-- Remove the permissive public INSERT policy
DROP POLICY IF EXISTS "Anyone can insert search logs" ON public.search_logs;

-- Add a restrictive policy that blocks anonymous/authenticated inserts
-- The edge function uses service_role which bypasses RLS entirely
CREATE POLICY "Block direct inserts on search logs"
  ON public.search_logs
  FOR INSERT
  WITH CHECK (false);