About this demo

This is a portfolio demonstration. Do not use it for production data.

Cinderblock is a forkable Supabase + Next.js multi-tenant SaaS starter built by Philip Rehberger as a calling card for Supabase work. The pitch in one line: most Supabase multi-tenant deliveries leak; this one has tests that prove it doesn't.

What this demo is

• A live, signed-up-able SaaS surface so you can click around and feel the tenant boundary hold.
• A pgtap suite (74 tests) you can clone and run locally — green output in under a second once Postgres is warm.
• A forkable repo. If you want to use this as the skeleton for your own Supabase SaaS, click "Use this template" on GitHub.

What this demo is not

• A product. The Tasks surface is foreground — the security boundary is the actual deliverable.
• A security audit. See Disclaimer for the specific framing the test suite makes.
• SOC2-attested. See Compliance posture for what an engagement-level deliverable would add.

Cost framing

The demo runs on Supabase Cloud (Pro plan, $25/mo) with auto-pause disabled. If traffic spikes, the project overages into paid — it doesn't pause. A paused demo means a prospect's sign-up flow breaks, which destroys the pitch.

Hire me

If you're reading this because you've seen a Supabase RLS leak in production, or you're converting a single-tenant app to multi-tenant and don't want to leak, get in touch. The shape of work this demo sells:

• Supabase + Next.js multi-tenant SaaS builds ($8k–25k)
• Single-to-multi-tenant conversions ($15k–40k)
• RLS audits — fixed-fee for the audit, hourly for fixes ($3k–8k)