================================================================================
AL-ARCADE SELF-HOSTED SUPABASE — CONNECTION & REFERENCE
================================================================================

SERVER ACCESS
=============
IP: 3.68.63.185
User: ubuntu
SSH Key: NewServer.pem
SSH Command: ssh -i NewServer.pem ubuntu@3.68.63.185
All docker commands require sudo.

SUPABASE API URL
================
https://safe-supabase-kong.caprover.al-arcade.com

SUPABASE STUDIO (Dashboard)
============================
URL: https://safe-supabase-studio.caprover.al-arcade.com
Auth: HTTP Basic Auth
Username: admin
Password: Alarcade123#

API KEYS
========
Anon Key (public, client-side safe):
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiYW5vbiIsImlzcyI6InN1cGFiYXNlIiwiaWF0IjoxNzM1Njg5NjAwLCJleHAiOjE4OTM0NTYwMDB9.31PF6PvP-pSrvRuQwLFptQoejR0W1A7o53lZhEbnz84

Service Role Key (secret, server-side only, bypasses RLS):
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoic2VydmljZV9yb2xlIiwiaXNzIjoic3VwYWJhc2UiLCJpYXQiOjE3MzU2ODk2MDAsImV4cCI6MTg5MzQ1NjAwMH0.wNfmuJNkX-bZwD7RbjxOChlRf_3Xm4I7bswEYTcDCg4

JWT Secret:
902343981eb82f43ff7a3757f3fcf25f14a2b9c729454eae5029ee3d1f189eb7

DATABASE DIRECT CONNECTION
==========================
Host: safe-supabase-db (internal) or localhost from server
Port: 5432
Database: postgres
Admin User: supabase_admin
Password: 28ac17bf9d4f7a3d1bad045408102cf5

Connection String (from server):
postgresql://supabase_admin:28ac17bf9d4f7a3d1bad045408102cf5@localhost:5432/postgres

Connection Pooler (Supavisor):
Port 6543 (transaction mode)

API ENDPOINTS
=============
All endpoints are relative to the API URL above.
All require header: apikey: <anon_key or service_role_key>

REST API:        /rest/v1/
Auth:            /auth/v1/
Storage:         /storage/v1/
Realtime:        /realtime/v1/
Edge Functions:  /functions/v1/<function_name>
GraphQL:         /graphql/v1
Postgres Meta:   /pg/

CLIENT SDK SETUP
================

JavaScript/TypeScript:
----------------------
import { createClient } from '@supabase/supabase-js'

const supabase = createClient(
  'https://safe-supabase-kong.caprover.al-arcade.com',
  'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiYW5vbiIsImlzcyI6InN1cGFiYXNlIiwiaWF0IjoxNzM1Njg5NjAwLCJleHAiOjE4OTM0NTYwMDB9.31PF6PvP-pSrvRuQwLFptQoejR0W1A7o53lZhEbnz84'
)

Unity C#:
---------
var url = "https://safe-supabase-kong.caprover.al-arcade.com";
var key = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiYW5vbiIsImlzcyI6InN1cGFiYXNlIiwiaWF0IjoxNzM1Njg5NjAwLCJleHAiOjE4OTM0NTYwMDB9.31PF6PvP-pSrvRuQwLFptQoejR0W1A7o53lZhEbnz84";
var client = new Supabase.Client(url, key);

Flutter/Dart:
-------------
final supabase = Supabase.initialize(
  url: 'https://safe-supabase-kong.caprover.al-arcade.com',
  anonKey: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiYW5vbiIsImlzcyI6InN1cGFiYXNlIiwiaWF0IjoxNzM1Njg5NjAwLCJleHAiOjE4OTM0NTYwMDB9.31PF6PvP-pSrvRuQwLFptQoejR0W1A7o53lZhEbnz84',
);

Python:
-------
from supabase import create_client
supabase = create_client(
    "https://safe-supabase-kong.caprover.al-arcade.com",
    "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiYW5vbiIsImlzcyI6InN1cGFiYXNlIiwiaWF0IjoxNzM1Njg5NjAwLCJleHAiOjE4OTM0NTYwMDB9.31PF6PvP-pSrvRuQwLFptQoejR0W1A7o53lZhEbnz84"
)

AVAILABLE FEATURES
==================

1. DATABASE (PostgreSQL 15)
   - Create tables, schemas, views, functions, triggers
   - Row Level Security (RLS) policies
   - Extensions: pgvector, pg_graphql, pgjwt, uuid-ossp, pgcrypto
   - Full SQL access via psql or REST API

2. AUTHENTICATION (GoTrue v2.186.0)
   - Email/password sign-up and login
   - Anonymous users
   - JWT-based sessions
   - Admin user management API
   - Auto-confirm enabled (no SMTP configured yet)

3. STORAGE (v1.22.12)
   - Create buckets (public or private)
   - Upload/download files up to 50MB
   - Image transformations via ImgProxy
   - RLS policies on buckets/objects

4. REALTIME (v2.34.47)
   - Postgres Changes (subscribe to INSERT/UPDATE/DELETE)
   - Broadcast (send messages between clients)
   - Presence (track online users)
   - Enable per table: ALTER PUBLICATION supabase_realtime ADD TABLE <table_name>;

5. EDGE FUNCTIONS (Deno runtime v1.71.2)
   - Deploy at /captain/data/safe-supabase/functions/
   - Each function is a folder with index.ts
   - Accessible at /functions/v1/<function_name>

6. REST API (PostgREST v12.2.8)
   - Auto-generated REST endpoints for all tables
   - Filtering, pagination, ordering, embedding (joins)
   - Respects RLS policies based on JWT role

7. GRAPHQL (pg_graphql)
   - Auto-generated GraphQL schema from tables
   - Endpoint: /graphql/v1

8. CONNECTION POOLING (Supavisor 2.7.4)
   - Transaction mode on port 6543
   - Max 100 client connections, pool size 20

9. IMAGE TRANSFORMATION (ImgProxy v3.30.1)
   - Resize, crop, format conversion
   - WebP auto-detection

10. ANALYTICS (Logflare 1.36.1)
    - PostgreSQL backend (not BigQuery)
    - Log collection via Vector

MANAGING VIA SSH (for AI agents)
================================

Run SQL:
  sudo docker exec safe-supabase-db psql -U supabase_admin -d postgres -c "YOUR SQL HERE"

Create a table:
  sudo docker exec safe-supabase-db psql -U supabase_admin -d postgres -c "
  CREATE TABLE public.my_table (
    id uuid DEFAULT gen_random_uuid() PRIMARY KEY,
    created_at timestamptz DEFAULT now(),
    name text NOT NULL
  );
  ALTER TABLE public.my_table ENABLE ROW LEVEL SECURITY;
  "

Enable Realtime on a table:
  sudo docker exec safe-supabase-db psql -U supabase_admin -d postgres -c "
  ALTER PUBLICATION supabase_realtime ADD TABLE public.my_table;
  "

Create a storage bucket:
  curl -X POST http://localhost:8787/storage/v1/bucket \
    -H 'apikey: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoic2VydmljZV9yb2xlIiwiaXNzIjoic3VwYWJhc2UiLCJpYXQiOjE3MzU2ODk2MDAsImV4cCI6MTg5MzQ1NjAwMH0.wNfmuJNkX-bZwD7RbjxOChlRf_3Xm4I7bswEYTcDCg4' \
    -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoic2VydmljZV9yb2xlIiwiaXNzIjoic3VwYWJhc2UiLCJpYXQiOjE3MzU2ODk2MDAsImV4cCI6MTg5MzQ1NjAwMH0.wNfmuJNkX-bZwD7RbjxOChlRf_3Xm4I7bswEYTcDCg4' \
    -H 'Content-Type: application/json' \
    -d '{"id":"my-bucket","name":"my-bucket","public":true}'

List auth users:
  curl http://localhost:8787/auth/v1/admin/users \
    -H 'apikey: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoic2VydmljZV9yb2xlIiwiaXNzIjoic3VwYWJhc2UiLCJpYXQiOjE3MzU2ODk2MDAsImV4cCI6MTg5MzQ1NjAwMH0.wNfmuJNkX-bZwD7RbjxOChlRf_3Xm4I7bswEYTcDCg4' \
    -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoic2VydmljZV9yb2xlIiwiaXNzIjoic3VwYWJhc2UiLCJpYXQiOjE3MzU2ODk2MDAsImV4cCI6MTg5MzQ1NjAwMH0.wNfmuJNkX-bZwD7RbjxOChlRf_3Xm4I7bswEYTcDCg4'

Deploy an edge function:
  # Create function directory on server
  sudo mkdir -p /captain/data/safe-supabase/functions/my-function
  # Write index.ts to the function directory
  # Function becomes available at /functions/v1/my-function

Restart a service:
  sudo docker restart safe-supabase-<service>
  # Services: db, kong, auth, rest, realtime, storage, functions, meta, analytics, supavisor, imgproxy, vector, studio

View service logs:
  sudo docker logs safe-supabase-<service> --tail 50

DOCKER COMPOSE LOCATION
========================
/captain/data/safe-supabase/compose/docker-compose.yml

PERSISTENT DATA
===============
/captain/data/safe-supabase/db/data       — PostgreSQL data
/captain/data/safe-supabase/storage       — File uploads
/captain/data/safe-supabase/functions     — Edge functions code
/captain/data/safe-supabase/kong          — Kong config

IMPORTANT NOTES
===============
- This is a SINGLE PROJECT deployment (not multi-tenant like supabase.com)
- All apps/games share the same database — use schemas or table prefixes to organize
- The anon key is safe to embed in client apps (RLS protects data)
- The service role key must NEVER be in client code (it bypasses all security)
- Always enable RLS on tables and write policies before exposing to clients
- Database is NOT exposed to the internet — only accessible via Kong API or SSH
- Expires: JWT keys expire in ~5 years (2030-01-01)
================================================================================
