Tigris vs Supabase
Side-by-side trajectory, velocity, and editorial themes.
Tigris turns its object store into agent infrastructure with Agent Kit, agent-shell, and durable global streams.
Tigris's release stream is a sustained product-marketing push around AI-agent storage primitives. Agent Kit landed as a TypeScript SDK exposing bucket forks, workspaces, checkpoints, and event coordination. agent-shell put a virtual bash environment with persistent storage in front of those primitives. Durable global streams via S2 Lite extended the object store into a streaming substrate suitable for per-agent reasoning traces. Around the launches, case studies and tutorials (Basic Memory, the $10 self-updating knowledge base) make the pitch concrete.
Tigris is staking a position that the right substrate for AI agents is not a database, vector store, or queue — it is a globally-distributed, fork-able object store. Each blog and SDK in this batch reinforces that thesis from a different angle: storage as message queue, fork-per-agent sandboxing, storage-protected agent containment, streams for reasoning traces. The competitive map being drawn includes R2, S3 Express, Backblaze, and the agent-runtime vendors (Modal, E2B), not other databases.
Expect a managed Vector or Lance-index surface on top of buckets to compete more directly with Turbopuffer and Pinecone, and a Python counterpart to the @tigrisdata/agent-shell TypeScript runtime to widen the agent-developer surface area.
Supabase is reversing its biggest security default - public-schema tables no longer auto-exposed via PostgREST.
The headline shipping move is a deliberate change to Supabase's security posture: new projects can opt out of automatic Data API and GraphQL exposure for public-schema tables, with broader defaults flipping in May. Around it: an OAuth 2.1 compliance fix, an RLS Tester preview to make policy verification possible from the UI, and a steady drumbeat of platform improvements summarized in the monthly developer update.
Supabase is rebuilding the security defaults that made it fast to start with but easy to misconfigure. Combine the no-auto-expose change with the RLS Tester preview and the direction is clear: the platform is moving from convention-based exposure to explicit, testable access control. The OAuth compliance fix and developer updates suggest steady investment in standards conformance rather than new product surface this window.
Expect the no-auto-expose default to apply to existing projects (with a long opt-out runway), and the RLS Tester to graduate from preview into the dashboard as a first-class panel. Continued breaking-change drumbeat tied to OAuth/OIDC compliance is likely.
See more alternatives to Tigris →
See more alternatives to Supabase →