External Actions Checklist — Cycle 2026-02-16
This document tracks manual actions required in external platforms (Supabase, Render, Pinecone).
1. Supabase SQL Execution
Run these in the Supabase SQL Editor in the following order:
1.1 Apply RLS Phase 1
-- Enable RLS
ALTER TABLE profiles ENABLE ROW LEVEL SECURITY;
ALTER TABLE wallet ENABLE ROW LEVEL SECURITY;
ALTER TABLE wallet_ledger ENABLE ROW LEVEL SECURITY;
ALTER TABLE usage_logs ENABLE ROW LEVEL SECURITY;
-- Profiles: Users can read their own
CREATE POLICY "Users can view own profile" ON profiles
FOR SELECT USING (auth.uid() = id);
-- Wallet: Users can read their own
CREATE POLICY "Users can view own wallet" ON wallet
FOR SELECT USING (auth.uid() = user_id);
-- Wallet Ledger: Users can read their own
CREATE POLICY "Users can view own ledger" ON wallet_ledger
FOR SELECT USING (auth.uid() = user_id);
-- Usage Logs: Users can read their own
CREATE POLICY "Users can view own logs" ON usage_logs
FOR SELECT USING (auth.uid() = user_id);
1.2 Set Admin Role for a User (Test User)
Replace 'USER_UUID' with the actual UUID of your admin user.
UPDATE auth.users
SET raw_user_meta_data = raw_user_meta_data || '{"role": "admin"}'
WHERE id = 'USER_UUID';
2. Render Environment Variables
Ensure these are set in the Render Dashboard:
SUPABASE_URL: (Existing)SUPABASE_KEY: (Existing, useservice_rolekey for backend if RLS bypass is needed)ADMIN_API_KEY: (Existing, keep for backward compatibility during transition)
3. Pinecone
No changes required to indexes or namespaces in this cycle.
4. Verification Steps
- [ ] Log in as a student, verify
/wallet/balancereturns data. - [ ] Log in as a student, try to fetch another user's profile UUID (should return null).
- [ ] Log in as an admin, trigger a scrape sync.