Supabase vs Buildkite
Side-by-side trajectory, velocity, and editorial themes.
Supabase is reversing its biggest security default - public-schema tables no longer auto-exposed via PostgREST.
The headline shipping move is a deliberate change to Supabase's security posture: new projects can opt out of automatic Data API and GraphQL exposure for public-schema tables, with broader defaults flipping in May. Around it: an OAuth 2.1 compliance fix, an RLS Tester preview to make policy verification possible from the UI, and a steady drumbeat of platform improvements summarized in the monthly developer update.
Supabase is rebuilding the security defaults that made it fast to start with but easy to misconfigure. Combine the no-auto-expose change with the RLS Tester preview and the direction is clear: the platform is moving from convention-based exposure to explicit, testable access control. The OAuth compliance fix and developer updates suggest steady investment in standards conformance rather than new product surface this window.
Expect the no-auto-expose default to apply to existing projects (with a long opt-out runway), and the RLS Tester to graduate from preview into the dashboard as a first-class panel. Continued breaking-change drumbeat tied to OAuth/OIDC compliance is likely.
AI-agent skills and OAuth Token Exchange land — Buildkite is courting both Claude/Cursor users and security teams.
Buildkite is shipping in two strong directions at once. On platform/security: OAuth 2.0 Token Exchange (RFC 8693) replaces long-lived API tokens with IdP-minted short-lived ones, and per-user API rate limits stop one runaway script from starving an org's quota. On surface area: official Buildkite skills for Claude Code, Cursor and similar AI coding agents teach agents how to use the platform, plus broader GitHub event triggers for incremental Actions migration. Smaller UX work (new build page list view, queue search, cluster sort) rounds out a heavy ship cadence.
Two arcs are converging: lowering the on-ramp for teams migrating off GitHub Actions (more triggers, agent-friendly skills, cleaner UI) and meeting the security posture larger customers ask for in procurement (short-lived tokens, scoped per-user limits). The agent-skills release in particular signals Buildkite expects pipeline configuration to increasingly be authored or modified by AI agents, and is moving to teach them in Buildkite's own voice.
Expect more skills coverage across specific Buildkite features (dynamic pipelines, OIDC federation patterns) and follow-on auth work — OIDC-based agent authentication, finer scopes on exchanged tokens. The GitHub Actions migration push will likely add equivalents for less common triggers (deployments, workflow_dispatch) to remove remaining excuses to stay.
See more alternatives to Supabase →
See more alternatives to Buildkite →