RLS stands for Row-Level Security. It's a standard security mechanism in Postgres databases. This we'll give you user-level security as well as organizational-level security, etc. Authentication is a core component of Supabase, which is who I use, and I think they're really cost-effective. But the authentication all runs through their systems with RLS securing customer data. This is where I would start. The best thing to do is write down your user hierarchy, thinking of it as: are there different types of users within the organization that should have the data, shouldn't have the data? For all your other user roles, does it have to be segregated by user? The answer is probably yes. Write down the different user roles that you might have: super admin, admin worker, whatever you're going to call them. And then document exactly what you wrote up here and the specific requirements that you want it to secure, just every piece of detail that you can think of. Once you have your structure through the build kit set up you can just take all that information that you wrote up and feed it to the coding agent and ask it to design a system that will be secure. I suggest plan mode in Claude Code because it won't implement anything. It will just design and then discuss the design with you and explain it to you. You will be amazed what you can learn from the AI if you just ask. Just have some sense about you and question things that don't seem right. Those moments are fewer and fewer between as the models get better, though. I know I already told you about the MCP server, but that's one of the things that we're going to offer, and there is a security scan as well. And with what you're doing, if it's something sensitive, particularly as you set up your GitHub pipeline, I always recommend a third-party coding review tool, whether it's GitHub's Copilot, cursors, bug bot, Claude, or Codex. I've used all but GitHub's code pilot. It's a great second line of defense.