Blog
Notes on testing your database: Row-Level Security, pgTAP, tSQLt, and generating the tests instead of hand-writing them.
July 1, 2026
RLS is your HIPAA and SOC 2 access-control safeguard on any PostgreSQL, but only if you can show it works. Untested RLS is an assumption; here's what auditable evidence looks like.
Read →
June 22, 2026
It works on Cloud, fails in local Studio, because the local Dashboard isn't GoTrue-integrated, so auth.jwt() has no custom claims. Here's how to test it correctly at the database level.
Read →
June 22, 2026
The mechanics, the traps, and the handful of Row-Level Security cases that bite you: becoming each identity, USING vs WITH CHECK, "0 rows" vs "denied," and the seed-data trap.
Read →