Supabase MCP — Сценарии использования, Установка & Живое демо

Зачем использовать

Ключевые функции

Database branching for safe migration testing (Pro plan)
Run SQL directly (read and write)
Generate and apply database migrations
Deploy Edge Functions (Deno) from chat
Inspect logs (postgres, edge-function, auth, realtime)
Read-only mode flag for safer prod use

Живое демо

Как выглядит на практике

supabase.replay ▶ готово

0/0

Установка

Выберите клиент

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "supabase": {
      "command": "npx",
      "args": [
        "-y",
        "@supabase/mcp-server-supabase"
      ]
    }
  }
}

Откройте Claude Desktop → Settings → Developer → Edit Config. Перезапустите после сохранения.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "supabase": {
      "command": "npx",
      "args": [
        "-y",
        "@supabase/mcp-server-supabase"
      ]
    }
  }
}

Cursor использует ту же схему mcpServers, что и Claude Desktop. Конфиг проекта приоритетнее глобального.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "supabase": {
      "command": "npx",
      "args": [
        "-y",
        "@supabase/mcp-server-supabase"
      ]
    }
  }
}

Щёлкните значок MCP Servers на боковой панели Cline, затем "Edit Configuration".

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "supabase": {
      "command": "npx",
      "args": [
        "-y",
        "@supabase/mcp-server-supabase"
      ]
    }
  }
}

Тот же формат, что и Claude Desktop. Перезапустите Windsurf для применения.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "supabase",
      "command": "npx",
      "args": [
        "-y",
        "@supabase/mcp-server-supabase"
      ]
    }
  ]
}

Continue использует массив объектов серверов, а не map.

~/.config/zed/settings.json

{
  "context_servers": {
    "supabase": {
      "command": {
        "path": "npx",
        "args": [
          "-y",
          "@supabase/mcp-server-supabase"
        ]
      }
    }
  }
}

Добавьте в context_servers. Zed перезагружается автоматически.

claude mcp add supabase -- npx -y @supabase/mcp-server-supabase

Однострочная команда. Проверить: claude mcp list. Удалить: claude mcp remove.

Сценарии использования

Реальные сценарии: Supabase

Test a destructive migration on a database branch before applying to prod

👤 Engineers shipping schema changes ⏱ ~30 min advanced

Когда использовать: You have a migration that drops a column or backfills millions of rows, and you want to dry-run on a real-data branch first.

Предварительные требования

Supabase Pro plan or higher — Branching is gated to paid plans
Personal access token — supabase.com/dashboard/account/tokens — scope to your org

Поток

Create a branch from prod

Create a database branch named 'test-drop-legacy-col' off the main branch in project <ref>. Wait for it to be ready.✓ Скопировано

→ Branch created with its own connection string
Run the migration on the branch

Apply the following migration on the new branch: <paste SQL>. Report rows affected and any errors.✓ Скопировано

→ Migration runs; row counts visible
Verify and either promote or discard

Run sanity SELECTs on the branch (top 10 rows of affected tables, NULL counts on changed columns). If it looks good, tell me and I'll promote; if not, delete the branch.✓ Скопировано

→ Verification output, then explicit human go/no-go

Итог: Migration validated against real data shape before it touches prod.

Подводные камни

Branches don't have prod's exact data — they're a snapshot at branch-create time — Note the snapshot timestamp; if your migration is sensitive to recent rows, branch as close to apply time as possible
Branch creation costs compute hours — Always delete the branch after testing; abandoned branches accumulate billing

Сочетать с: github · postgres

Write and deploy a Supabase Edge Function from chat

👤 Devs adding small backend endpoints (webhooks, signed-URL minters, etc.) ⏱ ~20 min intermediate

Когда использовать: You need a quick HTTP endpoint with DB access — perfect for an Edge Function — and don't want to context-switch to the dashboard.

Поток

Scaffold the function

Create an Edge Function stripe-webhook in project <ref>. It should: validate the Stripe signature, then INSERT a row into table stripe_events. Use Deno-style imports.✓ Скопировано

→ Function code written with proper Deno conventions
Deploy

Deploy stripe-webhook to project <ref>. Show me the resulting URL.✓ Скопировано

→ Deployed URL returned
Test with a sample payload

POST a test payload to the URL and tail the function logs. Did it succeed and write a row?✓ Скопировано

→ Logs show invocation; row visible in table

Итог: A live endpoint plus a row in the DB to prove it works, in 5 minutes.

Подводные камни

Secrets (STRIPE_SECRET) aren't auto-injected — Set them via the Supabase dashboard or set_secrets MCP tool before invoking; reference via Deno.env.get('STRIPE_SECRET')
Edge functions cold-start; first request is slow — Invoke once after deploy to warm before declaring 'works'

Сочетать с: stripe · github

Audit Row-Level Security policies on a Supabase project

👤 Security-conscious devs and reviewers ⏱ ~25 min intermediate

Когда использовать: Before launch — you want to confirm RLS is on for every table and the policies actually do what you think.

Поток

List tables and RLS state

List every table in the public schema. For each, is RLS enabled? List the policies attached.✓ Скопировано

→ Per-table RLS status plus policy bodies
Find tables without RLS

Highlight any table where RLS is OFF, or RLS is ON but no policies exist (effectively deny-all silently).✓ Скопировано

→ Risk list with clear category for each
Test as anonymous

For 3 sensitive tables, simulate an anon user query (using the anon role). Does it return rows? It shouldn't.✓ Скопировано

→ Empty results = good; rows returned = policy bug

Итог: A pre-launch sign-off on auth posture, with evidence per table.

Подводные камни

RLS off on a table you thought was internal — Service-role key bypasses RLS by design — never expose it client-side. Audit which keys are used where

Investigate why a user can't log in

👤 Support engineers, founders doing first-line ⏱ ~10 min beginner

Когда использовать: A user reports 'my login link doesn't work' and you want to see whether the email sent, what auth events fired, etc.

Поток

Find the user

Find the auth user with email '[email protected]'. Show created_at, last_sign_in_at, email_confirmed_at.✓ Скопировано

→ User record or 'not found' verdict
Check recent auth logs

Pull auth log entries for that user_id in the last 24h. Group by event type.✓ Скопировано

→ Sequence of auth events (otp_sent, sign_in_failed, etc.)
Resolve

Based on the events, what's the actual problem? Suggest the fix (resend invite, manually confirm, reset password).✓ Скопировано

→ Diagnosis plus action plan

Итог: A resolved support ticket with audit trail, in 5 minutes.

Подводные камни

PII flows into chat logs — Avoid pasting raw user records to chat history that's archived; redact emails when summarizing

Generate TypeScript types from your Supabase schema

👤 Frontend devs using `supabase-js` ⏱ ~10 min beginner

Когда использовать: You changed your DB schema and want client types updated to match.

Поток

Generate types

Generate TypeScript types for the public schema of project <ref>. Save to src/types/database.ts.✓ Скопировано

→ Types file written
Diff and check usage

Compared to the previous types file (in git), what changed? Are any of the changes breaking for existing call sites in src/?✓ Скопировано

→ Per-change impact analysis
Open PR

Commit the types update plus any necessary call-site fixes. Open a PR titled 'chore: regen db types YYYY-MM-DD'.✓ Скопировано

→ PR opened with full diff

Итог: Types stay in sync with schema; broken callsites caught at PR time, not in production.

Подводные камни

Generated types don't include views unless the view has SECURITY INVOKER set — Add views explicitly or document the gap; supabase-js handles them with from('view_name') regardless

Сочетать с: github · filesystem

Комбинации

Сочетайте с другими MCP — эффект x10

supabase + github

Open a PR with a migration, deploy to a branch, attach test results to the PR

Open a PR adding the migration in supabase/migrations/. Create a Supabase branch with the migration applied. Comment on the PR with the test results from the branch.✓ Скопировано

supabase + stripe

Build a Stripe webhook Edge Function that writes events into Supabase

Create an Edge Function that receives Stripe webhooks, validates the signature, and inserts events into a stripe_events table. Set up the webhook endpoint in Stripe to point at it.✓ Скопировано

supabase + filesystem

Sync local SQL migration files with Supabase project state

Compare /supabase/migrations/ on disk to migrations applied on the project. Apply any missing ones in order.✓ Скопировано

Инструменты

Что предоставляет этот MCP

Инструмент	Входные данные	Когда вызывать	Стоимость
list_projects	none	Discover which projects your token can access	free
get_project / pause_project / restore_project	project_id: str	Inspect or control a project	free
create_branch / list_branches / merge_branch / delete_branch	project_id, name?	Database branching for migration testing (Pro+)	Branch compute hours billed
list_tables	project_id, schemas?: str[]	Schema introspection	free
list_extensions / list_migrations	project_id	DB metadata	free
apply_migration	project_id, name: str, query: str	Apply a tracked migration to the project DB	free
execute_sql	project_id, query: str	Ad-hoc SQL — read or write	free
list_edge_functions / get_edge_function / deploy_edge_function	project_id, function name, code, entrypoint	Manage Deno-based edge functions	Edge function invocations billed
get_logs	project_id, service: 'postgres'\|'auth'\|'edge-function'\|...	Pull recent logs for a service	free
generate_typescript_types	project_id	Regenerate client types after schema changes	free
get_anon_key / get_project_url / get_advisors	project_id	Project metadata; advisors flag security or perf issues	free

Стоимость и лимиты

Во что обходится

Квота API: Standard Supabase rate limits per plan
Токенов на вызов: Schema queries: small. Logs and SQL results: depends on data volume — always set time/row limits
Деньги: MCP free; Supabase project is per-plan ($0 free tier; Pro $25/mo). Branching consumes compute hours.
Совет: Branches are great for testing but expensive when forgotten. Always delete_branch after merging or when discarded.

Безопасность

Права, секреты, радиус поражения

Минимальные скоупы: personal access token scoped to specific projects when possible

Хранение учётных данных: Personal access token in env var SUPABASE_ACCESS_TOKEN

Исходящий трафик: All calls to api.supabase.com and your project's regional endpoint

Никогда не давайте: service_role key to the agent unless absolutely needed — it bypasses RLS

Personal access tokens have org-wide reach by default — scope to specific projects in the dashboard.
execute_sql can do anything — UPDATE, DROP, GRANT. Use read-only mode (env flag) for prod work.
Edge Function code runs in your project; avoid deploying code from chat without reviewing the diff.

Устранение неполадок

Частые ошибки и исправления

Unauthorized — invalid token

Token expired or wrong scope. Generate a new one at supabase.com/dashboard/account/tokens.

Проверить: curl -H 'Authorization: Bearer $TOKEN' https://api.supabase.com/v1/projects

Branching tools fail with 'plan does not support branching'

Branching is Pro+. Upgrade plan or skip branching workflows.

Edge Function deploy fails: 'invalid Deno code'

Function code must be Deno-compatible (no Node-style require). Check imports use https://deno.land/... or npm: specifiers.

execute_sql returns 'permission denied'

The MCP uses a project-scoped role. For privileged ops, run via the dashboard SQL editor. Don't grant the MCP role superuser.

Альтернативы

Supabase в сравнении

Альтернатива	Когда использовать	Компромисс
Postgres MCP	You only need read-only SQL access and don't need Supabase-specific features	No branching, edge functions, auth introspection, or logs
Neon MCP	You're on Neon instead — also has branching	Different platform; no auth/edge functions
Supabase CLI directly	You want full local-dev flow with `supabase start`	No agent ergonomics; better for committed workflows

Ещё

Ресурсы

📖 Читать официальный README на GitHub

🐙 Открытые задачи

🔍 Все 400+ MCP-серверов и Skills