Skip to content

fix(cli): generate non-TypeScript types from project refs#5622

Open
avallete wants to merge 17 commits into
developfrom
avallete/cli-1812-python-type-generation-with-project-id-fails-and-db-url
Open

fix(cli): generate non-TypeScript types from project refs#5622
avallete wants to merge 17 commits into
developfrom
avallete/cli-1812-python-type-generation-with-project-id-fails-and-db-url

Conversation

@avallete

@avallete avallete commented Jun 18, 2026

Copy link
Copy Markdown
Member

What changed

  • Lets legacy supabase gen types --project-id generate Go, Swift, and Python types by resolving a temporary database connection and running pg-meta.
  • Keeps TypeScript project-ref generation on the Management API typegen endpoint, while non-TypeScript project-ref flows use the project database host plus a temporary login role.
  • Updates side-effect docs and integration coverage for project-ref type generation across TypeScript, Go, Swift, and Python.
  • Adds e2e coverage for tokenless local typegen and an env-gated live remote project matrix across all supported typegen languages.

Why

Python type generation with --project-id failed before it could reach pg-meta, and the first fix used the preview-branch config endpoint. Production project refs return 404 Preview branch not found from that endpoint because /v1/branches/{ref} is branch-only.

Non-TypeScript type generation is still pg-meta-based, so project-ref flows need to construct a live database connection instead of calling the TypeScript-only typegen endpoint or asking the user to provide --db-url.

Reviewer context

Non-TypeScript project-ref generation still requires Docker because it continues to use pg-meta. The change is limited to how the CLI resolves the database connection for project refs: it fetches the project database host and creates a temporary login role rather than reading or storing the project's database password.

The live remote e2e matrix is skipped unless SUPABASE_TYPEGEN_E2E_REMOTE=1, SUPABASE_TEST_PROJECT_REF, and SUPABASE_ACCESS_TOKEN are set. The local e2e matrix runs without a token and points the API profile at an unreachable local URL to catch accidental Management API usage on the --local path.

Closes CLI-1812

@avallete avallete changed the title Fix project-ref type generation for non-TypeScript languages in CLI-1812 fix(cli): generate non-TypeScript types from project refs Jun 18, 2026
@avallete avallete marked this pull request as ready for review June 19, 2026 10:10
@avallete avallete requested a review from a team as a code owner June 19, 2026 10:10
@github-actions

github-actions Bot commented Jun 19, 2026

Copy link
Copy Markdown

Supabase CLI preview

npx --yes https://pkg.pr.new/supabase/cli/supabase@43144279a212bf0902aa0e2c034144f01d51f099

Preview package for commit 4314427.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 6314b35001

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread apps/cli/src/legacy/commands/gen/types/types.handler.ts Outdated
Comment thread supabase/.temp/linked-project.json Outdated
Comment thread apps/cli/src/legacy/commands/gen/types/types.handler.ts Outdated
Comment thread apps/cli/src/legacy/commands/gen/types/types.handler.ts
@avallete avallete marked this pull request as draft June 20, 2026 06:33
@avallete avallete marked this pull request as ready for review June 20, 2026 12:20

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 864fdd786b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread apps/cli/src/legacy/commands/gen/types/types.handler.ts Outdated
Comment thread apps/cli/src/legacy/commands/gen/types/types.handler.ts Outdated
Comment thread apps/cli/src/legacy/commands/gen/types/types.handler.ts Outdated
Comment thread apps/cli/src/legacy/commands/gen/types/types.handler.ts
avallete and others added 4 commits June 22, 2026 13:30
Non-TypeScript project-ref typegen probed GET /v1/projects/{ref} and only
fell back to the branch config endpoint when the 404 body contained the
literal "Preview branch not found". The Management API's 404 wording is
not guaranteed, so a differently-worded body would fail instead of
falling back. Match the link handler, which treats any 404 from that
endpoint as the preview-branch case.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_017iEY7hzWEw2bGaURyXJmAm
Non-TypeScript `gen types --project-id <ref>` resolved the database
connection through the linked DB resolver with the linked-workdir
contract, which imported two assumptions that do not hold for an
explicit, possibly-unrelated ref:

- it read the ambient SUPABASE_DB_PASSWORD (shell / .env*) and, when the
  direct host was reachable, handed pg-meta that password instead of
  minting a temporary login role — sending an unrelated workdir password
  to a remote project; and
- on an IPv4-only network it only consulted the saved .temp/pooler-url
  (which belongs to the linked workdir) and otherwise failed with the
  IPv6 "run supabase link" suggestion, even though the command already
  holds a Management API token.

Add an `adHocProjectRef` resolver flag, set only for the explicit
`--project-id` path (not `--linked`). In that mode the resolver ignores
the ambient password (always minting a temp role) and, when the direct
host is unreachable, fetches the primary pooler config for the ref from
the Management API while ignoring the workdir's saved pooler URL.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_017iEY7hzWEw2bGaURyXJmAm
…with-project-id-fails-and-db-url

Resolve conflicts in functions/deploy realpath handling: adopt develop's
`realpathIfExists` helper (deploy.ts) and `expectedDockerBind` test helper,
which subsume this branch's equivalent `realpath`/`dockerBindSpec` changes.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_017iEY7hzWEw2bGaURyXJmAm

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d23fac674e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread apps/cli/src/legacy/commands/gen/types/types.handler.ts
jgoux added 3 commits June 29, 2026 15:28
# Conflicts:
#	apps/cli/src/legacy/commands/gen/types/types.integration.test.ts
#	apps/cli/src/legacy/shared/legacy-db-config.layer.ts

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 56f9b60d56

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread apps/cli/src/legacy/commands/gen/types/types.handler.ts

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 43144279a2

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

return yield* Effect.gen(function* () {
const projectRef = yield* LegacyProjectRefResolver;
const refOpt = yield* projectRef.resolveOptional(Option.none());
const refOpt = yield* projectRef.resolveOptional(flags.linkedProjectRef ?? Option.none());

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Preserve ad-hoc isolation on pooler retry

For gen types --project-id <ref> --lang go|swift|python, this retry path now resolves the explicit ref, but it still ignores flags.adHocProjectRef when reading the password and pooler URL a few lines later. If the current workdir has SUPABASE_DB_PASSWORD or a saved .temp/pooler-url for a different linked project, the container IPv6 retry can either use the unrelated password or reject the saved pooler URL and never fetch the explicit ref's pooler config, so the new pooler fallback still fails in linked workdirs even though the initial resolver correctly isolated ad-hoc refs.

Useful? React with 👍 / 👎.

Comment on lines +27 to +30

function tokenlessEnv(profilePath: string) {
return {
SUPABASE_ACCESS_TOKEN: "",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Clear inherited Supabase env in local typegen e2e

When this local e2e runs from a developer/CI shell that already has SUPABASE_WORKDIR or SUPABASE_DB_PASSWORD, runSupabase inherits those variables before applying this env. SUPABASE_WORKDIR makes the CLI ignore cwd: project.dir, and SUPABASE_DB_PASSWORD is used by localDbPassword() while the test container is always started with POSTGRES_PASSWORD=postgres, so supabase gen types --local can fail or read the wrong project even though the test setup is correct.

Useful? React with 👍 / 👎.

Comment on lines +365 to +369
{
home: home.dir,
env: { SUPABASE_ACCESS_TOKEN: remoteAccessToken },
entrypoint: "legacy",
exitTimeoutMs: TYPEGEN_TIMEOUT_MS,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Run remote typegen e2e from a temp workdir

When SUPABASE_TYPEGEN_E2E_REMOTE=1, these runSupabase calls inherit Vitest's cwd because no cwd or SUPABASE_WORKDIR is supplied. Fresh evidence after the cache-file removal: the current remote e2e still exercises the legacy --project-id path, whose linked-project cache finalizer writes supabase/.temp/linked-project.json under that cwd on a successful project response, dirtying the checkout and recording the real project ref/name/org from the test account.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants