Supabase authorization regression checks

Your AI-built SaaS may pass a demo and still leak customer data.

TenantProof checks whether anonymous visitors, other users, or other tenants can read or modify records they should never reach.

Request a research audit View on GitHub Install from npm

The question that matters

Can Tenant A read, change, or delete Tenant B's records after your latest AI-generated database change?

Static audit

Find missing RLS, permissive policies, risky grants, and exposed service-role material.

Reviewed contract

Turn intended permissions into an explicit allow-or-deny matrix.

Real REST checks

Probe owner, teammate, other-tenant, and anonymous behavior against a disposable stack.

Start with the CLI

npx tenantproof init
npx tenantproof verify
npx tenantproof plan
npx tenantproof execute

Early access

We are offering three free research audits for Supabase-backed SaaS apps. You receive a plain-English report and reproducible checks you can rerun after future changes. Use a disposable local or staging project. Never send production credentials.