Skip to content

perf(rls): wrap auth.uid()/current_setting() in (select …) for per-statement evaluation#5705

Open
dmitrymaranik wants to merge 1 commit into
Helicone:mainfrom
dmitrymaranik:perf/wrap-rls-initplan
Open

perf(rls): wrap auth.uid()/current_setting() in (select …) for per-statement evaluation#5705
dmitrymaranik wants to merge 1 commit into
Helicone:mainfrom
dmitrymaranik:perf/wrap-rls-initplan

Conversation

@dmitrymaranik

Copy link
Copy Markdown

Postgres re-evaluates a bare auth.uid() / current_setting(…) in an RLS policy once per row. Wrapping it in a scalar subquery — (select auth.uid()) — makes it an InitPlan the planner evaluates once per statement and caches. It's predicate-equivalent (row visibility unchanged) and the optimization Supabase documents for RLS.

This adds a migration that wraps the 7 affected per-user policies:

  • Predicate-equivalent — row visibility is unchanged; only when the auth call is evaluated changes (once per statement vs once per row).
  • Covers both USING and WITH CHECK (the write path runs per inserted/updated row too).
  • Verified with pgrls (an open-source RLS linter) on Postgres 16: the PERF001 findings clear to 0 after the change, nothing else altered.
  • The SQL is pgrls fix --rule PERF001 output, added as a new migration (20260629150153_wrap_rls_perf_initplan.sql).

Happy to adjust the migration filename/placement to your conventions.

@vercel

vercel Bot commented Jun 29, 2026

Copy link
Copy Markdown

@dmitrymaranik is attempting to deploy a commit to the Helicone Team on Vercel.

A member of the Team first needs to authorize it.

@greptile-apps greptile-apps Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant