Loop x WorkOS: A New Foundation

Dec 9, 2025

Update 2.1

Refined. Robust. Ready.

This update is the most important leap forward since Loop began. We focused on what powers everything behind the scenes: security, performance, data integrity, and rock-solid stability — all to make Loop faster, safer, and enterprise-ready.

Core Stability

  • Zero-Tolerance Typing: Over 100 TypeScript inconsistencies eliminated. The codebase is now strict, predictable, and highly reliable.

  • Seamless Authentication: Complete migration from Clerk to WorkOS. Faster sign-in, fewer failures, and enterprise-grade auth across the platform.

  • Onboarding Reinvented: WorkOS users now flow cleanly through signup → onboarding → dashboard without breaks.

  • Database Synchronization: Every schema, relationship, and reference now matches perfectly between app and database.

Performance

  • Optimized Preflight: Deployment checks now pass with 0 errors and 0 warnings.

  • Faster Builds: Removed dead dependencies and old code paths for leaner bundles.

  • Database Performance: Strategic indexes improve query performance across stats, widgets, and user lookups.

Polish

  • UI Fixes: Profile + Settings layouts cleaned up for consistency across devices.

  • Unified Contexts: Refactored user state handling for instant page updates and fewer re-renders.

  • Avatar Overhaul: Dual-avatar support (personal/work) added, including automatic mode switching.

Security & Infrastructure

  • RLS Enforcement: Role Level Security is now enabled and locked down across 10+ tables.

  • Function Hardening: 50+ functions updated to use a safe search_path to eliminate injection risk.

  • Data Protection: Auditor tables (audit_logs, webhook_logs, deletion_audit) now follow strict access rules.

  • Verification System: Users now support 3 states — NONE, BASIC, and VERIFIED.

New Core Systems

  • Accounts Ledger: A new accounts structure powering secure org, user, and anonymized ledger identities.

  • Task Integrity Levels: Tasks now support Low / Medium / High integrity checks.

  • Calendar + Boards: Early support landed for time-off requests and internal board posts.

Technical Details (for developers)

Security & RLS

  • Enabled RLS on: audit_logs, webhook_logs, webhook_test_logs, beta_codes, achievement_followings, deletion_audit, team_invites, user_achievements, user_daily_stats, user_tool_usage, permissions, role_permissions, roles, suppliers

  • Added RLS policies for all newly enabled tables

  • Optimized RLS policies to eliminate auth_rls_initplan warnings by wrapping auth.uid(), auth.jwt(), and current_setting() in subqueries

  • Set search_path = ‘’ on 50+ public functions to prevent search_path injection vulnerabilities

Performance Optimizations

  • Added composite indexes for user search queries 

    (idx_user_profiles_search_active_public, idx_user_profiles_display_name_search)

  • Added indexes for user_daily_stats, user_widgets, user_widget_layouts

  • Created 45 new foreign key indexes across core tables

  • Dropped 141 unused indexes identified by Supabase Performance Advisor

  • Consolidated multiple permissive RLS policies into single optimized policies

WorkOS Migration

  • Migrated clerk_id to workos_user_id across user_profiles, accounts, and organizations

  • Updated all RLS policies to reference workos_user_id instead of clerk_id

  • Added onboarding_complete column with full WorkOS integration

  • Created new accounts table to support stable ledger identity and WorkOS user mapping

New Features

  • Avatar system: Added avatar_mode, personal_avatar_url, and work_avatar_url fields

  • Calendar & Boards: Created time_off_requests and board_posts tables

  • Verification tiers: Added verification_tier with states NONE, BASIC, VERIFIED

  • Task integrity model: Added LOW, MEDIUM, HIGH levels

  • Accounts table: Introduced stable UUID identity structure with anonymization support

Schema Fixes

  • Updated user_id type from UUID to TEXT for WorkOS compatibility

  • Added public_id to support stable USER-XXXXXXXX identifiers

  • Added timezone column with detection support

  • Added status fields: is_profile_public, is_account_active, account_deleted_at

Code Quality Improvements

  • Fixed more than 100 TypeScript type inconsistencies

  • Removed all Clerk-related code and dependencies

  • Updated all authentication flows to use WorkOS AuthKit

  • Refactored user context management for consistent state across the app

Query Performance

  • Achieved a 100% database cache hit rate

  • Identified 38 slow queries (mostly internal Supabase processes, not user-facing)

  • Optimized all application queries through indexing and RLS policy improvements

Available now on loop.opaius.com

Get Opaius Updates

© 2025 Opaius. All rights reserved. Part of Motivus Holdings Inc.

Get Opaius Updates

© 2025 Opaius. All rights reserved. Part of Motivus Holdings Inc.

Get Opaius Updates

© 2025 Opaius. All rights reserved. Part of Motivus Holdings Inc.