Wacrm uses Supabase as its entire data layer — Postgres for relational data, Auth for user sessions, Storage for media files, and Row Level Security to enforce per-account data isolation. This page walks you through creating a project, pulling the three credentials your app needs, running all 30 migrations, and confirming the storage buckets and pgvector extension are ready.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/ArnasDon/wacrm/llms.txt
Use this file to discover all available pages before exploring further.
Prerequisites
- A Supabase account (the free tier is sufficient to get started)
- Wacrm forked from GitHub and cloned locally
- The Supabase CLI installed (
npm install -g supabase) if you plan to apply migrations via the terminal
Create a new Supabase project
Log in to the Supabase dashboard and click New project. Choose your organisation, pick a region close to your users, set a strong database password, and click Create new project. The project takes about a minute to provision.
Save your database password now — Supabase won’t show it again, and you’ll need it if you ever connect to Postgres directly (e.g.
psql or a migration tool that requires the raw connection string).Copy your API credentials
Once the project is ready, go to Project Settings → API. You need three values:
Copy these into your
| Environment variable | Where to find it |
|---|---|
NEXT_PUBLIC_SUPABASE_URL | Project URL field at the top of the API settings page |
NEXT_PUBLIC_SUPABASE_ANON_KEY | Project API keys → anon public |
SUPABASE_SERVICE_ROLE_KEY | Project API keys → service_role secret |
.env.local file (or your host’s environment variable panel in production):Apply the database migrations
All 30 migrations live in The CLI tracks which migrations have already been applied and only runs new ones on subsequent pushes.Option B — SQL editorOpen the SQL editor in the Supabase dashboard. Open each file from
supabase/migrations/, numbered 001 through 030. You can apply them using the Supabase CLI (recommended) or the SQL editor in the dashboard.Option A — Supabase CLI (recommended)Link your local project to the remote Supabase project, then push all migrations in one command:supabase/migrations/ in order and run it. Migrations must be applied sequentially because later files reference tables and functions created by earlier ones.The migrations are named descriptively so you always know what each one adds:Confirm storage buckets
Two migrations create the Storage buckets Wacrm needs:
- Migration 008 (
008_profile_avatars_storage.sql) — creates theprofile-avatarsbucket for team member profile pictures. - Migration 023 (
023_chat_media.sql) — creates thechat-mediabucket for inbound images, videos, documents, and audio messages received in the inbox.
supabase db push, verify both buckets exist by going to Storage in the Supabase dashboard. You should see profile-avatars and chat-media listed. If they’re missing, re-run those two migrations manually via the SQL editor.Confirm the pgvector extension
Migration 030 (Supabase provides the
030_ai_knowledge.sql) sets up the AI knowledge base and runs:pgvector extension on all plans — it just needs to be enabled. The migration does this automatically. To verify it’s active, open the Database → Extensions page in the Supabase dashboard and confirm vector is enabled, or run:Notable migrations at a glance
The table below highlights the migrations that introduce major product features. You don’t need to run them individually —supabase db push applies all 30 at once — but this gives you a map of when each capability was added.
| Migration | What it adds |
|---|---|
001_initial_schema.sql | Core tables: contacts, conversations, messages, broadcasts, broadcast_recipients, whatsapp_config, pipelines, deals, profiles |
006_automations.sql | Automations engine: automations, automation_steps, automation_executions tables and trigger logic |
010_flows.sql | Visual flow builder: flows, flow_nodes, flow_edges, flow_runs tables |
017_account_sharing.sql | Multi-user team accounts: account_members, invitations, role-based access control (owner / admin / agent / viewer) |
026_api_keys.sql | Public REST API (/api/v1): api_keys table with scoped, revocable keys stored as hashes |
028_webhook_endpoints.sql | Outbound webhooks: webhook_endpoints and webhook_deliveries tables for event fan-out |
029_ai_reply.sql | AI reply assistant configuration: encrypted per-account OpenAI / Anthropic key storage, auto-reply settings |
030_ai_knowledge.sql | AI knowledge base: knowledge_entries table with full-text and optional pgvector semantic search |
Row Level Security
Every table in Wacrm’s schema has Row Level Security enabled. All data is isolated by
account_id — a team member can only read and write rows that belong to their account. The Supabase anon key and the user’s session token operate within these RLS policies.The SUPABASE_SERVICE_ROLE_KEY bypasses RLS entirely and must be kept server-side only. Wacrm only uses it in server-side routes where full cross-account access is required — such as the webhook handler that receives inbound messages before a user session is available.