0002 — Supabase Auth, not Clerk

• Date: 2026-04-30
• Status: Accepted

Context

We need auth, workspace membership, and role-based UI gating. Supabase is already our DB and Realtime layer; Clerk is the obvious off-the-shelf alternative.

Decision

Use Supabase Auth. Initial providers: Google, email + password, magic link. Add more providers as needed (GitHub likely next, for repo-connected agents).

Alternatives considered

• Clerk. Free org/role UI out of the box, sturdier user-management surface. Tradeoff: a second source of identity to keep in sync with our members table; we'd be paying for UI we'd partially rebuild anyway.
• NextAuth + custom. Lower cost, but more code to own and no advantage we'd actually use.

Consequences

• All RLS policies key off auth.uid() joining members.user_id. One identity surface.
• We build the org/member-management UI ourselves. That's fine — it's a small surface and we want it to look like the rest of Clip.
• Auth identity (auth.users) and workspace identity (members) are distinct on purpose. A user with no membership is logged in but lands on /onboarding.