LegacyCore + Supabase Integration

The problem

Insurance applications are PII-heavy. Names, dates of birth, banking information, and partial health histories all live in the same record. The data layer needs three things at once: a real relational engine for joins and aggregates, hard isolation so an agent can never accidentally read another agent’s book of business, and a real-time channel so the AI Closer and the NemoClaw portal worker can coordinate to the millisecond on a live call.

How the integration works

Supabase is the entire data plane. Every application, commission record, kill switch, audit log, and AI message flows through a single Postgres database with row-level security enforced on every customer-facing table. Auth uses Supabase Auth cookies, and our server-side helpers always call getUser() instead of getSession() so the middleware reads identity from the cookie chain that survives serverless cold starts. RLS policies are written so an agent only ever reads their own rows, a manager reads their team’s rows, and the admin role reads everything — enforced in the database, not in application code.

Supabase Realtime carries the heartbeat between the AI Closer and NemoClaw. When a verbal close fires, the Closer writes a status update to Postgres; NemoClaw is subscribed to that channel and starts the carrier portal submission inside its persistent Chrome session within a second. The same pattern drives the live-call dashboard, the conservation queue, and the human-agent availability board.

The schema is migrated entirely through versioned SQL files in supabase/migrations with a strict policy that every new table must ship with RLS enabled and at least one policy. Our pre-commit hook regenerates a TypeScript schema catalog and runs a drift checker against the MCP server’s hand-coded column references — which has already saved us from shipping multiple silent column-name bugs that would have manifested as 500s in production.

Why Supabase specifically

Supabase gives us a real Postgres — not a managed flavor that breaks when a migration uses a less-common type — plus auth, realtime, storage, and edge functions in a single coherent platform. The pgvector support powers our message embeddings store. Row-level security is the right architecture for a multi-tenant insurance platform where the cost of a leak is regulatory, not just reputational.

Read the docs

Full Supabase documentation lives at supabase.com/docs. The RLS policy patterns and Realtime channel model we use are both documented there.