA statuses are stored in a "users" table.
- Row-Level Security (RLS) is enabled on tables, with policies restricting access to certain rows.
The app uses the following Supabase APIs for the compliance checks:
- MFA:
supabase.auth.admin.listUsers()to verify user MFA statuses. - RLS:
supabase.rpc('get_tables_info')to ensure RLS is enabled on all tables. - PITR: Supabase Management API endpoints to check project tier and PITR configuration.
-
Enhanced AI Assistant: Expand the AI capabilities to provide automated remediation scripts, proactive security recommendations, and natural language querying of compliance history
-
Compliance Templates: Add pre-configured compliance templates for common standards like SOC 2, HIPAA, and GDPR, allowing teams to quickly implement industry-standard security practices
-
CI/CD Integration: Implement webhook support to integrate compliance checks into deployment pipelines, ensuring continuous compliance monitoring during development
-
Team Collaboration: Add multi-user support with role-based access control and real-time notifications for compliance status changes through Slack/Discord integration