# Supabase Setup for Admin Rules

This guide will help you set up Supabase to store admin rules instead of SQLite.

## Step 1: Create the Table in Supabase

1. **Go to your Supabase Dashboard**
   - Navigate to: https://app.supabase.com
   - Select your project

2. **Open SQL Editor**
   - Click on "SQL Editor" in the left sidebar
   - Click "New query"

3. **Run the SQL Script**
   - Copy the contents of `supabase_admin_rules_table.sql`
   - Paste it into the SQL Editor
   - Click "Run" to execute

   This will create:
   - `admin_rules` table with all necessary columns
   - Indexes for performance
   - Row Level Security (RLS) policies
   - Automatic timestamp updates

## Step 2: Configure Environment Variables

Make sure your `.env` file has Supabase credentials:

```env
SUPABASE_URL=https://your-project.supabase.co
SUPABASE_SERVICE_KEY=your_service_role_key_here
```

**Important:** Use the **Service Role Key** (not the anon key) for full access.

To find your keys:
1. Go to Supabase Dashboard → Settings → API
2. Copy the "Project URL" → `SUPABASE_URL`
3. Copy the "service_role" key → `SUPABASE_SERVICE_KEY`

## Step 3: Verify Setup

The `RulesStore` will automatically use Supabase if:
- `SUPABASE_URL` is set
- `SUPABASE_SERVICE_KEY` is set
- Supabase Python client is installed (`pip install supabase`)

If Supabase is not configured, it will fall back to SQLite automatically.

## Step 4: Test the Integration

You can test if rules are being saved to Supabase:

```python
from backend.api.storage.rules_store import RulesStore

store = RulesStore()
print(f"Using Supabase: {store.use_supabase}")

# Add a test rule
store.add_rule("test_tenant", "Test rule", severity="high")
print("Rule added!")

# Get rules
rules = store.get_rules("test_tenant")
print(f"Rules: {rules}")
```

## Step 5: View Rules in Supabase

1. Go to Supabase Dashboard → Table Editor
2. Select the `admin_rules` table
3. You should see all your rules with tenant isolation

## Migration from SQLite

If you have existing rules in SQLite and want to migrate:

1. Export from SQLite:
   ```python
   import sqlite3
   conn = sqlite3.connect('data/admin_rules.db')
   cursor = conn.execute("SELECT * FROM admin_rules")
   rules = cursor.fetchall()
   ```

2. Import to Supabase:
   ```python
   from backend.api.storage.rules_store import RulesStore
   store = RulesStore(use_supabase=True)
   for rule in rules:
       store.add_rule(rule['tenant_id'], rule['rule'], 
                     pattern=rule.get('pattern'),
                     severity=rule.get('severity', 'medium'))
   ```

## Troubleshooting

### Rules not appearing in Supabase
- Check that RLS policies allow your service role to read/write
- Verify environment variables are set correctly
- Check Supabase logs for errors

### Fallback to SQLite
- If Supabase credentials are missing, it automatically uses SQLite
- Check your `.env` file has correct values
- Restart your FastAPI server after changing `.env`

### Permission Errors
- Make sure you're using the **service_role** key (not anon key)
- Check RLS policies in Supabase allow service role access

## Benefits of Using Supabase

✅ **Scalability** - Handle millions of rules  
✅ **Multi-region** - Global availability  
✅ **Backups** - Automatic backups  
✅ **Real-time** - Can subscribe to changes  
✅ **Security** - Row Level Security built-in  
✅ **Analytics** - Built-in query performance monitoring