1. Supabase RLS Gap Exposes User Chat History and Analytics Data to Potential API Bypass
A critical security gap in a Supabase-backed application leaves user chat history and session analytics vulnerable to direct database access. The system stores sensitive user data in two tables—`learning_sessions` (full chat history) and `analytics_events` (session metadata)—without verified Row Level Security (RLS) po...