ADR-003: Supabase Realtime with Row Level Security and anonymous-invite auth
Status: Accepted
Context
Every member tracks from their own phone and must see shared household data live. Onboarding has to be near-zero-friction for non-technical members (the founder's wife), and a future web app must reuse the same backend.
Decision
- Supabase Realtime broadcasts row changes on the household-scoped tables; the application layer invalidates the matching query keys so devices stay in sync.
- Row Level Security scopes every table by
is_household_member(household_id)againstauth.uid(). - Anonymous auth + invite codes: the owner creates the household; adding a member mints an invite code; the member opens the link and is signed in anonymously and bound to the household. No email/password. Name-only profiles need no invite.
- Bootstrapping RPCs (
create_household,accept_invite) run assecurity definerto create the membership rows that RLS subsequently depends on.
Consequences
- Conflict resolution is last-write-wins via
updated_at; per-field merge deferred. - Anonymous identity is device-bound and lost on reinstall/clear-data, orphaning that member until re-invited. Recovery (link a phone/email) is a planned enhancement.