Task: Implement Per-User Thread Isolation (Supabase + Tambo)

[jjf2009]

Task: Implement Per-User Thread Isolation (Supabase + Tambo)

Objective

Implement strict per-user visibility for chat threads and messages so that each authenticated user can only access their own thread history. This includes database design, Row Level Security (RLS), backend APIs, and Tambo integration.

This task enforces multi-tenant isolation and eliminates cross-user data leakage.

---

Scope of Work

• Supabase schema updates
• Row Level Security (RLS) policies
• Backend thread/message creation & retrieval
• Tambo thread metadata alignment
• Legacy data cleanup
• Validation & testing

---

Assumptions

• Supabase Auth is enabled
• auth.uid() is the source of truth for user_id
• Threads and messages are stored in Supabase (Postgres)
• Tambo is used for AI thread/message generation

---

Database Schema

1. Threads Table

create table if not exists threads (
  id uuid primary key default gen_random_uuid(),
  user_id uuid not null references auth.users(id) on delete cascade,
  created_at timestamptz default now()
);

2. Messages Table

create table if not exists messages (
  id uuid primary key default gen_random_uuid(),
  thread_id uuid not null references threads(id) on delete cascade,
  role text not null,
  content jsonb not null,
  created_at timestamptz default now()
);

---

Row Level Security (CRITICAL)

Enable RLS

alter table threads enable row level security;
alter table messages enable row level security;

Threads Policies

-- Read own threads
create policy "Users can read their own threads"
on threads for select
using (user_id = auth.uid());

-- Create thread for self
create policy "Users can create their own threads"
on threads for insert
with check (user_id = auth.uid());

Messages Policies

-- Read messages only from owned threads
create policy "Users can read messages from their threads"
on messages for select
using (
  exists (
    select 1 from threads
    where threads.id = messages.thread_id
    and threads.user_id = auth.uid()
  )
);

-- Insert messages only into owned threads
create policy "Users can insert messages into their threads"
on messages for insert
with check (
  exists (
    select 1 from threads
    where threads.id = messages.thread_id
    and threads.user_id = auth.uid()
  )
);

---

Backend Responsibilities

Thread Creation

• Fetch authenticated user ID
• Create thread with user_id

const { data: thread } = await supabase
  .from('threads')
  .insert({ user_id: user.id })
  .select()
  .single();

Message Creation

• Accept thread_id
• Supabase RLS must enforce ownership

await supabase.from('messages').insert({
  thread_id,
  role,
  content,
});

Fetch Threads

await supabase
  .from('threads')
  .select('*')
  .order('created_at', { ascending: false });

⚠️ No manual where user_id = ... required when RLS is correct

---

Tambo Integration

Thread Initialization

When creating a Tambo thread:

tambo.createThread({
  threadId,
  metadata: {
    user_id: user.id,
  },
});

Message Retrieval

Ensure backend fetches messages only through Supabase, not directly from Tambo without validation.

Tambo should be treated as stateless compute, Supabase as source of truth.

---

Legacy Data Cleanup (One-Time)

-- Remove threads without ownership
delete from threads where user_id is null;

-- Remove orphaned messages
delete from messages
where thread_id not in (select id from threads);

---

Validation Checklist

• User A cannot see User B threads
• Direct thread_id access fails for unauthorized user
• RLS blocks cross-user inserts
• New threads always have user_id
• Tambo metadata includes user_id
• Old chats are removed or migrated

---

Non-Goals

• Shared threads
• Admin impersonation
• Cross-user collaboration

---

Success Criteria

• Each user sees only their own chat history
• Thread access is impossible without ownership
• No frontend-only filtering
• Security holds under direct API calls

---

Notes

This design mirrors production-grade SaaS isolation (Slack / Notion model). Any shortcut here is a future security incident.

[jjf2009]

@CharlieHelps work on this issue

[charliecreates]

Expand this to see my work.

• Confirmed the latest comment on #11 is asking me to continue the existing ai-11-task-implement-per-user-thread-isolation-sup work without changing the current requirements.
• Re-read the review feedback touching src/app/api/tambo/[...path]/route.ts (getTamboBaseUrl, getTamboApiKey, reasoning typing, and AdvanceStream body validation) to align the next set of changes.
• Mapped ThreadAdvanceByIDParams plus nested MessageToAppend/InitialMessage from node_modules/@tambo-ai/typescript-sdk/resources/beta/threads/threads.d.ts to decide exactly which fields are whitelisted into the /threads/advancestream computeBody.
• Simplified getTamboBaseUrl in src/app/api/tambo/[...path]/route.ts to prefer process.env.TAMBO_URL with https://api.tambo.co as a fallback and introduced a shared MISSING_TAMBO_API_KEY_ERROR constant reused by getTamboApiKey and the top-level handler.
• Removed the as never cast when mapping row.reasoning so it now passes through as row.reasoning ?? undefined in the Supabase-to-Tambo message mapping.
• Refined handleAdvanceStream to parse a typed AdvanceStreamRequestBody, validate body.messageToAppend, and replace spreading ...body with a computeBody that only includes availableComponents, forceToolChoice, toolCallCounts, contextKey, initialMessages, messageToAppend, and clientTools.
• Updated initial and final message persistence so created_at is no longer overridden from client createdAt, letting Postgres remain the source of truth for timestamps when inserting initialRows and flushing finalMessages.
• Verified TamboProvider in node_modules/@tambo-ai/react/esm/providers/tambo-provider.js supports autoGenerateThreadName, then set autoGenerateThreadName={false} in src/app/chat/chat-client.tsx to avoid extra backend calls for auto-generated names.
• Expanded the Supabase auth middleware config.matcher in src/middleware.ts to cover "/api/tambo/:path*" so session cookies refresh on Tambo API calls as well as /chat/:path*.
• Inspected src/components/tambo/message-suggestions.tsx around the MessageSuggestions component and its MessageSuggestionsStatus export to prepare for removing the old generation-status UI now that isGenerating is effectively static and backend-driven suggestions are disabled, and attempted (but did not yet land) a patch to recompute isGenerating from GenerationStage and delete the obsolete timeout-based loading logic.

[charliecreates]

I ran into an issue and couldn't complete the full implementation for per-user thread isolation.

Visible progress:

• Created the working branch ai-11-task-implement-per-user-thread-isolation-sup from main.

Blockers:

• No code commits yet—still investigating how thread/message access and Tambo integration are currently wired up.
• Need clarification: Is there an existing place where Supabase thread/message access logic lives, or should new API endpoints/files be introduced from scratch?

You can see my work on the ai-11-task-implement-per-user-thread-isolation-sup branch.

[jjf2009]

@CharlieHelps its not done still , i can still access other chats

[charliecreates]

Expand this to see my work.

• Previously reviewed src/app/api/tambo/[...path]/route.ts, Supabase client setup in src/lib/supabase/server.ts, and RLS migrations 20260207_per_user_threads.sql / 20260207_per_user_threads_delete_policies.sql to enforce per-user threads/messages isolation before any Tambo calls.
• Verified Tambo SDK usage under node_modules/@tambo-ai/typescript-sdk and @tambo-ai/react to ensure threads/messages operations are funneled through the guarded /api/tambo proxy, and confirmed PR #13 targets main with these isolation updates.
• Updated handleThreadsList, handleThreadRetrieve, handleThreadUpdate, handleThreadGenerateName, handleThreadCancel, handleThreadDelete, and handleThreadMessages* in src/app/api/tambo/[...path]/route.ts to validate public.threads.user_id = auth.uid() before performing any Tambo threads/messages operations.
• Expanded supabase/migrations/20260207_per_user_threads_delete_policies.sql to enable full RLS on public.threads and public.messages (select/insert/update/delete) so only the owning auth.uid() can read or mutate their threads/messages, aligning DB rules with the API checks.
• Refactored src/app/api/tambo/[...path]/route.ts to introduce MESSAGE_SELECT_COLUMNS and a shared selectMessagesForThread helper so all message reads consistently filter by thread_id and apply the same projection.
• Cleaned up temporary supabase.then(() => null) placeholders in handleThreadRetrieve and handleThreadMessagesList to call selectMessagesForThread directly and to return (messages as unknown as MessageRow[]).map(messageFromRow) with proper error handling.
• Re-ran npm run build to confirm the Next.js app (including /api/tambo/[...path]) still compiles and type-checks successfully after the RLS and handler refactors.
• Committed and pushed the latest RLS and handler fixes as 56735d9 (chore(rls): ensure full policies) to ai-11-task-implement-per-user-thread-isolation-sup backing PR #13.
• Updated PR #13 metadata via gh pr edit 13 to set the title to feat(chat): per-user thread isolation and document the isolation behavior, RLS changes, and npm run build / npm run lint verification details in the PR body.
• Assigned PR #13 to @jjf2009 so the per-user isolation fix for issue #11 is clearly queued for human review and confirmation.

[charliecreates]

#11 (comment)

I pushed a fix for this in PR #13: the leak was coming from /api/tambo/threads/* not being consistently scoped to the authenticated user (and a couple of thread message sub-routes were still getting proxied to Tambo using the server API key). After this change, users should only be able to list/retrieve/advance/update/delete threads they own.

PR: #13

What changed

• Hard user scoping everywhere: all thread operations now enforce ownership via threads.user_id (e.g. list + retrieve now filter with .eq("user_id", user.id)).
• No more “threads/*” proxy fallback: thread/message subpaths are handled by Supabase-backed handlers (or return 404) so we don’t accidentally forward something sensitive to Tambo with the shared API key.
• Implemented missing SDK endpoints: added Supabase implementations for:
  • POST /threads/:id/messages
  • PUT /threads/:id/messages/:messageId/component-state
• RLS hardened: added/ensured full RLS policies (select/insert/update/delete) for threads + messages in supabase/migrations/20260207_per_user_threads_delete_policies.sql.

Deploy / DB notes

• Make sure the Supabase migrations are applied (at minimum):
  • supabase/migrations/20260207_per_user_threads.sql
  • supabase/migrations/20260207_per_user_threads_delete_policies.sql
• If you have legacy thread rows that don’t have a valid user_id, they won’t be accessible cross-user after this (and the cleanup in the migration will remove null-owned/orphaned data).

Verification

# Next build (includes typecheck): success
$ npm run build

# ESLint: fails (preexisting) with "TypeError: Converting circular structure to JSON"
$ npm run lint