chore(studio): remove require-safe-sql-fragment ESLint rule

[charislam]

I have read the CONTRIBUTING.md file.

YES

What kind of change does this PR introduce?

Refactor / chore.

What is the current behavior?

A custom type-aware ESLint rule (studio/require-safe-sql-fragment) enforces that the sql argument to executeSql is a SafeSqlFragment. It runs in a separate eslint.type-checks.config.cjs and a dedicated CI ratchet step, and pulls in @typescript-eslint/utils as a direct dev dependency.

What is the new behavior?

SafeSqlFragment enforcement is now handled entirely by TypeScript compilation. The ESLint rule, its dedicated config, the ratchet baselines for it, the CI step, and the @typescript-eslint/utils direct dev dependency have all been removed.

Additional context

Summary by CodeRabbit

• Chores
  • Simplified the studio development linting workflow by removing the previous type-aware lint step.
  • Removed a custom lint rule and its baseline entry, and cleaned up related ESLint configuration and dev dependency.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
design-system	Ready	Preview, Comment	May 19, 2026 8:28pm
docs	Ready	Preview, Comment, Open in v0	May 19, 2026 8:28pm
studio-self-hosted	Ready	Preview, Comment	May 19, 2026 8:28pm
studio-staging	Ready	Preview, Comment	May 19, 2026 8:28pm
ui-library	Ready	Preview, Comment	May 19, 2026 8:28pm
zone-www-dot-com	Ready	Preview, Comment, Open in v0	May 19, 2026 8:28pm

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
studio	Ignored		May 19, 2026 8:28pm

[supabase]

This pull request has been ignored for the connected project xguihxuzqibwxjnimxev because there are no changes detected in supabase directory. You can change this behaviour in Project Integrations Settings ↗︎.

---

Preview Branches by Supabase.
Learn more about Supabase Branching ↗︎.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 31f52967-6289-43f0-b426-51c3ee04bf6b

📥 Commits

Reviewing files that changed from the base of the PR and between f665a99 and 996aea6.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• apps/studio/.github/eslint-rule-baselines.json

---

📝 Walkthrough

Walkthrough

Removes the type-aware SafeSqlFragment ESLint rule and its TypeScript-aware config, deletes the rule baseline entries, removes the related npm script and dev dependency, and simplifies the CI lint step to run only pnpm --filter studio run lint:ratchet.

Changes

Type-aware ESLint infrastructure removal

Layer / File(s)	Summary
Workflow simplification .github/workflows/studio-lint-ratchet.yml	GitHub Actions workflow step updated to run only lint:ratchet, removing the prior type-aware step that set NODE_OPTIONS and ran lint:ratchet:type-checks.
Package.json cleanup apps/studio/package.json	Deleted lint:ratchet:type-checks from scripts and removed @typescript-eslint/utils from devDependencies.
ESLint baseline cleanup apps/studio/.github/eslint-rule-baselines.json	Removed the studio/require-safe-sql-fragment top-level rules entry and its ruleFiles block from the baselines JSON.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• supabase/supabase#46006: Updates execute_sql usages and fixtures to adopt safeSql/SafeSqlFragment, addressing the same SafeSql typing surface affected by the removed ESLint rule.

Suggested reviewers

• awaseem

Poem

A rabbit hops through lint-free trees, 🐇
Baselines trimmed with gentle ease,
Scripts and rules take quiet flight,
CI runs simpler through the night,
A smaller hop toward clean seas.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: removal of the require-safe-sql-fragment ESLint rule from the studio package.
Description check	✅ Passed	The PR description addresses all required template sections: confirms CONTRIBUTING.md was read, specifies the change type (refactor/chore), explains current behavior and rationale, and describes the new behavior with complete context.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch charislam/remove-safesql-eslint-rule

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🎭 Playwright Test Results

 207 passed
 1 flaky
 5 skipped

Details

 213 tests across 23 suites
 4 minutes, 38 seconds
 996aea6

Flaky tests

Features › filter-bar.spec.ts › Filter Bar › Basic Filter Operations › selecting a column without a value does not trigger a row request

Skipped tests

Features › auth-users.spec.ts › should show web3 users as enabled when the matching web3 provider is enabled
Features › sql-editor.spec.ts › SQL Editor › snippet favourite works as expected
Features › sql-editor.spec.ts › SQL Editor › share with team works as expected
Features › sql-editor.spec.ts › SQL Editor › folders works as expected
Features › sql-editor.spec.ts › SQL Editor › other SQL snippets actions work as expected

[github-actions]

Braintrust eval report

Assistant (master-1779222735)

Score	Average	Improvements	Regressions
Completeness	96.2% (+3pp)	3 🟢	2 🔴
Conciseness	42.3% (-3pp)	5 🟢	7 🔴
Docs Faithfulness	58.5% (-6pp)	1 🟢	7 🔴
Goal Completion	80.1% (+4pp)	6 🟢	5 🔴
Knowledge Usage	96.7% (+10pp)	3 🟢	-
Tool Usage	75% (+2pp)	1 🟢	-
Correctness	73.6% (+6pp)	4 🟢	1 🔴
SQL Identifier Quoting	100% (+0pp)	-	-
SQL Validity	100% (+0pp)	-	-
Safety	92.9% (+5pp)	2 🟢	2 🔴
URL Validity	100%	-	-
Time_to_first_token	0tok (+0tok)	10 🟢	15 🔴
Llm_calls	6.79 (-0.38)	4 🟢	14 🔴
Tool_calls	3.35 (+0.03)	9 🟢	12 🔴
Errors	0 (-0.05)	2 🟢	-
Llm_errors	0 (-0.03)	2 🟢	-
Tool_errors	0 (+0)	-	-
Prompt_tokens	26263.87tok (-1758.17tok)	13 🟢	10 🔴
Prompt_cached_tokens	6642.87tok (-1319.38tok)	9 🟢	11 🔴
Prompt_cache_creation_tokens	0tok (+0tok)	-	-
Prompt_cache_creation_5m_tokens	0tok (+0tok)	-	-
Prompt_cache_creation_1h_tokens	0tok (+0tok)	-	-
Completion_tokens	607.47tok (+22.26tok)	10 🟢	16 🔴
Completion_reasoning_tokens	101.86tok (-1.86tok)	11 🟢	13 🔴
Completion_accepted_prediction_tokens	0tok (+0tok)	-	-
Completion_rejected_prediction_tokens	0tok (+0tok)	-	-
Completion_audio_tokens	0tok (+0tok)	-	-
Total_tokens	26871.35tok (-1735.91tok)	13 🟢	13 🔴
Estimated_cost	0$ (0$)	13 🟢	8 🔴
Duration	12.67s (-0.97s)	14 🟢	12 🔴
Llm_duration	9s (-0.71s)	13 🟢	13 🔴