Security Panel MVP (#1660)

TODOs:

- [x] Add documentation
- [x] e2e tests: run security review, update knowledge, and fix issue
- [x] more stringent risk rating


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Introduces a new Security mode with a Security Review panel that runs
reviews, edits rules, parses findings via IPC, and supports fixing
issues, with tests and prompt/runtime support.
> 
> - **UI/Preview Panel**:
> - Add `security` preview mode to `previewModeAtom` and ActionHeader
(Shield button).
> - New `SecurityPanel` showing findings table (sorted by severity), run
review, fix issue flow, and edit `SECURITY_RULES.md` dialog.
>   - Wire into `PreviewPanel` content switch.
> - **Hooks**:
>   - `useSecurityReview(appId)`: fetch latest review via IPC.
> - `useStreamChat`: add `onSettled` callback to invoke refreshes after
streams.
> - **IPC/Main**:
> - `security_handlers`: `get-latest-security-review` parses
`<dyad-security-finding>` from latest assistant message.
>   - Register handler in `ipc_host`; expose channel in `preload`.
>   - `ipc_client`: add `getLatestSecurityReview(appId)`.
> - `chat_stream_handlers`: detect `/security-review`, use dedicated
system prompt, optionally append `SECURITY_RULES.md`, suppress
Supabase-not-available note in this mode.
> - **Prompts**:
> - Add `SECURITY_REVIEW_SYSTEM_PROMPT` with structured finding output.
> - **Supabase**:
> - Enhance schema query to include `rls_enabled`, split policy
`using_clause`/`with_check_clause`.
> - **E2E Tests**:
> - New `security_review.spec.ts` plus snapshots and fixture findings;
update test helper for `security` mode and findings table snapshot.
> - Fake LLM server streams security findings for `/security-review` and
increases batch size.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
5022d01e22a2dd929a968eeba0da592e0aeece01. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

src/supabase_admin/supabase_schema_query.ts

@@ -3,12 +3,14 @@
 // https://github.com/jjleng/code-panda/blob/61f1fa514c647de1a8d2ad7f85102d49c6db2086/LICENSE
 
 export const SUPABASE_SCHEMA_QUERY = `
-          WITH table_info AS (
+        WITH table_info AS (
             SELECT
                 tables.table_name,
-                pd.description as table_description
+                pd.description as table_description,
+                cls.relrowsecurity as rls_enabled
             FROM information_schema.tables tables
             LEFT JOIN pg_stat_user_tables psut ON tables.table_name = psut.relname
+            LEFT JOIN pg_class cls ON psut.relid = cls.oid
             LEFT JOIN pg_description pd ON psut.relid = pd.objoid AND pd.objsubid = 0
             WHERE tables.table_schema = 'public'
         ),
@@ -33,6 +35,7 @@ export const SUPABASE_SCHEMA_QUERY = `
                 jsonb_build_object(
                     'name', ti.table_name::text,
                     'description', ti.table_description::text,
+                    'rls_enabled', ti.rls_enabled,
                     'columns', COALESCE(ci.columns, '[]'::jsonb)
                 )::text as data
             FROM table_info ti
@@ -52,7 +55,8 @@ export const SUPABASE_SCHEMA_QUERY = `
                         ELSE pol.polcmd::text
                     END,
                     'permissive', pol.polpermissive,
-                    'definition', pg_get_expr(pol.polqual, pol.polrelid)::text
+                    'using_clause', pg_get_expr(pol.polqual, pol.polrelid)::text,
+                    'with_check_clause', pg_get_expr(pol.polwithcheck, pol.polrelid)::text
                 )::text as data
             FROM pg_policy pol
             JOIN pg_class cls ON pol.polrelid = cls.oid
@@ -103,5 +107,4 @@ export const SUPABASE_SCHEMA_QUERY = `
             UNION ALL SELECT * FROM triggers_result
         ) combined_results
         ORDER BY result_type;
-
 `;