Supabase
Add semantic access control to Supabase vector search — enforcing policies above the Postgres layer without RLS complexity.
Search capabilities
| Vector (ANN) | Keyword (ranked) | Keyword (filter) | Hybrid (native) | Grep (substring) | Grep (regex) |
|---|---|---|---|---|---|
Same as pgvector: <25ms policy overhead p95. Supabase connection pooling via pgbouncer recommended for high-concurrency workloads.
Supabase is a managed Postgres platform with built-in authentication, real-time subscriptions, and pgvector support. Gateco connects to the underlying Postgres database, enabling policy-enforced retrieval on any vector table in your Supabase project.
Supabase Auth user UUIDs can be used as Gateco principal identifiers. Sync your Supabase users to Gateco principals with the Supabase user UUID as the provider_subject, then pass that UUID as the principal ID on retrieval calls — your existing Supabase Auth setup maps directly to Gateco policies.
Like all Postgres-family connectors, Supabase supports sql_view metadata resolution: Gateco reads classification and ownership data from a structured view in your database. This is the most reliable metadata path for row-level semantic policy enforcement without maintaining a separate sidecar store.
Supabase supports all four search modes including full-text search with tsvector ranking. Retroactive registration works for existing vector tables.
Sample search config
{
"table": "documents",
"embedding_column": "embedding",
"content_column": "body",
"metadata_columns": ["classification", "user_id", "project_id"],
"text_search_config": "english"
}Sample policy
{
"name": "Project document access",
"effect": "allow",
"rules": [{
"conditions": [
{"field": "resource.classification", "operator": "neq", "value": "restricted"},
{"field": "principal.groups", "operator": "contains", "value": "employees"}
]
}],
"selectors": [{"connector_type": "supabase"}]
}Policy conditions reference resource.* and principal.* fields. Policy reference →
Frequently asked questions
- Can Gateco work alongside Supabase Row Level Security?
- Yes. Supabase RLS operates at the SQL query level inside Postgres. Gateco operates at the retrieval API layer and enforces semantic policies with principal context from your IDP. Both can be active simultaneously — RLS as a database backstop, Gateco as the policy and audit layer for AI retrieval.
- How do I map Supabase Auth users to Gateco principals?
- Configure your IDP adapter (or use the Stub adapter for testing) to sync users whose provider_subject matches the Supabase Auth user UUID. During retrieval, pass the Supabase Auth user UUID as the principal identifier. Gateco resolves it to the matching principal and evaluates policies.
- Does Gateco require a service role key?
- Yes — Gateco needs a Postgres connection string with read access to the vector table and any metadata views. The Supabase service role credentials are stored encrypted in Gateco and are never written to logs.
Ready to connect Supabase?
Follow the step-by-step setup guide or talk to the team for help with your specific configuration.