fix: add RLS policy for cron_tasks table

[riderx]

Summary

The cron_tasks table had RLS enabled but was missing the required policy. Added a deny-all policy to ensure only service_role can access this internal table, following the pattern used for other internal tables in the codebase.

Test plan

This migration only adds an RLS policy. Run supabase db reset to verify the migration applies successfully without errors.

Checklist

• My code follows the code style of this project
• My change requires a change to the documentation
• My change has adequate E2E test coverage

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Enhanced security controls by restricting default access to cron tasks.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

An SQL migration adds a Row-Level Security (RLS) policy to the cron_tasks table that denies all access by default via USING (false) and WITH CHECK (false) conditions. Comments document that RLS is enabled and only the service_role can bypass these restrictions.

Changes

Cohort / File(s)	Summary
Database Security Policy supabase/migrations/20251229030503_add_cron_tasks_rls_policy.sql	Adds deny-all RLS policy to cron_tasks table for all operations (SELECT, INSERT, UPDATE, DELETE). Policy blocks access unless bypassed by service_role.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Poem

🐰 A lock upon the cron_tasks door,
With RLS we guard them evermore,
False and false, none shall pass,
Save the service_role with access class! 🔐

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch riderx/cron-tasks-rls-policy

---

📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d4c42cd and 19afe0c.

📒 Files selected for processing (1)

• supabase/migrations/20251229030503_add_cron_tasks_rls_policy.sql

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 SQLFluff (3.5.0)

supabase/migrations/20251229030503_add_cron_tasks_rls_policy.sql

User Error: No dialect was specified. You must configure a dialect or specify one on the command line using --dialect after the command. Available dialects:
ansi, athena, bigquery, clickhouse, databricks, db2, doris, duckdb, exasol, flink, greenplum, hive, impala, mariadb, materialize, mysql, oracle, postgres, redshift, snowflake, soql, sparksql, sqlite, starrocks, teradata, trino, tsql, vertica

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud