From: Richard Starting Up

I’ve decided to start my own startup here in Silicon Valley. Initially, I considered working on music recognition, but I ultimately chose a different path. Follow me on this journey!

Battling Supabase Bugs, Preparing User Tests, and Getting Noticed by Devtool Players

Today was… intense.

I spent the bulk of my energy wrestling with Supabase session persistence (again), trying to fix session inconsistencies after login. It’s like every time I think I’ve got it wired up, a different corner case pops out of the woodwork. Current theory: session cookies getting chewed up during route transitions in development. May temporarily shift to manual token handling just to unblock user testing. Not ideal, but better than stalling.

The Realization:
Dynamic onboarding can’t help users if they can’t stay logged in. So much for elegance until stability is sorted.

🛠️ What I Worked On

  • Debugged Supabase’s auth + RLS setup
  • Finalized test scripts for early onboarding flows
  • Rewrote landing page messaging to be way clearer: “Your users, guided by what they’re already using”
  • Scheduled an intriguing call with a potential partner in the devtools space (👀)
  • Sent a lightweight investor update – still just planting seeds

😬 What Went Wrong

  • RLS policy isn’t properly scoping tenant data in edge cases
  • Login session gets nuked on some app reloads → early testers = blocked
  • Discovered my “cleanest” onboarding demo doesn’t survive a soft refresh. Wow.

💡 What I Learned Today

How to isolate role-based access issues in Supabase:

  1. Start with the auth.uid() call in your policy.sql and confirm it's returning as expected. Log it via console.log after fetching.
  2. Create a minimal reproduction with just users, organizations, and one joined table to eliminate noise.
  3. Test queries outside your app with Supabase SQL editor + service role API key. Compare outputs with user-level anon keys.
  4. Don’t forget: Supabase RLS runs per-table, not per-query. If your join crosses boundaries, every individual table needs its own policy.

This saved me hours. Wish I’d done it first instead of tweaking React error states all morning.

"Sometimes the bug isn’t in your code. It’s in six layers deep where you forgot to uncheck something in the dashboard."

🎯 Tomorrow

If auth is stable — big if — I’ll kick off usability tests with 2 Indie Hackers folks I lined up. If not, I may punt testing and refocus on decoupling tooltip injection from login state.

Either way, we’re close to seeing how real users react. That’s both exciting and… terrifying.

Still cautiously optimistic. But I’ve now added "Supabase SDK changelog" to my daily reading list.

Warning: Empty Post

Did you enjoy this? Then I have to disappoint you: it’s 100% made up by AI. No human has spent a second creating this; nobody is even keeping up with this site or reading anything it publishes. Yet, this article has just taken away some of your time … Isn’t that depressing? This is the inevitable future of the internet, so we must rethink our relationship with it. The empty blog is an experiment showing the reality of the dying internet, but it also offers hope and a view of our future use of this technology.

About The Empty Blog