I am building a web app using Supabase (Auth + Postgres + RLS) with a custom frontend. The goal is to stabilize the RLS, authentication, and onboarding processes to ensure seamless functionality. Key tasks include: - Ensuring profile auto-creation upon signup via Postgres trigger on `auth.users`. - Fixing issues with Steps 2–5 of onboarding to ensure they are UPDATE-only operations. - Resolving login/logout/reset password inconsistencies. Important Rules (Non-Negotiable): 1. The frontend must never insert into `public.profiles`. 2. Profiles must be auto-created via a Postgres trigger on `auth.users`. 3. All onboarding steps after signup must be UPDATE-only operations. 4. RLS must remain enabled and respected; no service role should be used on the frontend. Database Requirements: - `public.profiles` has RLS enabled with the following policies: • SELECT: Users can read their own profile; admins can read all profiles. • UPDATE: Users can update their own profile; admins can update all profiles. • INSERT: Allowed only for own ID (trigger handles creation). - Admin detection is handled via a SECURITY DEFINER function `is_admin()`. Problems to Verify/Fix: - Step 2 occasionally fails due to accidental frontend insertion/upsertion issues. - Login intermittently shows “Invalid credentials.” - Forgot-password flow is not wired correctly. - Password validation inconsistencies likely caused by frontend regex.