The team setup is always the same: CEO uses Claude and ships features insanely fast, software engineer tries to keep up, security tests get skipped. Not on purpose, it's just the excitement.

I spent 3 years in my agency cleaning up after this (hydrapatch.io). Same RLS misconfigurations, same exposed API keys, same public storage buckets etc., different client every time. At some point I just started saving every fix and boom done.

Eventually I turned it into a tool. You paste your repo, it scans your Supabase setup, and if something's wrong it writes the migration file for you. One command to apply it.

Ran it on 53 apps last week. 48 came back with something critical. None of the founders had any idea. The scan and fix are free — I don't think you should pay to find out your house is on fire.

tryargus.dev — curious if anyone else here has run into this pattern on their team.