Skip to content

ADR-003: Supabase Realtime with Row Level Security and anonymous-invite auth

Status: Accepted

Context

Every member tracks from their own phone and must see shared household data live. Onboarding has to be near-zero-friction for non-technical members (the founder's wife), and a future web app must reuse the same backend.

Decision

  • Supabase Realtime broadcasts row changes on the household-scoped tables; the application layer invalidates the matching query keys so devices stay in sync.
  • Row Level Security scopes every table by is_household_member(household_id) against auth.uid().
  • Anonymous auth + invite codes: the owner creates the household; adding a member mints an invite code; the member opens the link and is signed in anonymously and bound to the household. No email/password. Name-only profiles need no invite.
  • Bootstrapping RPCs (create_household, accept_invite) run as security definer to create the membership rows that RLS subsequently depends on.

Consequences

  • Conflict resolution is last-write-wins via updated_at; per-field merge deferred.
  • Anonymous identity is device-bound and lost on reinstall/clear-data, orphaning that member until re-invited. Recovery (link a phone/email) is a planned enhancement.

Spend together, settle simply.