# Docs

- Ruby: supabase-rb — the Ruby client for Supabase.
  - [Supabase Ruby (supabase-rb)](/reference/ruby): supabase-rb is the Ruby and Rails client for Supabase — Auth, Database (PostgREST), Realtime, Storage, and Edge Functions behind one Supabase::Client.
  - Initializing: Install supabase-rb and construct a Supabase::Client.
    - [Initializing](/reference/ruby/initializing): Install supabase-rb and construct a Supabase::Client.
  - Auth: Authentication, sessions, MFA, and admin user management.
    - [Overview](/reference/ruby/auth): Authentication, sessions, MFA, and admin user management.
    - [Create a new user](/reference/ruby/auth/signup): Create a new user with email/phone + password.
    - [Sign in a user](/reference/ruby/auth/signinwithpassword): Sign in an existing user with email/phone + password.
    - [Sign in a user through OTP](/reference/ruby/auth/signinwithotp): Send a magic-link or SMS one-time password.
    - [Sign in a user through OAuth](/reference/ruby/auth/signinwithoauth): Build a redirect URL for a third-party OAuth provider.
    - [Sign in a user through SSO](/reference/ruby/auth/signinwithsso): Sign in via SAML SSO using a domain or provider ID.
    - [Create an anonymous user](/reference/ruby/auth/signinanonymously): Create and sign in an anonymous user.
    - [Sign out a user](/reference/ruby/auth/signout): Revoke the current session and clear local storage.
    - [Verify and log in through OTP](/reference/ruby/auth/verifyotp): Verify a one-time password (or email confirmation link) and produce a session.
    - [Resend an OTP](/reference/ruby/auth/resend): Resend a signup confirmation, magic-link, SMS OTP, or change-confirmation email.
    - [Retrieve a session](/reference/ruby/auth/getsession): Return the current session, refreshing it if it's about to expire.
    - [Retrieve a new session](/reference/ruby/auth/refreshsession): Force-refresh the current session using a refresh token.
    - [Set the session data](/reference/ruby/auth/setsession): Restore a session from an existing access + refresh token pair.
    - [Retrieve a user](/reference/ruby/auth/getuser): Fetch the user for the current (or a supplied) access token.
    - [Update a user](/reference/ruby/auth/updateuser): Update the current user's email, password, or metadata.
    - [Send a password reset request](/reference/ruby/auth/resetpasswordforemail): Send a password-reset email to a user.
    - [Link an identity to a user](/reference/ruby/auth/linkidentity): Link an OAuth identity to the current user.
    - [Unlink an identity from a user](/reference/ruby/auth/unlinkidentity): Unlink an OAuth identity from the current user.
    - [Retrieve identities linked to a user](/reference/ruby/auth/getuseridentities): List the OAuth identities linked to the current user.
    - [Listen to auth events](/reference/ruby/auth/onauthstatechange): Subscribe to auth state changes — SIGNED_IN, SIGNED_OUT, TOKEN_REFRESHED, and friends.
    - [Enroll a factor](/reference/ruby/auth/mfa-enroll): Enroll a new TOTP or phone MFA factor.
    - [Create a challenge](/reference/ruby/auth/mfa-challenge): Start a verification challenge for an enrolled MFA factor.
    - [Verify a challenge](/reference/ruby/auth/mfa-verify): Submit a code to satisfy an MFA challenge.
    - [Create and verify a challenge](/reference/ruby/auth/mfa-challengeandverify): Challenge and verify an MFA factor in one call.
    - [Unenroll a factor](/reference/ruby/auth/mfa-unenroll): Remove an MFA factor from the current user.
    - [List all factors](/reference/ruby/auth/mfa-listfactors): List the current user's verified MFA factors.
    - [Get Authenticator Assurance Level](/reference/ruby/auth/mfa-getauthenticatorassurancelevel): Inspect AAL1 / AAL2 state from the current session JWT.
    - [Auth Admin](/reference/ruby/auth/admin): User CRUD, invitations, and link generation under supabase.auth.admin.
    - [Create a user (admin)](/reference/ruby/auth/admin-createuser): Create a new user directly via the admin API.
    - [List all users (admin)](/reference/ruby/auth/admin-listusers): List users with pagination via the admin API.
    - [Retrieve a user (admin)](/reference/ruby/auth/admin-getuserbyid): Fetch a single user by their UUID via the admin API.
    - [Update a user (admin)](/reference/ruby/auth/admin-updateuserbyid): Update any field on any user via the admin API.
    - [Delete a user (admin)](/reference/ruby/auth/admin-deleteuser): Hard- or soft-delete a user via the admin API.
    - [Send an email invite link (admin)](/reference/ruby/auth/admin-inviteuserbyemail): Send a signup invitation email via the admin API.
    - [Generate an email link (admin)](/reference/ruby/auth/admin-generatelink): Generate magic-link / recovery / invite / signup URLs without sending the email.
  - Database: PostgREST query builder, filters, modifiers, and RPC.
    - [Overview](/reference/ruby/database): PostgREST query builder, filters, modifiers, and RPC.
    - [Open a builder for a table](/reference/ruby/database/from): Open a PostgREST query builder for a single table.
    - [Fetch data](/reference/ruby/database/select): Read rows from a table. Accepts a column list, count mode, and HEAD-only mode.
    - [Insert data](/reference/ruby/database/insert): Insert one row (Hash) or many (Array<Hash>) into a table.
    - [Update data](/reference/ruby/database/update): Patch rows that match the chained filters.
    - [Upsert data](/reference/ruby/database/upsert): Insert-or-update via PostgREST's resolution=merge-duplicates Prefer header.
    - [Delete data](/reference/ruby/database/delete): Delete rows that match the chained filters.
    - [Call a Postgres function](/reference/ruby/database/rpc): Call a Postgres function (stored procedure). Supports POST, GET, and HEAD methods, plus chained filters on set-returning results.
    - [Column equals a value](/reference/ruby/database/eq): Match rows where a column equals a value.
    - [Column not equal to a value](/reference/ruby/database/neq): Match rows where a column does NOT equal a value.
    - [Column is greater than a value](/reference/ruby/database/gt): Match rows where a column is greater than a value.
    - [Column is greater than or equal to a value](/reference/ruby/database/gte): Match rows where a column is greater than or equal to a value.
    - [Column is less than a value](/reference/ruby/database/lt): Match rows where a column is less than a value.
    - [Column is less than or equal to a value](/reference/ruby/database/lte): Match rows where a column is less than or equal to a value.
    - [Column matches a pattern](/reference/ruby/database/like): Case-sensitive pattern match using SQL LIKE.
    - [Column matches a case-insensitive pattern](/reference/ruby/database/ilike): Case-insensitive pattern match using SQL ILIKE.
    - [Column is a value](/reference/ruby/database/is): Match rows where a column IS null / true / false.
    - [Column is in an array](/reference/ruby/database/in): Match rows where a column is in a set of values.
    - [Column contains every element in a value](/reference/ruby/database/contains): Match rows whose array, range, or jsonb column contains the supplied value.
    - [Contained by value](/reference/ruby/database/containedby): Match rows whose array, range, or jsonb column is contained by the supplied value.
    - [Less than a range](/reference/ruby/database/rangelt): Match rows whose range column is strictly to the left of the supplied range.
    - [Greater than a range](/reference/ruby/database/rangegt): Match rows whose range column is strictly to the right of the supplied range.
    - [Greater than or equal to a range](/reference/ruby/database/rangegte): Match rows whose range column does not extend to the left of the supplied range.
    - [Less than or equal to a range](/reference/ruby/database/rangelte): Match rows whose range column does not extend to the right of the supplied range.
    - [Mutually exclusive to a range](/reference/ruby/database/rangeadjacent): Match rows whose range column is immediately adjacent to the supplied range.
    - [Match by text search](/reference/ruby/database/textsearch): High-level full-text search filter — picks the FTS variant and Postgres config.
    - [Match a Hash of column values](/reference/ruby/database/match): Apply an `eq` filter for every key/value pair in a Hash.
    - [Negate a filter](/reference/ruby/database/not): Negate the next filter in the chain.
    - [Match at least one filter](/reference/ruby/database/or): Apply a grouped OR clause using PostgREST's `or=(…)` string syntax.
    - [Use a custom filter](/reference/ruby/database/filter): Escape hatch — apply a raw PostgREST operator + criteria string.
    - [Order the results](/reference/ruby/database/order): Order rows by one or more columns. Chains; multiple calls accumulate.
    - [Limit the number of rows](/reference/ruby/database/limit): Cap the number of rows returned. Optionally limits an embedded resource.
    - [Limit the query to a range](/reference/ruby/database/range): Inclusive [start, finish] slice. Sets offset and limit in one call.
    - [Retrieve one row of data](/reference/ruby/database/single): Expect exactly one row. Returns a Hash; raises on 0 or more than 1.
    - [Retrieve zero or one rows](/reference/ruby/database/maybesingle): Expect 0 or 1 row. Returns nil on no match; raises only when more than 1 row comes back.
    - [Retrieve as a CSV](/reference/ruby/database/csv): Return the response as CSV text instead of parsed JSON.
  - Realtime: Channels, subscriptions, broadcast, and presence.
    - [Overview](/reference/ruby/realtime): Channels, subscriptions, broadcast, and presence.
    - [Create a channel](/reference/ruby/realtime/channel): Open a Supabase Realtime channel on the shared WebSocket connection.
    - [Listen to events on a channel](/reference/ruby/realtime/on): Listen for postgres_changes, broadcast, and presence events on a Realtime channel.
    - [Subscribe to a channel](/reference/ruby/realtime/subscribe): Start the Realtime join handshake for a channel.
    - [Unsubscribe from a channel](/reference/ruby/realtime/unsubscribe): Send phx_leave for a Realtime channel and wait for the server's ack.
    - [Remove a channel](/reference/ruby/realtime/removechannel): Unsubscribe one Realtime channel and drop it from the client registry.
    - [Remove all channels](/reference/ruby/realtime/removeallchannels): Unsubscribe every Realtime channel and close the socket.
  - Storage: Bucket admin API and file operations.
    - [Overview](/reference/ruby/storage): Bucket admin API and file operations.
    - [Create a bucket](/reference/ruby/storage/createbucket): Create a new storage bucket. Pick public (anonymous reads OK) or private (auth required).
    - [Retrieve a bucket](/reference/ruby/storage/getbucket): Fetch a single bucket record by id.
    - [List all buckets](/reference/ruby/storage/listbuckets): List every bucket the caller can see.
    - [Update a bucket](/reference/ruby/storage/updatebucket): Patch a bucket's public flag, size limit, or allowed MIME types.
    - [Empty a bucket](/reference/ruby/storage/emptybucket): Delete every object inside a bucket without removing the bucket itself.
    - [Delete a bucket](/reference/ruby/storage/deletebucket): Delete a bucket. Bucket must be empty first.
    - [Upload a file](/reference/ruby/storage/upload): Upload an object to a bucket. Accepts a File/IO, a Pathname, or a raw String body.
    - [Download a file](/reference/ruby/storage/download): Download an object's bytes. Optional transform routes through the image renderer.
    - [List all files in a bucket](/reference/ruby/storage/list): List objects under a prefix inside a bucket.
    - [Move an existing file](/reference/ruby/storage/move): Move (rename) an object inside the same bucket.
    - [Copy an existing file](/reference/ruby/storage/copy): Copy an object to a new path inside the same bucket.
    - [Delete files in a bucket](/reference/ruby/storage/remove): Delete one or more objects from a bucket.
    - [Create a signed URL](/reference/ruby/storage/createsignedurl): Mint a time-limited signed URL for one object.
    - [Create signed URLs](/reference/ruby/storage/createsignedurls): Mint signed URLs in bulk for many objects in one request.
    - [Create a signed upload URL](/reference/ruby/storage/createsignedupload): Mint a pre-signed URL that lets a client upload bytes without the service-role key.
    - [Upload to a signed URL](/reference/ruby/storage/uploadtosignedurl): Consume a pre-signed URL minted by create_signed_upload_url to upload bytes.
    - [Retrieve public URL](/reference/ruby/storage/getpublicurl): Build the public URL for an object in a public bucket.
  - Edge Functions: Invoke Supabase Edge Functions.
    - [Overview](/reference/ruby/functions): Invoke Supabase Edge Functions from Ruby — per-call control over body, headers, region routing, and response decoding.
    - [Invoke a Supabase Edge Function](/reference/ruby/functions/invoke): Invoke a Supabase Edge Function by name. Always POSTs; body, headers, region routing, and response parsing are per-call kwargs.
- Rails: Using supabase-rb inside a Ruby on Rails application.
  - [Supabase Rails (supabase-rails)](/reference/rails): supabase-rails is a Supabase integration for Ruby on Rails — supabase-rb on Rails, packaged as a Railtie with Rails Supabase auth (sign-in, sign-up, OAuth, password reset, OTP), generators, view templates, and an encrypted-cookie session store.
  - Getting started: Install supabase-rails and authenticate users in a fresh Rails app.
    - [Getting started with Rails Supabase auth](/reference/rails/getting-started): Install supabase-rails and authenticate your first user in a fresh Rails app in under 15 minutes — supabase-rb on Rails, in :web mode, with cookie-backed sessions and a Current.user populated from the verified Supabase JWT.
  - Configuration: Railtie config keys, environment variables, CORS, logging, and the middleware stack.
    - [Configuration](/reference/rails/configuration): Every config.supabase.* Railtie option for supabase-rails, the environment-variable fallbacks, the CORS behaviour, and the logger.
  - Generators: Rails generators that install the gem, scaffold a User model, and copy view templates into the host app.
    - [Generators](/reference/rails/generators): Rails generators that install the gem, scaffold a User model, and copy view templates into the host app.
    - [supabase:install](/reference/rails/generators/install): The main supabase-rails generator — what it writes, what it patches, the options it accepts, and what to do next.
    - [supabase:user_model](/reference/rails/generators/user-model): Opt-in shadow ActiveRecord User model + UUID-keyed Rails migration that mirrors Supabase auth, so belongs_to :user resolves like any other AR association.
    - [supabase:views](/reference/rails/generators/views): Copies the gem's eight default auth view templates into app/views/supabase/rails/ so they can be customised — Rails' view-resolution order picks the host copies ahead of the gem's.
  - Authentication: The Supabase::Rails::Authentication concern, request context, JWT verification, and session store.
    - [Authentication](/reference/rails/authentication): The Supabase::Rails::Authentication concern, the generated app/controllers/concerns/authentication.rb, the Current model, and the supabase_context request object.
    - [JWT verification](/reference/rails/authentication/jwt): Supabase::Rails::JWT.verify — the access-token verifier behind every authenticated request, with JWKS resolution, in-memory caching, and the AuthError shape it raises.
    - [Session store](/reference/rails/authentication/session-store): Supabase::Rails::SessionStore — the encrypted-cookie wrapper used in :web mode, the surrounding Supabase::Rails::Middleware that reads it on every request, and the cookie attributes you can configure.
  - Web mode: The :web request pipeline — cookie credential strategy, refresh coordinator, redirect validator, and per-request storage.
    - [Web mode](/reference/rails/web-mode): How supabase-rails :web mode swaps the Rack middleware into a cookie-backed authentication pipeline for Rails — sign-in, refresh, sign-out, and how it differs from :api mode.
    - [CookieCredentialStrategy](/reference/rails/web-mode/cookie-credential-strategy): Supabase::Rails::Web::CookieCredentialStrategy — the per-request strategy that reads the encrypted session cookie, validates expiry, refreshes inline, and routes the outcome into anonymous, user, or 503 contexts.
    - [RefreshCoordinator](/reference/rails/web-mode/refresh-coordinator): Supabase::Rails::Web::RefreshCoordinator — the per-worker mutex pool that serializes concurrent token refreshes keyed by SHA256(refresh_token), with refcounted entry cleanup.
    - [RedirectValidator](/reference/rails/web-mode/redirect-validator): Supabase::Rails::Web::RedirectValidator — validates redirect targets (e.g. ?redirect_to=) against config.supabase.allowed_redirect_origins to prevent open-redirect vulnerabilities.
    - [RequestScopedStorage](/reference/rails/web-mode/request-scoped-storage): Supabase::Rails::Web::RequestScopedStorage — per-request Supabase Auth storage with a signed-cookie fallback for PKCE verifiers that survive the OAuth round-trip.
    - [AuthClientFactory](/reference/rails/web-mode/auth-client-factory): Supabase::Rails::Web::AuthClientFactory — constructs the per-request Supabase::Auth::Client with auto_refresh_token disabled, PKCE flow, and request-scoped storage, cached on request.env.
    - [AuthErrorMapper](/reference/rails/web-mode/auth-error-mapper): Supabase::Rails::Web::AuthErrorMapper — translates Supabase::Auth::Errors::* into the gem-stable Supabase::Rails::AuthError surface with deterministic code and HTTP status.
  - Controllers: Built-in controllers under Supabase::Rails::* and the supabase_authentication_routes DSL.
    - [Controllers](/reference/rails/controllers): Built-in controllers under Supabase::Rails::* and the supabase_authentication_routes routing DSL.
    - [BaseController](/reference/rails/controllers/base): Supabase::Rails::BaseController — the common parent class for every gem-shipped controller.
    - [SessionsController](/reference/rails/controllers/sessions): Supabase::Rails::SessionsController — email + password sign-in and sign-out.
    - [RegistrationsController](/reference/rails/controllers/registrations): Supabase::Rails::RegistrationsController — email + password sign-up with the two-branch happy path.
    - [PasswordsController](/reference/rails/controllers/passwords): Supabase::Rails::PasswordsController — the two-step password reset flow.
    - [OtpController](/reference/rails/controllers/otp): Supabase::Rails::OtpController — passwordless OTP / magic-link sign-in.
    - [OauthController](/reference/rails/controllers/oauth): Supabase::Rails::OauthController — OAuth 2.0 + PKCE provider sign-in.
  - Views: Default sign-in, sign-up, password, OTP, and OAuth view templates shipped under app/views/supabase/rails/.
    - [Views](/reference/rails/views): Reference for every gem-shipped ERB template under app/views/supabase/rails/ — form fields, params, submit targets, the shared flash and OAuth buttons partials, and how to customise them.
- Billing: supabase-billing — provider-agnostic subscription and entitlement layer for Rails apps on Supabase.
  - [Supabase Billing (supabase-billing)](/reference/billing): supabase-billing is a provider-agnostic subscription and entitlement layer for Rails apps on Supabase — Stripe (web) and Adapty (mobile) ingestion adapters write into one canonical schema and a single `user.entitled?` API.
  - [Getting started with supabase-billing](/reference/billing/getting-started): Install supabase-billing on top of supabase-rails, run the generator, migrate, and make your first `user.entitled?(:feature)` call — from `bundle add` to a gated controller action in under ten minutes.
  - [Providers (Stripe + Adapty)](/reference/billing/providers): Side-by-side Stripe (web) and Adapty (mobile) provider setup — webhook endpoints, signing secret env vars, ingestion modes, supported event types, and the `config/initializers/supabase_billing.rb` block for each.
  - [Entitlements (the `entitled?` API)](/reference/billing/entitlements): Reference for the four-method entitlement surface on the User model — `entitled?`, `subscribed?`, `plan`, and `limit` — plus usage recording, the plan / entitlement / plan_entitlement / usage_limit data model, and controller and view gating examples.
  - [Schema Reference](/reference/billing/schema): The twelve tables created by `rails g supabase_billing:install` — eight canonical tables for the entitlement engine plus four provider-mapping tables — with an ER diagram and the RLS model.
  - [Webhooks](/reference/billing/webhooks): The two webhook endpoints mounted by the engine — Stripe and Adapty — plus the signature verification scheme, the `provider_events` idempotency model, replay / retry behavior, and the production security checklist.
  - [API Reference](/reference/billing/api-reference): Auto-generated reference for the supabase-billing gem — every public module, class, method, constant, and attribute extracted from the source.
- Starter Kits: Production-ready Rails starter kits wired up with Supabase Auth via supabase-rails — API-only, Hotwire, and Inertia + React.
  - [Starter Kits](/reference/starterkits): Production-ready Rails starter kits wired up with Supabase Auth via supabase-rails — pick the shape that matches your app (API-only, Hotwire monolith, or Inertia + React) and clone.
  - Rails API starter: Rails 8 API-only starter kit that authenticates clients with Supabase Auth via supabase-rails — JWT verification, rswag OpenAPI docs, Rack::Attack rate limiting, and a Kamal deploy config.
    - [Rails API starter](/reference/starterkits/api): Rails 8 API-only starter kit that authenticates clients with Supabase Auth via supabase-rails — JWT verification, rswag OpenAPI docs, Rack::Attack rate limiting, and a Kamal deploy config.
    - [Getting started](/reference/starterkits/api/getting-started): Clone the Rails API starter, install dependencies, point it at a Supabase project, and make your first authenticated request.
    - [Project structure](/reference/starterkits/api/project-structure): A directory-by-directory walkthrough of the Rails API starter — app/, config/, db/, spec/, and swagger/ — at the level of detail a new contributor needs.
    - [Architecture](/reference/starterkits/api/architecture): How supabase-rails plugs into the Rails API starter — the middleware stack, the request lifecycle, JWT verification against the JWKS, and how Current.user gets populated.
    - [Customization](/reference/starterkits/api/customization): Concrete recipes for extending the Rails API starter — add a resource, allow an unauthenticated route, change the database schema.
    - [Deployment](/reference/starterkits/api/deployment): Production-readiness checklist for the Rails API starter — secrets, TLS, rate-limit cache, health checks, observability.
    - [Troubleshooting](/reference/starterkits/api/troubleshooting): Most likely first-run failures with the Rails API starter — 401 loops, JWKS errors, CORS preflight, Postgres connection refused, missing env, swagger regeneration — and how to resolve them.
  - Hotwire starter: Rails 8.1 server-rendered starter kit with Hotwire (Turbo + Stimulus), ViewComponent, Tailwind v4, and Supabase Auth via supabase-rails in :web mode with encrypted cookie sessions.
    - [Hotwire starter](/reference/starterkits/hotwire): Rails 8.1 server-rendered starter kit with Hotwire (Turbo + Stimulus), ViewComponent, Tailwind v4, and Supabase Auth via supabase-rails in :web mode with encrypted cookie sessions.
    - [Getting started](/reference/starterkits/hotwire/getting-started): Clone the Hotwire starter, install dependencies, point it at a Supabase project, and sign in for the first time.
    - [Project structure](/reference/starterkits/hotwire/project-structure): A directory-by-directory walkthrough of the Hotwire starter — app/, config/, supabase/, db/, and test/ — at the level of detail a new contributor needs.
    - [Architecture](/reference/starterkits/hotwire/architecture): How supabase-rails plugs into the Hotwire starter — the cookie session lifecycle, the Turbo + Stimulus surfaces, the per-request RLS-scoped Supabase client, and how the supabase/ directory is used.
    - [Customization](/reference/starterkits/hotwire/customization): Hotwire-flavored recipes for extending the starter — inline Turbo Frame editing, a Stimulus controller wired to Supabase Realtime, and a new ViewComponent in the dashboard chrome.
    - [Deployment](/reference/starterkits/hotwire/deployment): Production-readiness checklist for the Hotwire starter — secrets, SQLite vs Postgres, TLS, cache, health checks, observability.
    - [Troubleshooting](/reference/starterkits/hotwire/troubleshooting): Most likely first-run failures with the Hotwire starter — missing env, expired-session loops, empty notes list, Tailwind not building, Importmap pin missing, Letter Opener empty — and how to resolve them.
  - Inertia + React starter: Rails 8.1 + Inertia + React 19 + TypeScript + Vite + Tailwind v4 + shadcn/ui starter kit, with Supabase Auth via supabase-rails in :web mode and optional Inertia SSR.
    - [Inertia + React starter](/reference/starterkits/inertia-react): Rails 8.1 + Inertia + React 19 + TypeScript + Vite + Tailwind v4 + shadcn/ui starter kit, with Supabase Auth via supabase-rails in :web mode and optional Inertia SSR.
    - [Getting started](/reference/starterkits/inertia-react/getting-started): Clone the Inertia + React starter, install Ruby + Node dependencies, point it at a Supabase project, and sign in for the first time.
    - [Project structure](/reference/starterkits/inertia-react/project-structure): A directory-by-directory walkthrough of the Inertia + React starter — app/, config/, supabase/, db/, and spec/ — with extra depth on the React tree under app/javascript/.
    - [Architecture](/reference/starterkits/inertia-react/architecture): The Inertia request lifecycle, the Vite + React frontend layer, shadcn/ui wiring, and the Supabase integration points in the Inertia + React starter.
    - [Customization](/reference/starterkits/inertia-react/customization): Inertia + React recipes for extending the starter — add a new Inertia page, add a shadcn component, and wire a Supabase Realtime channel into a React component.
    - [Deployment](/reference/starterkits/inertia-react/deployment): Production-readiness checklist for the Inertia + React starter — secrets, SSR build flag, database, TLS, cache, health checks, observability.
    - [Troubleshooting](/reference/starterkits/inertia-react/troubleshooting): Most likely first-run failures with the Inertia + React starter — Vite not serving, cookie not set, typed routes stale, shadcn add fails, SSR fallback loops — and how to resolve them.