test(integration): self-create the protect-ci fixture table

[coderdan]

Summary

The integration suites under `packages/{drizzle,protect,stack}` all INSERT into a `protect-ci` table that was previously assumed to exist (originally created by hand on the shared CI Supabase project). On a fresh database — e.g. the new Supabase instance now provisioned for Dependabot CI runs — these suites fail with:

```
PostgresError: relation "protect-ci" does not exist
```

This PR makes the suites self-create their fixture, mirroring the pattern already used in `packages/{protect,stack}/tests/searchable-json-pg.test.ts` for the `protect-ci-jsonb` table.

What changed

Added an idempotent `CREATE TABLE IF NOT EXISTS "protect-ci" (...)` to the `beforeAll` of:

• `packages/drizzle/tests/drizzle.test.ts` — already has a postgres-js connection, so the DDL goes inline.
• `packages/protect/tests/supabase.test.ts` — opens a short-lived postgres-js connection just for the DDL, closes it before tests run via the supabase client.
• `packages/stack/tests/supabase.test.ts` — same pattern as protect/supabase.

The two supabase suites also send `NOTIFY pgrst, 'reload schema'` after the DDL so PostgREST picks up the new table immediately rather than waiting for its polling interval. No-op on plain Postgres.

The two supabase suites now also require `DATABASE_URL` (for the DDL step). The CI workflow already populates it in those packages' `.env` files; local devs running these suites need it set.

Schema

The CREATE TABLE covers the union of every column the three suites read or write:

```sql
CREATE TABLE IF NOT EXISTS "protect-ci" (
id INTEGER PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
email eql_v2_encrypted, -- drizzle suite
age eql_v2_encrypted, -- drizzle + supabase
score eql_v2_encrypted, -- drizzle + supabase
profile eql_v2_encrypted, -- drizzle suite
encrypted eql_v2_encrypted, -- supabase suites
created_at TIMESTAMPTZ DEFAULT NOW(),
test_run_id TEXT
)
```

All encrypted columns are nullable, so each suite only populates the subset it needs.

Out of scope

• The `protect-ci-jsonb` table already self-creates via the searchable-json-pg suites; not touched here.
• Cross-suite consolidation (a shared SQL fixture file) — the per-suite duplication is small and clear; abstraction would mostly add indirection.
• Pre-existing typecheck errors in `encrypt-query-searchable-json.test.ts` and `searchable-json-pg.test.ts` (unrelated to this change).

[changeset-bot]

⚠️ No Changeset found

Latest commit: 5ca5968

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Warning

Rate limit exceeded

@coderdan has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 16 minutes and 4 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e7f751db-5471-4402-8c36-48be6c6e80d4

📥 Commits

Reviewing files that changed from the base of the PR and between 9a37cb4 and 5ca5968.

📒 Files selected for processing (3)

• packages/drizzle/__tests__/drizzle.test.ts
• packages/protect/__tests__/supabase.test.ts
• packages/stack/__tests__/supabase.test.ts

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dan/test-setup-protect-ci-table

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 16 minutes and 4 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}