public, RLS-enabled, and scoped to auth.uid() = user_id.
profiles
One row per user, created automatically by trigger on signup.
brews
brew_steps
brew_outputs
Append-only history of refinements.
recipes
cellar_entries
Durable memory distilled from finished brews, re-injected into future brew prompts.
cellar_settings
Per-user controls for the Cellar.
brew_shares
Public read-only links for finished brews.
Anonymous read access to a shared brew goes through
supabaseAdmin inside the /api/public/brew/$slug route — there are no anon grants on these tables.
RLS policies
Every table follows the same pattern:brew_steps and brew_outputs join through brews.user_id.