Projects

Developer tools and database security engineer

RLS Doctor

RLS Doctor is a TypeScript CLI and repo-hosted Agent Skill for auditing Postgres and Supabase Row Level Security posture from local development, CI, or AI-assisted review workflows.

Metrics

Proof in numbers

Distribution
npm CLI + Agent Skill
Install path
npx rls-doctor
Skill install
npx skills add
CI coverage
Node 20, Node 22, Postgres 16

Workflow proof

RLS audit pipeline

The CLI turns Postgres catalog metadata into actionable security findings for local development and CI.

  1. Run npx command
  2. Load catalog
  3. Score RLS risks
  4. Explain fixes

Architecture

System shape

A Node.js and TypeScript CLI reads Postgres catalog views through node-postgres, maps table and pg_policies metadata into a typed audit model, scores findings by severity, and renders text or JSON reports for local terminals and CI.

  1. CLI command

    Developers run check or explain with a Postgres connection string.

  2. Catalog loader

    node-postgres reads pg_class, pg_namespace, and pg_policies metadata.

  3. Audit analyzer

    Typed rules score RLS-disabled tables, public policies, missing checks, and hardening gaps.

  4. Reporters

    Text output helps humans, while JSON output supports CI and automation.

  5. Integration tests

    Disposable Postgres fixtures verify real catalog behavior before release.

Proof

  • Published on npm as rls-doctor with npx install-free usage.
  • Exposes an installable Agent Skill through npx skills add subhajitlucky/rls-doctor.
  • Runs GitHub Actions across Node 20, Node 22, and a disposable Postgres integration database.
  • Detects disabled RLS, broad public policies, missing WITH CHECK clauses, and FORCE RLS hardening gaps.

Problem

Supabase and Postgres applications can leak tenant or user data through small RLS mistakes: disabled row security, broad anon policies, write policies without WITH CHECK, or tables exposed before policies are reviewed.

Users and context

Built for developers and teams using Supabase or Postgres who want a fast local and CI check before shipping database policy changes.

Product workflow

A developer runs npx rls-doctor check with a read-only connection string, or installs the rls-doctor Agent Skill so an AI coding agent knows how to audit RLS safely without leaking credentials.

Key engineering decisions

  • Kept the tool local-first and read-only so it does not require Supabase management API access or hosted-account permissions.
  • Separated catalog loading, risk analysis, and reporters so the scoring logic can be tested without a database connection.
  • Added a disposable Postgres integration test because catalog metadata can behave differently from mocked fixtures.
  • Published as an npm CLI so developers can run it with npx instead of cloning the repository.
  • Packaged the audit workflow as an Agent Skill so compatible AI agents can install the RLS review process from GitHub.

Tradeoffs and limitations

  • Catalog inspection catches common configuration risks, but it cannot prove application-level authorization correctness.
  • Suggested SQL is intentionally conservative because ownership columns and tenant models vary across projects.
  • RLS and grants are separate layers in Supabase, so the tool focuses on RLS while documenting grant-review expectations.

Next improvements

  • Add grant inspection for exposed schemas and client roles.
  • Generate markdown reports for pull request comments.
  • Add policy diffing between staging and production snapshots.