RLS stops working after opening the module dashboard on spacetimedb.com

[alexanderbh]

I know it sounds weird. But someone please try to reproduce. It only happens on maincloud.

Report on discord for more context:
https://discord.com/channels/1037340874172014652/1382341536057921627

Setup

✗ spacetime --version
spacetime Path: /Users/.../.local/share/spacetime/bin/current/spacetimedb-cli
Commit: b5a698fc74d7bd1f17b88466b7020078af28ade4
spacetimedb tool version 1.1.2; spacetimedb-lib version 1.1.2;

#[table(name = account, public)]
pub struct Account {
    #[primary_key]
    pub identity: Identity,
    #[unique]
    #[index(btree)]
    pub name: String,
    pub online: bool,
}

#[client_visibility_filter]
const ACCOUNT_FILTER: Filter = Filter::Sql("SELECT * FROM account WHERE identity = :sender");

RLS is applied

✗ spacetime sql null-channel "SELECT * FROM st_row_level_security"
WARNING: This command is UNSTABLE and subject to breaking changes.

 table_id | sql
----------+--------------------------------------------------
 4097     | "SELECT * FROM account WHERE identity = :sender"

The table_id is correct.

To reproduce

1. Publish new module on maincloud
2. RLS works great
   • spacetime subscribe --print-initial-update --anonymous null-channel "SELECT * FROM account" only shows :sender
3. Refresh spacetimedb.com dashboard for the module
4. Now RLS is broken for all clients
   • spacetime subscribe --print-initial-update --anonymous null-channel "SELECT * FROM account" now returns the entire table

Video reproduction

Screen.Recording.2025-06-11.at.17.09.47.mov

Cli reproduction

➜ spacetime subscribe --print-initial-update --anonymous null-channel "SELECT * FROM account"
WARNING: This command is UNSTABLE and subject to breaking changes.

{"account":{"deletes":[],"inserts":[{"identity":{"__identity__":"0xc200cf1653de143473d41f83ebe3d3fe0e8d75302fe03becb8dfa8720a6705b9"},"name":"Player_1","online":true}]}}
^C
➜  spacetime subscribe --print-initial-update --anonymous null-channel "SELECT * FROM account"
WARNING: This command is UNSTABLE and subject to breaking changes.

{"account":{"deletes":[],"inserts":[{"identity":{"__identity__":"0xc20013f5543767be63d0c522750a93ce55b8c93ec131cbb07987a53e72571229"},"name":"Player_2","online":true}]}}
^C

// HERE I REFRESH THE MODULE DASHBOARD

➜  spacetime subscribe --print-initial-update --anonymous null-channel "SELECT * FROM account"
WARNING: This command is UNSTABLE and subject to breaking changes.

{"account":{"deletes":[],"inserts":[{"identity":{"__identity__":"0xc200cf1653de143473d41f83ebe3d3fe0e8d75302fe03becb8dfa8720a6705b9"},"name":"Player_1","online":false},{"identity":{"__identity__":"0xc20013f5543767be63d0c522750a93ce55b8c93ec131cbb07987a53e72571229"},"name":"Player_2","online":false},{"identity":{"__identity__":"0xc2007102f722fad8c87a75148fc1975ff2a0d23baa70f45620664de75e646bd5"},"name":"Player_3","online":true},{"identity":{"__identity__":"0xc200e84a5c748ac63db9f6fa24b11efa2b86d7dccaf74357e371e37cd36306ef"},"name":"Player_4","online":true}]}}

Module logs (not interesting)

2025-06-11 17:26:23 INFO:  [spacetimedb] Creating table `account`
2025-06-11 17:26:23 INFO:  [spacetimedb] Creating table `account_name_counter`
2025-06-11 17:26:23 INFO:  [spacetimedb] Creating row level security `SELECT * FROM account WHERE identity = :sender`
2025-06-11 17:26:23 INFO:  [spacetimedb] Database initialized

[bfops]

Thank you for the detailed report! We're looking into it 🙂