Grida: enhance delete project / rename project ux

[softmarshmallow]

• new dedicated rpc for deleting project, timeout protection
• new index over project fks
• better rename project dialog ux

Summary

• New Features

  • Server-side RPC deletion with user confirmation and updated delete flow in the UI.
  • Rename dialog now includes name guidance and client-side validation to improve renames.

• Performance

  • Added indexes to speed up project-related cascade/delete operations.

• Tests

  • New and updated tests covering RPC-based project deletion and RLS scenarios.

• Documentation

  • Added comprehensive Supabase/agents guidance for migrations, RLS, and privileged functions.

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
backgrounds	Ready	Preview, Comment	Feb 1, 2026 2:52pm
blog	Ready	Preview, Comment	Feb 1, 2026 2:52pm
docs	Ready	Preview, Comment	Feb 1, 2026 2:52pm
grida	Ready	Preview, Comment	Feb 1, 2026 2:52pm
viewer	Ready	Preview, Comment	Feb 1, 2026 2:52pm

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
code	Ignored		Feb 1, 2026 2:52pm
legacy	Ignored		Feb 1, 2026 2:52pm

[coderabbitai]

Walkthrough

Added a typed RPC declaration and server-side RPC to delete projects with confirmation; updated client UI to call the RPC (including confirmation text) instead of direct table deletion; added DB indexes to support cascades; extended client-side rename validation; added/updated RLS tests and AGENTS documentation.

Changes

Cohort / File(s)	Summary
Type Definitions database/database-generated.types.ts	Added grida_www.delete_project function declaration: Args: { p_confirm: string; p_project_id: number }, Returns: boolean.
Client UI & Dialogs editor/scaffolds/workspace/sidebar.tsx, editor/components/dialogs/rename-dialog.tsx	Sidebar: changed delete flow to call RPC delete_project with p_project_id and p_confirm; updated onDelete signature to accept confirmation text. RenameDialog: added nameHint and validateName props, validation UI, and improved error handling.
Validation Utilities editor/services/utils/regex.ts	Added PROJECT_NAME_REGEX and `validateProjectName(name: string): string
Database migrations supabase/migrations/20260201133814_rpc_delete_project_with_timeout.sql, supabase/migrations/20260201135229_add_project_fk_indexes.sql	Created public.delete_project(bigint, text) RETURNS boolean (SECURITY INVOKER, 30s timeout), set execute privileges for authenticated and service_role; added idempotent indexes on project_id across multiple schemas to optimize cascade/delete paths.
Tests supabase/tests/test_project_delete_rpc_rls_test.sql, supabase/tests/test_grida_ciam_rls_test.sql	Added pgTAP suite to exercise RPC delete_project under RLS with multi-tenant scenarios; removed tag_with_usage-related tests and reduced expected plan count in CIAM tests.
Docs supabase/AGENTS.md	New comprehensive AGENTS.md documenting agent practices, RLS/testing guidance, migration and RPC patterns.

Sequence Diagram(s)

sequenceDiagram
  participant User
  participant UI
  participant SupabaseClient as Client
  participant RPC as delete_project RPC
  participant DB

  User->>UI: Click "Delete" and enter confirmation text
  UI->>Client: client.rpc("delete_project", { p_project_id, p_confirm })
  Client->>RPC: Invoke RPC (authenticated)
  RPC->>DB: DELETE FROM public.project WHERE id = p_project_id AND p_confirm = 'DELETE ' || name
  DB-->>RPC: Boolean result (true/false)
  RPC-->>Client: Return boolean
  Client-->>UI: Resolve promise (success/failure)
  UI-->>User: Show result (deleted / error)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• [Ops] add AGENTS.md #337 — Adds AGENTS.md (same documentation file and guidance).
• [Workspace] rename proejct #300 — Related changes to rename flow and RenameDialog integration in the workspace/sidebar UI.

Suggested labels

org

Poem

🐰
I nudged a key, with careful hop,
Said "DELETE" loud — then gave a stop,
RPC leapt through tunnel deep,
Cascades fell and indexes keep,
Safe and tidy — carrot cake for code! 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main changes: enhancing UX for both delete and rename project operations across the codebase.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch enterprise

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@supabase/tests/test_project_delete_rpc_rls_test.sql`:
- Around line 187-200: The test comment numbers are off; update the inline test
labels in the SQL block so they read sequentially: change the comment label "10)
Alice (acme member) can delete acme project via RPC" to "11) Alice (acme member)
can delete acme project via RPC" and change "11) Acme project is deleted
(service_role sees it)" to "12) Acme project is deleted (service_role sees it)";
locate the labels around the public.delete_project call and the surrounding
test_set_auth / test_reset_auth lines and adjust the numeric prefixes only.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix test comment numbering.

The comment numbering is incorrect:

• Line 187: Says "Test 10" but should be "Test 11" (Alice can delete acme project)
• Line 200: Says "Test 11" but should be "Test 12" (Acme project is deleted)

This creates confusion since Line 178 is already labeled as "Test 10".

📝 Proposed fix for comment numbering

 -- 10) Alice (acme member) cannot delete acme project with wrong confirmation
 SELECT test_set_auth('alice@acme.com');
 SELECT is(
   public.delete_project(current_setting('test.project_id_acme')::bigint, 'DELETE wrong'),
   false,
   'Alice cannot delete acme project with wrong confirmation'
 );
 SELECT test_reset_auth();

--- 10) Alice (acme member) can delete acme project via RPC
+-- 11) Alice (acme member) can delete acme project via RPC
 SELECT test_set_auth('alice@acme.com');
 SELECT is(
   public.delete_project(
     current_setting('test.project_id_acme')::bigint,
     'DELETE ' ||
       (select name from public.project where id = current_setting('test.project_id_acme')::bigint)
   ),
   true,
   'Alice can delete acme project'
 );
 SELECT test_reset_auth();

--- 11) Acme project is deleted (service_role sees it)
+-- 12) Acme project is deleted (service_role sees it)
 SET ROLE service_role;

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	-- 10) Alice (acme member) can delete acme project via RPC
	SELECT test_set_auth('alice@acme.com');
	SELECT is(
	public.delete_project(
	current_setting('test.project_id_acme')::bigint,
	'DELETE ' ||
	(select name from public.project where id = current_setting('test.project_id_acme')::bigint)
	),
	true,
	'Alice can delete acme project'
	);
	SELECT test_reset_auth();
	-- 11) Acme project is deleted (service_role sees it)
	-- 11) Alice (acme member) can delete acme project via RPC
	SELECT test_set_auth('alice@acme.com');
	SELECT is(
	public.delete_project(
	current_setting('test.project_id_acme')::bigint,
	'DELETE ' ||
	(select name from public.project where id = current_setting('test.project_id_acme')::bigint)
	),
	true,
	'Alice can delete acme project'
	);
	SELECT test_reset_auth();
	-- 12) Acme project is deleted (service_role sees it)

🤖 Prompt for AI Agents

In `@supabase/tests/test_project_delete_rpc_rls_test.sql` around lines 187 - 200,
The test comment numbers are off; update the inline test labels in the SQL block
so they read sequentially: change the comment label "10) Alice (acme member) can
delete acme project via RPC" to "11) Alice (acme member) can delete acme project
via RPC" and change "11) Acme project is deleted (service_role sees it)" to "12)
Acme project is deleted (service_role sees it)"; locate the labels around the
public.delete_project call and the surrounding test_set_auth / test_reset_auth
lines and adjust the numeric prefixes only.