doc: migrate supabase auth guide to v3

[ymc9]

Summary by CodeRabbit

• Documentation
  • Improved formatting and alignment across modeling examples for clearer readability
  • Renamed and clarified section to "Database schema" with added explanation of how base and derived models map to tables and relate one-to-one
  • Added a Supabase Auth integration guide showing how to obtain a user-bound ORM client and recommended setup for Next.js apps, with security guidance on session data handling

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
zenstack-new-site	Ready	Preview	Comment	Nov 28, 2025 0:37am

[coderabbitai]

Walkthrough

Documentation updates under versioned_docs/version-3.x/: reformatting/spacing adjustments in multiple modeling examples, a section rename plus an added sentence about how polymorphic models map to tables, and a new Supabase Auth integration guide showing SSR client wiring and context-bound ORM usage.

Changes

Cohort / File(s)	Summary
Code example formatting versioned_docs/version-3.x/modeling/attribute.md, versioned_docs/version-3.x/modeling/index.md, versioned_docs/version-3.x/modeling/model.md, versioned_docs/version-3.x/modeling/relation.md	Spacing and alignment adjustments within ZModel code blocks; no semantic changes.
Modeling documentation updates versioned_docs/version-3.x/modeling/polymorphism.md	Section header renamed from "Migration behavior" to "Database schema" and one sentence added describing that the migration engine maps both base and concrete models to tables and creates one-to-one relations between them.
New auth integration guide versioned_docs/version-3.x/recipe/auth-integration/supabase.md	New documentation file describing Supabase Auth integration: user sync, SSR client creation, obtaining authenticated user, wiring cookies, and creating a user-bound ORM client via db.$setAuth for access-policy–driven CRUD.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

• Documentation-only edits; mostly formatting with one short added explanatory sentence and one new doc file.
• Review focus: ensure the new Supabase guide's auth warning and example code are accurate and consistent with existing auth patterns.

Possibly related PRs

• doc: migrate more auth guide to v3 #511: Touches recipe/auth-integration docs and modifies examples around creating user-bound ORM clients (db.$setAuth vs authDb.$setAuth), directly related to the new Supabase integration guide.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: migrating the Supabase auth guide documentation to v3, which is the primary purpose of this PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch doc/supabase-auth-migrate

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e027bc7 and 4c8060b.

📒 Files selected for processing (1)

• versioned_docs/version-3.x/recipe/auth-integration/supabase.md (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• versioned_docs/version-3.x/recipe/auth-integration/supabase.md

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b66373c and e027bc7.

⛔ Files ignored due to path filters (2)

• versioned_docs/version-3.x/recipe/_category_.yml is excluded by !**/*.yml
• versioned_docs/version-3.x/recipe/auth-integration/_category_.yml is excluded by !**/*.yml

📒 Files selected for processing (6)

• versioned_docs/version-3.x/modeling/attribute.md (1 hunks)
• versioned_docs/version-3.x/modeling/index.md (1 hunks)
• versioned_docs/version-3.x/modeling/model.md (6 hunks)
• versioned_docs/version-3.x/modeling/polymorphism.md (1 hunks)
• versioned_docs/version-3.x/modeling/relation.md (1 hunks)
• versioned_docs/version-3.x/recipe/auth-integration/supabase.md (1 hunks)

🧰 Additional context used

🪛 markdownlint-cli2 (0.18.1)

versioned_docs/version-3.x/modeling/relation.md

76-76: Hard tabs
Column: 1

(MD010, no-hard-tabs)

versioned_docs/version-3.x/recipe/auth-integration/supabase.md

13-13: Heading levels should only increment by one level at a time
Expected: h2; Actual: h3

(MD001, heading-increment)

🔇 Additional comments (6)

versioned_docs/version-3.x/modeling/attribute.md (1)

18-19: Formatting alignment looks good.

The spacing adjustments to field definitions improve visual alignment in the code example without altering meaning or functionality.

versioned_docs/version-3.x/modeling/index.md (1)

35-35: Formatting alignment is consistent with other modeling docs.

The spacing adjustment aligns the Post model's id field definition with the formatting standard being applied across the modeling documentation.

versioned_docs/version-3.x/modeling/polymorphism.md (1)

109-111: Section rename and clarifying text improve documentation accuracy.

Renaming "Migration behavior" to "Database schema" more accurately reflects the section's focus on schema mapping. The added sentence clearly explains how the migration engine handles polymorphic model mapping.

versioned_docs/version-3.x/modeling/model.md (1)

38-38: Code example formatting alignment is consistent across file.

The spacing adjustments throughout the file (field definitions and type/attribute alignment) are purely cosmetic and align with the formatting normalization applied across modeling documentation. All code examples remain syntactically correct.

Also applies to: 54-54, 98-98, 110-110, 112-112, 129-129, 139-139

versioned_docs/version-3.x/recipe/auth-integration/supabase.md (2)

25-65: Supabase SSR integration code example is clear and well-structured.

The TypeScript example effectively demonstrates how to:

1. Create a Supabase SSR client with cookie handling
2. Extract authenticated user identity via supabase.auth.getUser()
3. Pass user context to the ZenStack ORM via db.$setAuth()

The code follows best practices for server-side authentication and properly handles the Next.js server context.

---

67-69: Security warning is appropriate and well-placed.

The warning correctly cautions against using supabase.auth.getSession() due to lack of server-side validation, which is critical for security-conscious developers. This guidance prevents a common integration mistake.