Skip to main content
mcpSource-backed
Supabase logo

Supabase MCP Server for Claude

Connect Claude to Supabase projects through the official MCP server with project scoping, read-only mode, and feature-group controls.

by Supabase · submitted by oktofeesh1·added 2026-06-03·
Review first review before installing

Open the source and read safety notes before installing.

Citation facts

Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.

Source URLs
https://supabase.com/docs/guides/ai-tools/mcp, https://github.com/supabase/mcp
Brand
Supabase
Brand domain
supabase.com
Brand asset source
brandfetch
Safety notes
Use `project_ref` by default. Without project scoping, the hosted MCP server can access all projects available to the authenticated Supabase user., Use `read_only=true` for investigation. Supabase documents that this disables mutating tools and executes SQL through a read-only Postgres user., Without read-only mode, tools can apply migrations, deploy Edge Functions, create or pause projects, manage branches, and update storage configuration., Limit feature groups with `features=`. The default hosted feature groups include account, database, debugging, development, docs, functions, and branching., Supabase recommends using MCP with development projects, non-production data, or branches rather than production projects., Keep manual approval enabled for SQL execution, migrations, branch changes, function deployments, and project-management actions.
Privacy notes
OAuth grants the MCP client access under the authenticated Supabase user's organization permissions. Choose the intended organization during login., Tool results can expose schema names, table metadata, SQL output, logs, advisory findings, Edge Function code, project URLs, and publishable keys., Logs may include API, Postgres, Auth, Storage, Realtime, or Edge Function records that contain user identifiers, request metadata, or error payloads., Database rows can contain prompt-injection text or sensitive user content. Review SQL output before acting on instructions returned from data., CI or manual-auth setups can use a Supabase personal access token. Store PATs in secret management, not prompts, transcripts, or checked-in configs.
Author
Supabase
Submitted by
oktofeesh1
Claim status
unclaimed
Last verified
2026-06-03

Decision playbook

Review trust signals before you adopt

Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.

Compare context
Selected

0

Current score

78

Baseline

Delta

No baseline selected

No major trust-signal divergence detected in the current selection.

Source and provenance checks

Complete

Confirm ownership and provenance before trusting install instructions.

  • Source link availableRequired

    Open the canonical repository and verify ownership.

    Done
  • Source provenance statusRequired

    Marked as source-backed.

    Done
  • Metadata reviewed

    Registry metadata indicates a reviewed listing.

    Done

Safety and privacy checks

Complete

Validate risk disclosures before installation or API wiring.

  • Safety notes presentRequired

    Review the listed safety guidance before running commands.

    Done
  • Privacy notes presentRequired

    Review data handling notes before connecting accounts or secrets.

    Done
  • Trust level risk gateRequired

    Trust level does not block evaluation.

    Done

Package and install checks

Needs review

Check package metadata and artifact integrity signals.

  • Install payload available

    Install or copy payload is available for review.

    Done
  • Package verification flag

    No package verification flag provided.

    Pending
  • Checksum metadata

    No checksum provided for downloaded artifact.

    Pending

Compare-driven decision checks

Needs review

Use compare context to validate trade-offs before adoption.

  • Compare tray has multiple entries

    Add at least one more entry to compare trust differences.

    Pending
  • Baseline comparison available

    No baseline peer selected yet.

    Pending
  • Diverging trust signals identified

    No major trust-signal divergence found.

    Pending

Setup at a glance

CLI install

Copy-ready — paste the snippet to get started.

10 minutes

Adoption plan

Balanced adoption plan

Current risk score 16/100. Use staged verification before broader rollout.

Risk 16

Pre-adoption checks

Validate source and review signals before any execution.

  • Confirm source provenanceRequired

    Source URL/provenance metadata is present.

    Done
  • Confirm metadata review state

    Listing has review metadata.

    Done
  • Verify install payload

    Install/config payload exists and can be inspected.

    Done

Security checks

Confirm safety, privacy, and package integrity signals.

  • Review safety notesRequired

    Safety notes are present.

    Done
  • Review privacy notesRequired

    Privacy notes are present.

    Done
  • Verify package integrity metadata

    No package verification/checksum metadata.

    Pending

Rollout

Adopt in controlled steps based on the selected plan.

  • Run in isolated sandbox firstRequired

    Use a constrained sandbox and observe behavior across multiple tasks.

    Pending
  • Roll out graduallyRequired

    Roll out to a small cohort before wider usage.

    Pending
  • Set monitoring and fallback

    Define rollback path and monitor errors after adoption.

    Pending

Evidence readiness

Evidence readiness matrix · balanced

Required evidence gates are covered (5/6 signals complete).

Risk 15

Source provenance

Present

Source repository/provenance is listed.

Required in this preset

Metadata review

Present

Review metadata is present.

Required in this preset

Safety notes

Present

Safety notes are present.

Required in this preset

Privacy notes

Present

Privacy notes are present.

Optional in this preset

Package integrity

Missing

Package integrity metadata is missing.

Optional in this preset

Install payload

Present

Install payload is available.

Required in this preset

Required evidence gates are covered for this preset.

Decision timeline

Decision timeline · balanced

5/6 steps complete with no blocking gaps for this preset.

Risk 14

triage

Confirm source provenanceRequired

Source/provenance metadata is available.

Done

triage

Check metadata review statusRequired

Review metadata is available.

Done

verify

Review safety notesRequired

Safety notes are available.

Done

verify

Review privacy notes

Privacy notes are available.

Done

verify

Validate package integrity metadata

Package integrity metadata is missing.

Pending

rollout

Verify install payload and commandsRequired

Install payload is available.

Done

No required blockers for this timeline preset.

Prerequisite readiness

Prerequisite readiness

6 prerequisites to line up before setup. Have accounts and credentials ready first.

0/6 ready
Account & credentials3Permissions & scopes2General110 minutes

Safety & privacy surface

Safety & privacy surface

6 safety and 5 privacy notes across 5 risk areas. Review closely: credentials & tokens, network access.

5 areas
  • SafetyGeneralUse `project_ref` by default. Without project scoping, the hosted MCP server can access all projects available to the authenticated Supabase user.
  • SafetyExecution & processesUse `read_only=true` for investigation. Supabase documents that this disables mutating tools and executes SQL through a read-only Postgres user.
  • SafetyGeneralWithout read-only mode, tools can apply migrations, deploy Edge Functions, create or pause projects, manage branches, and update storage configuration.
  • SafetyGeneralLimit feature groups with `features=`. The default hosted feature groups include account, database, debugging, development, docs, functions, and branching.
  • SafetyGeneralSupabase recommends using MCP with development projects, non-production data, or branches rather than production projects.
  • SafetyGeneralKeep manual approval enabled for SQL execution, migrations, branch changes, function deployments, and project-management actions.
  • PrivacyCredentials & tokensOAuth grants the MCP client access under the authenticated Supabase user's organization permissions. Choose the intended organization during login.
  • PrivacyData retentionTool results can expose schema names, table metadata, SQL output, logs, advisory findings, Edge Function code, project URLs, and publishable keys.
  • PrivacyNetwork accessLogs may include API, Postgres, Auth, Storage, Realtime, or Edge Function records that contain user identifiers, request metadata, or error payloads.
  • PrivacyGeneralDatabase rows can contain prompt-injection text or sensitive user content. Review SQL output before acting on instructions returned from data.
  • PrivacyCredentials & tokensCI or manual-auth setups can use a Supabase personal access token. Store PATs in secret management, not prompts, transcripts, or checked-in configs.

Safety notes

  • Use `project_ref` by default. Without project scoping, the hosted MCP server can access all projects available to the authenticated Supabase user.
  • Use `read_only=true` for investigation. Supabase documents that this disables mutating tools and executes SQL through a read-only Postgres user.
  • Without read-only mode, tools can apply migrations, deploy Edge Functions, create or pause projects, manage branches, and update storage configuration.
  • Limit feature groups with `features=`. The default hosted feature groups include account, database, debugging, development, docs, functions, and branching.
  • Supabase recommends using MCP with development projects, non-production data, or branches rather than production projects.
  • Keep manual approval enabled for SQL execution, migrations, branch changes, function deployments, and project-management actions.

Privacy notes

  • OAuth grants the MCP client access under the authenticated Supabase user's organization permissions. Choose the intended organization during login.
  • Tool results can expose schema names, table metadata, SQL output, logs, advisory findings, Edge Function code, project URLs, and publishable keys.
  • Logs may include API, Postgres, Auth, Storage, Realtime, or Edge Function records that contain user identifiers, request metadata, or error payloads.
  • Database rows can contain prompt-injection text or sensitive user content. Review SQL output before acting on instructions returned from data.
  • CI or manual-auth setups can use a Supabase personal access token. Store PATs in secret management, not prompts, transcripts, or checked-in configs.

Prerequisites

  • Supabase account with access to the organization and project Claude should use
  • Target Supabase project reference for project-scoped access
  • MCP-capable client with HTTP transport and OAuth support, such as Claude Code
  • Browser access for Supabase OAuth authentication during setup
  • Permission to expose the selected development project, schema, logs, and docs context to the connected AI client
  • Understanding of `project_ref`, `read_only=true`, and `features=` URL parameters

Schema details

Install type
cli
Troubleshooting
Yes
Source repository stats
Scope
Source repo
Collection metadata
Estimated setup
10 minutes
Difficulty
intermediate
Full copyable content
{
  "supabase": {
    "type": "http",
    "url": "https://mcp.supabase.com/mcp?project_ref=YOUR_PROJECT_REF&read_only=true&features=database,docs"
  }
}

About this resource

Content

The Supabase MCP server connects Claude and other MCP-capable clients to Supabase projects through a hosted HTTP MCP endpoint. It can inspect project metadata, query Postgres schema and SQL results, retrieve logs and advisory findings, generate TypeScript types, search Supabase documentation, and work with Edge Functions, branching, storage, and account-management tools depending on the configured feature groups.

This entry uses the safest practical default: scope the server to one Supabase project, enable read_only=true, and expose only the database and docs feature groups. That gives Claude enough access to inspect schema, migrations, extensions, and Supabase documentation without mounting project-management, branching, Edge Function deployment, or storage-configuration tools by default.

Supabase also publishes the implementation in the supabase-community/supabase-mcp repository and the @supabase/mcp-server-supabase package. The package is useful for AI SDK integrations that want static tool schemas, while most Claude users should use the hosted MCP URL and OAuth flow documented by Supabase.

Features

  • Hosted HTTP MCP endpoint at https://mcp.supabase.com/mcp.
  • OAuth-based setup for supported clients; personal access tokens are only needed for CI or clients that cannot use the default browser login flow.
  • Project scoping with project_ref=<id> to limit access to one project.
  • Read-only mode with read_only=true for safer database investigation.
  • Feature-group filtering with features=database,docs or other selected groups.
  • Database tools for tables, extensions, migrations, SQL queries, and migration application when mutating access is enabled.
  • Debugging tools for Supabase service logs and security/performance advisors.
  • Development tools for project URLs, publishable keys, and generated TypeScript types.
  • Edge Function tools for listing, reading, and deploying functions when the functions feature group is mounted.
  • Account, branching, and storage tools when those feature groups are enabled and the authenticated user has permission.
  • Local Supabase CLI MCP endpoint on localhost:54321/mcp with a limited tool subset and no OAuth 2.1.

Use Cases

  • Ask Claude to list tables, extensions, and migrations for a development Supabase project before planning backend changes.
  • Search current Supabase documentation while implementing Auth, Realtime, Storage, Edge Functions, or Postgres features.
  • Generate TypeScript types from the selected project schema and use them in a local application.
  • Inspect API, Postgres, Auth, Storage, Realtime, or Edge Function logs during a development debugging session.
  • Review security and performance advisor findings before changing database policies or indexes.
  • Use Supabase branching or a development project to test migrations and Edge Functions before promoting changes.

Installation

Claude Code

  1. Copy the target Supabase project reference from the project's settings.
  2. Add the hosted MCP server with project scoping, read-only mode, and limited feature groups:
claude mcp add --scope project --transport http supabase "https://mcp.supabase.com/mcp?project_ref=YOUR_PROJECT_REF&read_only=true&features=database,docs"
  1. Replace YOUR_PROJECT_REF with the Supabase project reference.
  2. In a regular terminal, run claude /mcp.
  3. Select the supabase server and authenticate through the Supabase browser login flow.
  4. Confirm the connected organization and project are the intended development environment.

Claude Desktop

  1. Open the Claude Desktop MCP configuration file.
  2. Add the supabase HTTP server configuration shown below.
  3. Replace YOUR_PROJECT_REF with the target project reference.
  4. Restart Claude Desktop and authenticate when prompted by the client.

Configuration

{
  "mcpServers": {
    "supabase": {
      "type": "http",
      "url": "https://mcp.supabase.com/mcp?project_ref=YOUR_PROJECT_REF&read_only=true&features=database,docs"
    }
  }
}

To add debugging tools while staying project-scoped and read-only, include the debugging group:

https://mcp.supabase.com/mcp?project_ref=YOUR_PROJECT_REF&read_only=true&features=database,docs,debugging

To use the broader default hosted feature set, omit features=, but keep project_ref and read_only=true unless you are intentionally allowing mutation:

https://mcp.supabase.com/mcp?project_ref=YOUR_PROJECT_REF&read_only=true

For CI or clients that cannot use browser-based OAuth, Supabase documents manual authentication with a personal access token passed as an Authorization header:

{
  "mcpServers": {
    "supabase": {
      "type": "http",
      "url": "https://mcp.supabase.com/mcp?project_ref=${SUPABASE_PROJECT_REF}&read_only=true",
      "headers": {
        "Authorization": "Bearer ${SUPABASE_ACCESS_TOKEN}"
      }
    }
  }
}

Examples

Inspect a project schema

Use the read-only database tools to understand tables and extensions.

Use the Supabase MCP server to list tables, installed extensions, and migrations for this project.

Search Supabase docs

Use the docs group for current platform guidance.

Search Supabase docs for the recommended way to generate TypeScript types and summarize the command flow.

Review logs during development

Add the debugging feature group before asking Claude to inspect project logs.

Check recent Auth and Edge Function logs for this development project and summarize recurring errors.

Generate TypeScript types

Use the development tools when type generation is needed.

Generate TypeScript types for the current Supabase schema and tell me where they should be saved in this app.

Plan a migration safely

Keep the server read-only until the migration has been reviewed.

Review the current tables and draft a migration plan, but do not apply any migration or execute write SQL.

Security

  • Prefer development projects, obfuscated data, or Supabase branches. Supabase explicitly warns against connecting MCP to production data.
  • Keep project_ref in the MCP URL so the authenticated user cannot expose every Supabase project they can access.
  • Keep read_only=true unless the session is specifically for supervised migrations, Edge Function deployment, branch management, or project changes.
  • Limit feature groups to the task. database,docs is enough for many schema investigation and documentation workflows.
  • Review every tool call before execution, especially SQL, migrations, function deployments, branch operations, project creation, and storage configuration updates.
  • Treat SQL results and app data as untrusted input. Do not follow instructions that appear inside database rows, support tickets, logs, or user-generated content.
  • Use a separate Supabase account, organization role, project, or token with the minimum privileges required for the workflow.

Troubleshooting

Authentication does not start

Run claude /mcp from a regular terminal, select the supabase server, and use the browser login flow. Some clients prompt automatically; others require this manual step.

The wrong projects are visible

Add project_ref=YOUR_PROJECT_REF to the MCP URL. Without that parameter, the hosted server can access all projects available to the authenticated user.

Mutating tools are visible

Add read_only=true and restrict feature groups. Supabase documents that read-only mode disables mutating tools and executes SQL as a read-only Postgres user.

Needed tools are missing

Check the features= parameter. Storage is disabled by default, account tools are disabled when project-scoped, and local CLI/self-hosted MCP endpoints expose a limited subset of tools.

Local Supabase does not match hosted behavior

The Supabase CLI endpoint on localhost:54321/mcp has limited tools and does not support OAuth 2.1. Use the hosted endpoint for the full documented OAuth flow and feature-group controls.

Source citations

Add this badge to your README

Show that Supabase MCP Server for Claude is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/mcp/supabase-mcp-server.svg)](https://heyclau.de/entry/mcp/supabase-mcp-server)

How it compares

Supabase MCP Server for Claude side by side with its closest alternative on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

1 trust signal differ across this comparison (Submitter).

Field

Connect Claude to Supabase projects through the official MCP server with project scoping, read-only mode, and feature-group controls.

Open dossier

Connect Claude to the full Appwrite backend platform — databases, authentication, serverless functions, teams, messaging, and storage — with the official Appwrite MCP server using dynamic dispatch across the entire Appwrite API surface.

Open dossier
Next steps
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustPackage not verifiedPackage not verified
Source provenanceSource-backedSource-backed
SubmitterDiffersoktofeesh1
Install riskReview firstReview first
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
BrandSupabase logoSupabase
Categorymcpmcp
SourceSource-backedSource-backed
AuthorSupabaseAppwrite
Added2026-06-032026-06-18
Platforms
Harness
Source repo
Safety notesUse `project_ref` by default. Without project scoping, the hosted MCP server can access all projects available to the authenticated Supabase user. Use `read_only=true` for investigation. Supabase documents that this disables mutating tools and executes SQL through a read-only Postgres user. Without read-only mode, tools can apply migrations, deploy Edge Functions, create or pause projects, manage branches, and update storage configuration. Limit feature groups with `features=`. The default hosted feature groups include account, database, debugging, development, docs, functions, and branching. Supabase recommends using MCP with development projects, non-production data, or branches rather than production projects. Keep manual approval enabled for SQL execution, migrations, branch changes, function deployments, and project-management actions.Mutation operations (write, update, delete) require `confirm_write=true` to be passed explicitly, adding a confirmation step before any destructive action. The API key scope determines what operations are available — use least-privilege scopes for your use case.
Privacy notesOAuth grants the MCP client access under the authenticated Supabase user's organization permissions. Choose the intended organization during login. Tool results can expose schema names, table metadata, SQL output, logs, advisory findings, Edge Function code, project URLs, and publishable keys. Logs may include API, Postgres, Auth, Storage, Realtime, or Edge Function records that contain user identifiers, request metadata, or error payloads. Database rows can contain prompt-injection text or sensitive user content. Review SQL output before acting on instructions returned from data. CI or manual-auth setups can use a Supabase personal access token. Store PATs in secret management, not prompts, transcripts, or checked-in configs.User records, database documents, function logs, team memberships, and messaging data from your Appwrite project are surfaced in Claude's context. Your `APPWRITE_API_KEY` grants project-level access — keep it in the MCP config env and never commit it to version control.
Prerequisites
  • Supabase account with access to the organization and project Claude should use
  • Target Supabase project reference for project-scoped access
  • MCP-capable client with HTTP transport and OAuth support, such as Claude Code
  • Browser access for Supabase OAuth authentication during setup
  • An Appwrite account — log in at cloud.appwrite.io or self-hosted.
  • An Appwrite project with an API key that has the required scopes for your use case.
  • Python with `uvx` available.
  • An MCP client such as Claude Code or Claude Desktop.
Install
claude mcp add --scope project --transport http supabase "https://mcp.supabase.com/mcp?project_ref=YOUR_PROJECT_REF&read_only=true&features=database,docs"
claude mcp add appwrite -e APPWRITE_PROJECT_ID=<project-id> -e APPWRITE_API_KEY=<api-key> -- uvx mcp-server-appwrite
Config
Manual-only setup:
{
  "supabase": {
    "type": "http",
    "url": "https://mcp.supabase.com/mcp?project_ref=YOUR_PROJECT_REF&read_only=true&features=database,docs"
  }
}
{
  "mcpServers": {
    "appwrite": {
      "command": "uvx",
      "args": ["mcp-server-appwrite"],
      "env": {
        "APPWRITE_PROJECT_ID": "<project-id>",
        "APPWRITE_API_KEY": "<api-key>",
        "APPWRITE_ENDPOINT": "https://cloud.appwrite.io/v1"
      }
    }
  }
}
Citations
ClaimUnclaimedUnclaimed
Open in the interactive comparison tool

Related guides

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.