fix(studio): handle unexpected error response formats in self-hosted query

[ooleem-generator]

I have read the CONTRIBUTING.md file.

YES

What kind of change does this PR introduce?

Bug fix

What is the current behavior?

Fixes #41698

In self-hosted environments, the SQL Editor and Authentication pages return 500 errors and throw Zod validation errors:

Invalid input: expected string, received undefined

Root causes:

1. PG_META_CRYPTO_KEY mismatch: The Docker .env defines PG_META_CRYPTO_KEY, but apps/studio/.env was missing this variable. Additionally, the fallback value in apps/studio/lib/api/self-hosted/constants.ts didn't match the Docker .env value, causing encryption key mismatches and 500 errors from pg-meta endpoints.

2. Strict Zod validation: databaseErrorSchema.parse() throws when error response fields like code or formattedError are undefined.

What is the new behavior?

1. Synced PG_META_CRYPTO_KEY configuration:

• Added PG_META_CRYPTO_KEY to apps/studio/.env
• Updated the fallback value in constants.ts to match the Docker .env default

2. Resilient error handling: Uses safeParse() instead of parse() for graceful handling of unexpected error response formats

Additional context

• Reported by users deploying via Coolify on AWS and Raspberry Pi
• Downgrading to supabase/studio:2025.10.01-sha-8460121 was a confirmed workaround
• This fix addresses both the root cause (env var mismatch) and adds defensive error handling for edge cases

Summary by CodeRabbit

• Bug Fixes

  • Improved error handling with flexible fallback parsing support to gracefully manage and recover from non-conforming database error responses, ensuring the application continues to function smoothly even when receiving unexpected error formats.

• Chores

  • Added encryption key configuration through environment variables and updated default encryption key values to properly support self-hosted deployment scenarios and enhanced security configurations.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[github-actions]

Thanks for contributing to Supabase! ❤️ Our team will review your PR.

A few tips for a smoother review process:

• If you have a local version of the repo, run pnpm run format to make sure formatting checks pass.
• Once we've reviewed your PR, please don't trivially merge master (don't click Update branch if there are no merge conflicts to be fixed). This invalidates any pre-merge checks we've run.

[vercel]

@ooleem-generator is attempting to deploy a commit to the Supabase Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

Walkthrough

The changes introduce a fallback error parsing mechanism to handle non-conforming error responses gracefully, update the encryption key constant to a standardized placeholder value, and add the corresponding environment variable configuration.

Changes

Cohort / File(s)	Summary
Encryption key configuration apps/studio/.env, apps/studio/lib/api/self-hosted/constants.ts	Added PG_META_CRYPTO_KEY environment variable and updated ENCRYPTION_KEY constant default value from 'SAMPLE_KEY' to 'your-encryption-key-32-chars-min' for consistency
Error handling robustness apps/studio/lib/api/self-hosted/query.ts	Implemented safeParse validation with fallback logic to handle schema mismatches; non-conforming error responses now gracefully derive message, code, and formattedError from available fields instead of throwing validation errors

Suggested reviewers

• jordienr

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix(studio): handle unexpected error response formats in self-hosted query' directly describes the main change addressing Zod validation errors by using safeParse instead of parse.
Linked Issues check	✅ Passed	All coding requirements from issue #41698 are met: PG_META_CRYPTO_KEY configuration mismatch is fixed, and Zod strict validation errors are handled via safeParse with fallback logic.
Out of Scope Changes check	✅ Passed	All changes directly address the two root causes identified in issue #41698: encryption key configuration sync and error response format handling; no extraneous changes present.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
design-system	Ready	Preview, Comment	Jan 19, 2026 6:06am

[ooleem-generator]

Closing this in favor of PR #42155 to follow the contribution guidelines (branch naming convention).