Query | MCP server for Supabase

More than 17k installs via pypi and close to 30k downloads on Smithery.ai in short, this was fun!Thanks to everyone who has been using this server for the past few months, and I hope it was useful for you. Since Supabase has released their own official MCP server, I've decided to no longer actively maintain this one. The official MCP server is as feature-rich, and many more features will be added in the future. Check it out!

Table of contents

Key features

• Compatible with Cursor, Windsurf, Cline and other MCP clients supporting stdio protocol

• Control read-only and read-write modes of SQL query execution

• Runtime SQL query validation with risk level assessment

• Three-tier safety system for SQL operations: safe, write, and destructive

• Robust transaction handling for both direct and pooled database connections

• Automatic versioning of database schema changes

• Manage your Supabase projects with Supabase Management API

• Manage users with Supabase Auth Admin methods via Python SDK

• Pre-built tools to help Cursor & Windsurf work with MCP more effectively

• Dead-simple install & setup via package manager (uv, pipx, etc.)

Getting Started

Prerequisites

• Python 3.12+

PostgreSQL Installation

• Download and install PostgreSQL 16+ from https://www.postgresql.org/download/windows/

• Ensure "PostgreSQL Server" and "Command Line Tools" are selected during installation

Step 1. Installation

Installing from source

Installing via Smithery.ai

Step 2. Configuration

Important: Since v0.4 MCP server requires an API key which you can get for free at thequery.dev to use this MCP server.

Environment Variables

Note: The default values are configured for local Supabase development. For remote Supabase projects, you must provide your own values for SUPABASE_PROJECT_REF and SUPABASE_DB_PASSWORD.

CRITICAL CONFIGURATION NOTE: For remote Supabase projects, you MUST specify the correct region where your project is hosted using SUPABASE_REGION. If you encounter a "Tenant or user not found" error, this is almost certainly because your region setting doesn't match your project's actual region. You can find your project's region in the Supabase dashboard under Project Settings.

Connection Types

• The server connects to your Supabase PostgreSQL database using the transaction pooler endpoint

• Local development uses a direct connection to 127.0.0.1:54322

• Remote projects use the format: postgresql://postgres.[project_ref]:[password]@aws-0-[region].pooler.supabase.com:6543/postgres

Important: Session pooling connections are not supported. The server exclusively uses transaction pooling for better compatibility with the MCP server architecture.

• Requires SUPABASE_ACCESS_TOKEN to be set

• Connects to the Supabase Management API at https://api.supabase.com

• Only works with remote Supabase projects (not local development)

• Requires SUPABASE_SERVICE_ROLE_KEY to be set

• For local development, connects to http://127.0.0.1:54321

• For remote projects, connects to https://[project_ref].supabase.co

Configuration Methods

1. Environment Variables: Values set directly in your environment

2. Local `.env` File: A .env file in your current working directory (only works when running from source)

3. Global Config File:

4. Default Settings: Local development defaults (if no other config is found)

Important: When using the package installed via pipx or uv, local .env files in your project directory are not detected. You must use either environment variables or the global config file.

Setting Up Configuration

Finding Your Supabase Project Information

• Project Reference: Found in your Supabase project URL: https://supabase.com/dashboard/project/<project-ref>

• Database Password: Set during project creation or found in Project Settings Database

• Access Token: Generate at https://supabase.com/dashboard/account/tokens

• Service Role Key: Found in Project Settings API Project API keys

Supported Regions

• us-west-1 - West US (North California)

• us-east-1 - East US (North Virginia) - default

• us-east-2 - East US (Ohio)

• ca-central-1 - Canada (Central)

• eu-west-1 - West EU (Ireland)

• eu-west-2 - West Europe (London)

• eu-west-3 - West EU (Paris)

• eu-central-1 - Central EU (Frankfurt)

• eu-central-2 - Central Europe (Zurich)

• eu-north-1 - North EU (Stockholm)

• ap-south-1 - South Asia (Mumbai)

• ap-southeast-1 - Southeast Asia (Singapore)

• ap-northeast-1 - Northeast Asia (Tokyo)

• ap-northeast-2 - Northeast Asia (Seoul)

• ap-southeast-2 - Oceania (Sydney)

• sa-east-1 - South America (S o Paulo)

Limitations

• No Self-Hosted Support: The server only supports official Supabase.com hosted projects and local development

• No Connection String Support: Custom connection strings are not supported

• No Session Pooling: Only transaction pooling is supported for database connections

• API and SDK Features: Management API and Auth Admin SDK features only work with remote Supabase projects, not local development

Step 3. Usage

• Cursor

• Windsurf

• Cline

• Claude Desktop

Cursor

Windsurf

Claude Desktop

1. Find the full path to the executable (this step is critical):Copy the full path that is returned (e.g., /Users/username/.local/bin/supabase-mcp-server).

2. Configure the MCP server in Claude Desktop:

Important: Unlike Windsurf and Cursor, Claude Desktop requires the full absolute path to the executable. Using just the command name (supabase-mcp-server) will result in a "spawn ENOENT" error.

Cline

1. Find the full path to the executable (this step is critical):Copy the full path that is returned (e.g., /Users/username/.local/bin/supabase-mcp-server).

2. Configure the MCP server in Cline:

Troubleshooting

• Debug installation - run supabase-mcp-server directly from the terminal to see if it works. If it doesn't, there might be an issue with the installation.

• MCP Server configuration - if the above step works, it means the server is installed and configured correctly. As long as you provided the right command, IDE should be able to connect. Make sure to provide the right path to the server executable.

• "No tools found" error - If you see "Client closed - no tools available" in Cursor despite the package being installed:

• Environment variables - to connect to the right database, make sure you either set env variables in mcp_config.json or in .env file placed in a global config directory (~/.config/supabase-mcp/.env on macOS/Linux or %APPDATA%\supabase-mcp\.env on Windows).

• Accessing logs - The MCP server writes detailed logs to a file:

MCP Inspector

Running supabase-mcp-inspector, if installed from package, doesn't work properly - I will validate and fix in the coming release.

Feature Overview

Database query tools

• SQL Query Execution: Execute PostgreSQL queries with risk assessment

• SQL Parsing and Validation:

• Automatic Migration Versioning:

• Safety Controls:

• Available Tools:

Management API tools

• Available Tools:

• Safety Controls:

Auth Admin tools

• Includes the following tools:

• Supported methods:

Why use Auth Admin SDK instead of raw SQL queries?

• Functionality: Enables operations not possible with SQL alone (invites, magic links, MFA)

• Accuracy: More reliable then creating and executing raw SQL queries on auth schemas

• Simplicity: Offers clear methods with proper validation and error handling

Logs & Analytics

• Available Tool: retrieve_logs - Access logs from any Supabase service

• Log Collections:

• Features: Filter by time, search text, apply field filters, or use custom SQL queries

Automatic Versioning of Database Changes

• automatic creation of migration scripts for all write & destructive sql operations executed on the database

• improved safety mode of query execution, in which all queries are categorized in:

Universal Safety Mode

• Low risk: Read-only operations that don't modify data or structure (SELECT queries, GET API requests)

• Medium risk: Write operations that modify data but not structure (INSERT/UPDATE/DELETE, most POST/PUT API requests)

• High risk: Destructive operations that modify database structure or could cause data loss (DROP/TRUNCATE, DELETE API endpoints)

• Extreme risk: Operations with severe consequences that are blocked entirely (deleting projects)

• Low risk operations are always allowed

• Medium risk operations require unsafe mode to be enabled

• High risk operations require unsafe mode AND explicit confirmation

• Extreme risk operations are never allowed

How confirmation flow works

Changelog

• Simplified installation via package manager - (v0.2.0)

• Support for different Supabase regions - (v0.2.2)

• Programmatic access to Supabase management API with safety controls - (v0.3.0)

• Read and read-write database SQL queries with safety controls - (v0.3.0)

• Robust transaction handling for both direct and pooled connections - (v0.3.2)

• Support methods and objects available in native Python SDK - (v0.3.6)

• Stronger SQL query validation (v0.3.8)

• Automatic versioning of database changes (v0.3.8)

• Radically improved knowledge and tools of api spec (v0.3.8)

• Improved consistency of migration-related tools for a more organized database vcs (v0.3.10)

• Query MCP is released (v0.4.0)

Star History

Query | MCP server for Supabase

More than 17k installs via pypi and close to 30k downloads on Smithery.ai in short, this was fun!Thanks to everyone who has been using this server for the past few months, and I hope it was useful for you. Since Supabase has released their own official MCP server, I've decided to no longer actively maintain this one. The official MCP server is as feature-rich, and many more features will be added in the future. Check it out!

Table of contents

Key features

• Compatible with Cursor, Windsurf, Cline and other MCP clients supporting stdio protocol

• Control read-only and read-write modes of SQL query execution

• Runtime SQL query validation with risk level assessment

• Three-tier safety system for SQL operations: safe, write, and destructive

• Robust transaction handling for both direct and pooled database connections

• Automatic versioning of database schema changes

• Manage your Supabase projects with Supabase Management API

• Manage users with Supabase Auth Admin methods via Python SDK

• Pre-built tools to help Cursor & Windsurf work with MCP more effectively

• Dead-simple install & setup via package manager (uv, pipx, etc.)

Getting Started

Prerequisites

• Python 3.12+

PostgreSQL Installation

• Download and install PostgreSQL 16+ from https://www.postgresql.org/download/windows/

• Ensure "PostgreSQL Server" and "Command Line Tools" are selected during installation

Step 1. Installation

Installing from source

Installing via Smithery.ai

Step 2. Configuration

Important: Since v0.4 MCP server requires an API key which you can get for free at thequery.dev to use this MCP server.

Environment Variables

Note: The default values are configured for local Supabase development. For remote Supabase projects, you must provide your own values for SUPABASE_PROJECT_REF and SUPABASE_DB_PASSWORD.

CRITICAL CONFIGURATION NOTE: For remote Supabase projects, you MUST specify the correct region where your project is hosted using SUPABASE_REGION. If you encounter a "Tenant or user not found" error, this is almost certainly because your region setting doesn't match your project's actual region. You can find your project's region in the Supabase dashboard under Project Settings.

Connection Types

• The server connects to your Supabase PostgreSQL database using the transaction pooler endpoint

• Local development uses a direct connection to 127.0.0.1:54322

• Remote projects use the format: postgresql://postgres.[project_ref]:[password]@aws-0-[region].pooler.supabase.com:6543/postgres

Important: Session pooling connections are not supported. The server exclusively uses transaction pooling for better compatibility with the MCP server architecture.

• Requires SUPABASE_ACCESS_TOKEN to be set

• Connects to the Supabase Management API at https://api.supabase.com

• Only works with remote Supabase projects (not local development)

• Requires SUPABASE_SERVICE_ROLE_KEY to be set

• For local development, connects to http://127.0.0.1:54321

• For remote projects, connects to https://[project_ref].supabase.co

Configuration Methods

1. Environment Variables: Values set directly in your environment

2. Local `.env` File: A .env file in your current working directory (only works when running from source)

3. Global Config File:

4. Default Settings: Local development defaults (if no other config is found)

Important: When using the package installed via pipx or uv, local .env files in your project directory are not detected. You must use either environment variables or the global config file.

Setting Up Configuration

Finding Your Supabase Project Information

• Project Reference: Found in your Supabase project URL: https://supabase.com/dashboard/project/<project-ref>

• Database Password: Set during project creation or found in Project Settings Database

• Access Token: Generate at https://supabase.com/dashboard/account/tokens

• Service Role Key: Found in Project Settings API Project API keys

Supported Regions

• us-west-1 - West US (North California)

• us-east-1 - East US (North Virginia) - default

• us-east-2 - East US (Ohio)

• ca-central-1 - Canada (Central)

• eu-west-1 - West EU (Ireland)

• eu-west-2 - West Europe (London)

• eu-west-3 - West EU (Paris)

• eu-central-1 - Central EU (Frankfurt)

• eu-central-2 - Central Europe (Zurich)

• eu-north-1 - North EU (Stockholm)

• ap-south-1 - South Asia (Mumbai)

• ap-southeast-1 - Southeast Asia (Singapore)

• ap-northeast-1 - Northeast Asia (Tokyo)

• ap-northeast-2 - Northeast Asia (Seoul)

• ap-southeast-2 - Oceania (Sydney)

• sa-east-1 - South America (S o Paulo)

Limitations

• No Self-Hosted Support: The server only supports official Supabase.com hosted projects and local development

• No Connection String Support: Custom connection strings are not supported

• No Session Pooling: Only transaction pooling is supported for database connections

• API and SDK Features: Management API and Auth Admin SDK features only work with remote Supabase projects, not local development

Step 3. Usage

• Cursor

• Windsurf

• Cline

• Claude Desktop

Cursor

Windsurf

Claude Desktop

1. Find the full path to the executable (this step is critical):Copy the full path that is returned (e.g., /Users/username/.local/bin/supabase-mcp-server).

2. Configure the MCP server in Claude Desktop:

Important: Unlike Windsurf and Cursor, Claude Desktop requires the full absolute path to the executable. Using just the command name (supabase-mcp-server) will result in a "spawn ENOENT" error.

Cline

1. Find the full path to the executable (this step is critical):Copy the full path that is returned (e.g., /Users/username/.local/bin/supabase-mcp-server).

2. Configure the MCP server in Cline:

Troubleshooting

• Debug installation - run supabase-mcp-server directly from the terminal to see if it works. If it doesn't, there might be an issue with the installation.

• MCP Server configuration - if the above step works, it means the server is installed and configured correctly. As long as you provided the right command, IDE should be able to connect. Make sure to provide the right path to the server executable.

• "No tools found" error - If you see "Client closed - no tools available" in Cursor despite the package being installed:

• Environment variables - to connect to the right database, make sure you either set env variables in mcp_config.json or in .env file placed in a global config directory (~/.config/supabase-mcp/.env on macOS/Linux or %APPDATA%\supabase-mcp\.env on Windows).

• Accessing logs - The MCP server writes detailed logs to a file:

MCP Inspector

Running supabase-mcp-inspector, if installed from package, doesn't work properly - I will validate and fix in the coming release.

Feature Overview

Database query tools

• SQL Query Execution: Execute PostgreSQL queries with risk assessment

• SQL Parsing and Validation:

• Automatic Migration Versioning:

• Safety Controls:

• Available Tools:

Management API tools

• Available Tools:

• Safety Controls:

Auth Admin tools

• Includes the following tools:

• Supported methods:

Why use Auth Admin SDK instead of raw SQL queries?

• Functionality: Enables operations not possible with SQL alone (invites, magic links, MFA)

• Accuracy: More reliable then creating and executing raw SQL queries on auth schemas

• Simplicity: Offers clear methods with proper validation and error handling

Logs & Analytics

• Available Tool: retrieve_logs - Access logs from any Supabase service

• Log Collections:

• Features: Filter by time, search text, apply field filters, or use custom SQL queries

Automatic Versioning of Database Changes

• automatic creation of migration scripts for all write & destructive sql operations executed on the database

• improved safety mode of query execution, in which all queries are categorized in:

Universal Safety Mode

• Low risk: Read-only operations that don't modify data or structure (SELECT queries, GET API requests)

• Medium risk: Write operations that modify data but not structure (INSERT/UPDATE/DELETE, most POST/PUT API requests)

• High risk: Destructive operations that modify database structure or could cause data loss (DROP/TRUNCATE, DELETE API endpoints)

• Extreme risk: Operations with severe consequences that are blocked entirely (deleting projects)

• Low risk operations are always allowed

• Medium risk operations require unsafe mode to be enabled

• High risk operations require unsafe mode AND explicit confirmation

• Extreme risk operations are never allowed

How confirmation flow works

Changelog

• Simplified installation via package manager - (v0.2.0)

• Support for different Supabase regions - (v0.2.2)

• Programmatic access to Supabase management API with safety controls - (v0.3.0)

• Read and read-write database SQL queries with safety controls - (v0.3.0)

• Robust transaction handling for both direct and pooled connections - (v0.3.2)

• Support methods and objects available in native Python SDK - (v0.3.6)

• Stronger SQL query validation (v0.3.8)

• Automatic versioning of database changes (v0.3.8)

• Radically improved knowledge and tools of api spec (v0.3.8)

• Improved consistency of migration-related tools for a more organized database vcs (v0.3.10)

• Query MCP is released (v0.4.0)

Star History