Update README for Supabase

[numbpill3d]

Summary

• update prerequisites and environment variable instructions for Supabase
• update deployment docs to match Supabase setup

Testing

• npm test (fails: Missing required Supabase environment variables)

---

https://chatgpt.com/codex/tasks/task_e_68450de6b124832fb7321e63a2bd8401

Summary by Sourcery

Update README to replace MongoDB setup with Supabase configuration

Documentation:

• Change prerequisites to require a Supabase project with PostgreSQL
• Update environment variable examples to include SUPABASE_URL, SUPABASE_KEY, SUPABASE_SERVICE_KEY, and SUPABASE_DB_PASSWORD
• Adjust deployment instructions to guide connecting a Supabase project instead of MongoDB

[sourcery-ai]

Reviewer's Guide

This PR refactors the README to remove MongoDB references and fully switch setup and deployment instructions to a Supabase-backed PostgreSQL workflow.

File-Level Changes

Change	Details	Files
Replace MongoDB prerequisite with Supabase	Swapped out MongoDB bullet for a Supabase project requirement	README.md
Revise .env instructions to Supabase variables	Removed MONGODB_URI entries Added SUPABASE_URL, SUPABASE_KEY, SUPABASE_SERVICE_KEY and SUPABASE_DB_PASSWORD Updated variable listing format	README.md
Update production/deployment docs to use Supabase	Replaced MONGODB_URI in production section with Supabase variables Changed setup step to create a Supabase project instead of MongoDB	README.md
Enhance example environment block	Appended SUPABASE_DB_PASSWORD to sample .env	README.md

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[gemini-code-assist]

Hello @numbpill3d, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

Summary of Changes

As Gemini, I've reviewed this pull request authored by numbpill3d. The primary goal of this PR, as indicated by the title and description, is to update the README.md file to reflect a change in the project's database dependency from MongoDB to Supabase. This involves updating the prerequisites, the required environment variables for local setup, and the deployment instructions to guide users on setting up and connecting to a Supabase project.

Highlights

• Documentation Update for Database Change: The core change documented in this PR is the shift from using MongoDB as the project's database to using Supabase (which uses PostgreSQL). The README is updated to guide users through this new setup.
• Environment Variable Changes: The required environment variables for connecting to the database have been updated. The single MONGODB_URI variable is replaced by multiple Supabase-specific variables (SUPABASE_URL, SUPABASE_KEY, SUPABASE_SERVICE_KEY, SUPABASE_DB_PASSWORD).
• Deployment Instructions Updated: The sections detailing installation and deployment steps in the README have been modified to align with the Supabase setup process, replacing MongoDB-specific instructions.

Changelog

• README.md
  • Updated the 'Prerequisites' section to list 'Supabase project with PostgreSQL database' instead of 'MongoDB'. (Diff 1, Line 62)
  • Modified the '.env' file example in the 'Installation' section, replacing MONGODB_URI with SUPABASE_URL, SUPABASE_KEY, SUPABASE_SERVICE_KEY, and SUPABASE_DB_PASSWORD. (Diff 2, Lines 80-83)
  • Updated the environment variable list and the database setup instruction in the deployment section to reference Supabase instead of MongoDB. (Diff 3, Lines 124-127, 129)
  • Added SUPABASE_DB_PASSWORD to the example environment variables listed in the 'Project Structure' section. (Diff 4, Line 160)

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[qodo-code-review]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 Security concerns Sensitive information exposure: The README shows examples of sensitive Supabase credentials (service role key, database password) in plain text format. While these are placeholder values, it could encourage users to commit actual credentials to version control if they copy-paste the examples directly.

⚡ Recommended focus areas for review Missing Information The documentation lacks instructions on how to obtain Supabase credentials (URL, keys, password) and how to set up the Supabase project structure, which could leave users unable to properly configure the application. SUPABASE_URL=your-supabase-url SUPABASE_KEY=your-anon-key SUPABASE_SERVICE_KEY=your-service-role-key SUPABASE_DB_PASSWORD=your-database-password Inconsistent Variables The SUPABASE_DB_PASSWORD variable appears in multiple sections but its purpose and relationship to other Supabase credentials is unclear, potentially causing confusion during setup. SUPABASE_DB_PASSWORD=your-database-password SESSION_SECRET=your-session-secret

[qodo-code-review]

PR Code Suggestions ✨

No code suggestions found for the PR.

[gemini-code-assist]

Code Review

This pull request updates the README.md to reflect the project's transition from MongoDB to Supabase, which is a significant and positive change. The updates to prerequisites, environment variable instructions, and deployment documentation are clear and generally well-aligned with using Supabase.

The main point of attention is the introduction of the SUPABASE_DB_PASSWORD environment variable. While adding this to the README is the correct approach for documenting the standard Supabase database password, it's crucial to ensure the application code (specifically the Knex configuration in server.js) is updated to use this variable. Currently, server.js appears to derive the database password in a non-standard way from SUPABASE_SERVICE_KEY, which is likely incorrect and could lead to connection failures.

Overall, the README changes are an improvement, making the documentation more accurate for a Supabase setup. The requested changes are primarily to seek clarification and ensure consistency between the documentation and the application's actual behavior.

Summary of Findings

• Database Password Configuration (SUPABASE_DB_PASSWORD): The README now correctly documents SUPABASE_DB_PASSWORD. However, the application code (server.js) appears to use a non-standard method to derive the database password from SUPABASE_SERVICE_KEY. This discrepancy is critical and needs to be addressed to ensure successful database connections. The application should be updated to use process.env.SUPABASE_DB_PASSWORD.
• Consistency with Deployment Configuration (render.yaml): There's a potential point of confusion with render.yaml defining a Render-managed DATABASE_URL while server.js seems hardcoded to use Supabase credentials for its primary Knex connection. Clarifying the intended primary database for deployment and ensuring server.js uses the documented Supabase environment variables (including the correct SUPABASE_DB_PASSWORD) is important.

Merge Readiness

The updates to the README.md are a positive step towards accurately documenting the Supabase setup. However, due to the critical nature of database connectivity, I am requesting changes.

Specifically, clarification is needed on whether the application's database connection logic (in server.js) will be updated to use the newly documented SUPABASE_DB_PASSWORD environment variable. Without this corresponding change in the application code, the documented setup may not function correctly, potentially leading to runtime errors.

Once this alignment between the documentation and application behavior is confirmed or addressed, the PR will be in a much better state for merging. As a reviewer, I am not authorized to approve pull requests, but I recommend addressing these points before seeking final approval from other maintainers.

[gemini-code-assist]

Thank you for adding SUPABASE_DB_PASSWORD to the example environment variables. This aligns with the standard practice for providing the Supabase project's database password.

However, this raises an important question regarding the application's current database configuration:

Could you clarify if the Knex configuration in server.js (specifically around line 43, password: process.env.SUPABASE_SERVICE_KEY.split('.')[0]) has been or will be updated to use process.env.SUPABASE_DB_PASSWORD?

The current method of deriving the password from SUPABASE_SERVICE_KEY is non-standard and unlikely to yield the correct database password, which is a separate credential obtained from your Supabase project settings (typically under Database > Connection Info).

Ensuring server.js uses the actual SUPABASE_DB_PASSWORD is critical for successful database connections. The test failures mentioned in the PR description (npm test (fails: Missing required Supabase environment variables)) might be related if the application or tests now expect SUPABASE_DB_PASSWORD to be correctly set and utilized.

[gemini-code-assist]

It's good to see SUPABASE_DB_PASSWORD included in the list of environment variables for deployment. This consistency is important.

As with the local setup, it's crucial that the deployed application's Knex configuration in server.js correctly uses this SUPABASE_DB_PASSWORD to connect to the Supabase PostgreSQL database. If the application continues to rely on the current password derivation logic from SUPABASE_SERVICE_KEY (as seen in server.js:43), it will likely face database connection issues in the deployment environment.

A quick observation regarding render.yaml: it defines a DATABASE_URL sourced from a Render-managed PostgreSQL instance. However, the application's primary database connection via Knex in server.js appears to be configured to connect directly to Supabase (using SUPABASE_URL, etc.). If Supabase is indeed the sole primary database, ensuring the deployment instructions and render.yaml clearly reflect this (and that server.js uses the correct Supabase credentials including SUPABASE_DB_PASSWORD) will prevent potential confusion and configuration errors during deployment.

[gemini-code-assist]

Adding SUPABASE_DB_PASSWORD to this example .env content is a good step for consistency with the other sections.

This reinforces the need to ensure that the application's database connection logic (in server.js) is correctly using process.env.SUPABASE_DB_PASSWORD rather than attempting to derive it from other Supabase keys. Clear and accurate documentation here is helpful, but it must align with the application's actual requirements for a smooth setup.

[sourcery-ai]

Hey @numbpill3d - I've reviewed your changes and they look great!

Here's what I looked at during the review

• 🟢 General issues: all looks good
• 🟢 Security: all looks good
• 🟢 Testing: all looks good
• 🟢 Complexity: all looks good
• 🟢 Documentation: all looks good

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}