{"passport":{"unfragile":{"@version":"1.0","version":"2026-05","artifact":{"id":"smithery_abdqum-supabase-mcp-selfhosted","slug":"abdqum-supabase-mcp-selfhosted","name":"Supabase Admin","type":"mcp","url":"https://github.com/abdqum/Supabase-MCP-SelfHosted","page_url":"https://unfragile.ai/abdqum-supabase-mcp-selfhosted","categories":["mcp-servers","observability","code-review-security"],"tags":["mcp","model-context-protocol","smithery:abdqum/supabase-mcp-selfhosted"],"pricing":{"model":"open_source","free":true,"starting_price":null},"status":"active","verified":false},"capabilities":[{"id":"smithery_abdqum-supabase-mcp-selfhosted__cap_0","uri":"capability://automation.workflow.schema.aware.database.migration.automation.with.bidirectional.sync","name":"schema-aware database migration automation with bidirectional sync","description":"Automates Supabase PostgreSQL schema migrations by introspecting the current database state, comparing against desired schema definitions, and generating idempotent SQL migrations. Uses MCP tool protocol to expose migration operations that detect structural changes (tables, columns, constraints, indexes) and generate safe ALTER statements with rollback capability. Bidirectional sync ensures schema definitions stay synchronized with runtime database state without manual intervention.","intents":["I want to version control my database schema and automatically apply changes across environments without manual SQL","I need to detect schema drift between my local development database and production and auto-generate safe migration scripts","I want to sync schema changes from my ORM or migration tool into Supabase without writing raw SQL"],"best_for":["teams managing multiple Supabase environments (dev/staging/prod) with schema consistency requirements","developers using infrastructure-as-code patterns who want database schema as declarative definitions","projects requiring audit trails of all schema changes with rollback capability"],"limitations":["Cannot detect data transformation logic — only structural changes; complex migrations with data backfills require manual SQL","Idempotency depends on proper constraint naming conventions; unnamed constraints may cause duplicate migration generation","No built-in support for zero-downtime migrations on large tables — requires external tooling like pg_partman for production safety"],"requires":["Supabase project with admin API credentials","PostgreSQL 12+ (Supabase default)","MCP client capable of executing tool calls with file I/O for migration artifacts"],"input_types":["schema definition (JSON/YAML/TypeScript interfaces)","database connection string","migration metadata (version, description)"],"output_types":["SQL migration files","schema diff report (JSON)","migration status (applied/pending/failed)"],"categories":["automation-workflow","data-processing-analysis"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"smithery_abdqum-supabase-mcp-selfhosted__cap_1","uri":"capability://code.generation.editing.typescript.type.generation.from.postgresql.schema.with.crud.api.scaffolding","name":"typescript type generation from postgresql schema with crud api scaffolding","description":"Introspects Supabase PostgreSQL schema and generates strongly-typed TypeScript interfaces, enums, and utility types that match table structures, relationships, and constraints. Simultaneously scaffolds CRUD operation functions (insert, select, update, delete) with type-safe parameters and return types, leveraging Supabase's PostgREST API. Generated code includes proper null handling, optional fields based on constraints, and relationship types for foreign keys.","intents":["I want to generate TypeScript types from my Supabase schema so my frontend code is type-safe without manual interface definitions","I need boilerplate CRUD functions that are automatically typed to match my database schema and stay in sync when schema changes","I want to avoid runtime errors from mismatched field names or types between my database and application code"],"best_for":["TypeScript/JavaScript teams using Supabase as their backend","developers building type-first applications where schema is the source of truth","rapid prototyping scenarios where reducing boilerplate code accelerates development"],"limitations":["Generated types are snapshots — require regeneration after schema changes; no watch mode for automatic updates","Complex PostgreSQL types (arrays, JSON schemas, custom types) may generate overly permissive `any` types","CRUD scaffolding assumes standard PostgREST conventions; custom RLS policies or complex business logic require manual function wrapping"],"requires":["Supabase project with schema introspection permissions","TypeScript 4.5+ for generated code compatibility","MCP client with file write capabilities to persist generated files"],"input_types":["PostgreSQL schema metadata","table/column selection filters (optional)","naming convention preferences (camelCase/snake_case)"],"output_types":["TypeScript interface definitions (.ts files)","CRUD operation functions (.ts files)","Type utility files (branded types, discriminated unions)"],"categories":["code-generation-editing","data-processing-analysis"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"smithery_abdqum-supabase-mcp-selfhosted__cap_10","uri":"capability://safety.moderation.audit.logging.and.compliance.reporting.with.data.lineage.tracking","name":"audit logging and compliance reporting with data lineage tracking","description":"Aggregates Supabase audit logs (Auth events, API calls, database changes) through MCP tools that provide queryable access to compliance-relevant events. Implements data lineage tracking to understand which users modified which records and when, enabling forensic analysis. Generates compliance reports (SOC 2, HIPAA, GDPR) with configurable retention and export formats for regulatory submissions.","intents":["I want to track who made changes to sensitive data and when for compliance audits","I need to generate audit reports for regulatory compliance (SOC 2, HIPAA, GDPR)","I want to investigate security incidents by reviewing detailed audit logs of user actions"],"best_for":["healthcare, financial, and other regulated industries requiring strict audit trails","teams with compliance officers or regulatory requirements","applications handling sensitive personal data requiring data lineage tracking"],"limitations":["Audit logs are stored in Supabase; if account is compromised, logs may be tampered with","Data lineage tracking requires RLS policies to capture user context; custom business logic changes may not be logged","Compliance reports are generated from Supabase logs; external data sources (third-party APIs) require separate logging"],"requires":["Supabase project with audit logging enabled","Understanding of compliance requirements (SOC 2, HIPAA, GDPR)","MCP client with report generation capabilities"],"input_types":["audit log query parameters (date range, user, table, operation)","compliance report type (SOC 2, HIPAA, GDPR)","export format (PDF, CSV, JSON)"],"output_types":["audit log entries (user, action, timestamp, affected records)","data lineage report (change history per record)","compliance report (formatted for regulatory submission)"],"categories":["safety-moderation","data-processing-analysis"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"smithery_abdqum-supabase-mcp-selfhosted__cap_2","uri":"capability://safety.moderation.role.based.access.control.rbac.and.row.level.security.rls.policy.management","name":"role-based access control (rbac) and row-level security (rls) policy management","description":"Manages Supabase PostgreSQL roles, permissions, and RLS policies through MCP tools that abstract the complexity of SQL GRANT statements and policy creation. Enables defining role hierarchies, assigning permissions to tables/functions, and creating RLS policies that enforce row-level data access based on user context (auth.uid(), auth.jwt()). Validates policy logic before deployment and provides policy testing capabilities to verify access control behavior.","intents":["I want to define fine-grained access control where users can only see/modify their own data without writing complex SQL policies","I need to manage role hierarchies and permissions across multiple tables consistently without manual GRANT statements","I want to test RLS policies before deploying to production to ensure they don't accidentally expose sensitive data"],"best_for":["multi-tenant SaaS applications requiring strict data isolation between customers","teams building healthcare/financial applications with regulatory compliance requirements (HIPAA, PCI-DSS)","projects where access control logic is complex and frequently changes"],"limitations":["RLS policy testing requires actual database connections with different user contexts; cannot fully simulate without live database","Complex policies with multiple conditions and subqueries can become difficult to maintain and debug","Performance impact of RLS on large tables with complex policies not automatically analyzed; requires manual query plan inspection"],"requires":["Supabase project with admin role access","PostgreSQL 10+ (Supabase default)","Understanding of PostgreSQL role system and RLS concepts"],"input_types":["role definitions (name, permissions)","RLS policy rules (table, condition, operations)","user context for testing (user_id, custom claims)"],"output_types":["SQL GRANT/REVOKE statements","RLS policy definitions (CREATE POLICY SQL)","policy test results (access allowed/denied)"],"categories":["safety-moderation","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"smithery_abdqum-supabase-mcp-selfhosted__cap_3","uri":"capability://safety.moderation.authentication.configuration.and.secret.management.with.secure.credential.rotation","name":"authentication configuration and secret management with secure credential rotation","description":"Manages Supabase Auth configuration (providers, settings, JWT secrets) and application secrets through MCP tools that enforce secure storage and rotation patterns. Integrates with Supabase's secret management to store API keys, database credentials, and third-party service tokens without exposing them in code or logs. Supports automated secret rotation schedules and provides audit trails of all secret access and modifications.","intents":["I want to configure OAuth providers (Google, GitHub, etc.) for my Supabase Auth without manually managing credentials in environment files","I need to rotate API keys and secrets on a schedule without downtime or manual intervention","I want an audit trail of who accessed which secrets and when for compliance purposes"],"best_for":["teams managing production applications with regulatory compliance requirements (SOC 2, ISO 27001)","organizations with security-conscious DevOps practices requiring secret rotation and audit trails","multi-environment deployments (dev/staging/prod) with different secrets per environment"],"limitations":["Secret rotation requires coordinated updates across all services using the secret; no built-in orchestration for dependent service restarts","Audit trails stored in Supabase; if Supabase account is compromised, audit logs may also be compromised","No integration with external secret managers (HashiCorp Vault, AWS Secrets Manager) — secrets are stored only in Supabase"],"requires":["Supabase project with admin API access","MCP client with secure credential handling (no logging of secret values)","Understanding of OAuth 2.0 and JWT concepts for Auth configuration"],"input_types":["OAuth provider credentials (client_id, client_secret)","JWT configuration (secret, expiration, algorithm)","rotation schedule (interval, retention policy)"],"output_types":["Auth configuration status (enabled providers, settings)","secret rotation confirmation (old/new secret hashes, timestamp)","audit log entries (access events, modifications)"],"categories":["safety-moderation","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"smithery_abdqum-supabase-mcp-selfhosted__cap_4","uri":"capability://data.processing.analysis.real.time.metrics.and.performance.monitoring.with.health.check.automation","name":"real-time metrics and performance monitoring with health check automation","description":"Exposes Supabase project metrics (database connections, query performance, storage usage, API request rates) through MCP tools that aggregate data from Supabase's monitoring APIs and PostgreSQL system tables. Implements automated health checks that monitor database availability, replication lag, and resource utilization, with configurable alerting thresholds. Provides historical metrics data for trend analysis and capacity planning.","intents":["I want to monitor my Supabase database performance in real-time and get alerted if query latency exceeds thresholds","I need to track storage usage and API request rates to understand growth and plan capacity","I want to detect replication lag or connection pool exhaustion before they impact users"],"best_for":["production applications requiring SLA compliance and uptime monitoring","teams without dedicated DevOps/SRE staff who need automated health checks","applications with variable load patterns that need capacity planning insights"],"limitations":["Metrics are aggregated from Supabase's monitoring APIs; custom application-level metrics require separate instrumentation","Health checks run on polling intervals; cannot detect instantaneous spikes between checks","Alerting is limited to MCP tool invocation; requires external notification system (email, Slack) for actual alerts"],"requires":["Supabase project with monitoring API access","MCP client capable of periodic tool invocation (scheduler or external cron)","PostgreSQL 10+ for system table queries"],"input_types":["metric names (database_connections, query_latency, storage_usage)","time range (last hour, last day, custom)","threshold values for health checks"],"output_types":["metric values (numeric with timestamps)","health check results (healthy/warning/critical)","trend analysis (growth rate, peak usage)"],"categories":["data-processing-analysis","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"smithery_abdqum-supabase-mcp-selfhosted__cap_5","uri":"capability://automation.workflow.storage.bucket.management.with.file.lifecycle.and.access.policy.automation","name":"storage bucket management with file lifecycle and access policy automation","description":"Manages Supabase Storage buckets through MCP tools that handle bucket creation, configuration, and file lifecycle policies (expiration, archival). Implements access control by creating signed URLs with configurable expiration times and permissions, and manages bucket-level policies for public/private access. Supports automated cleanup of expired files and provides storage usage analytics per bucket.","intents":["I want to create storage buckets and configure access policies without using the Supabase dashboard","I need to generate signed URLs for temporary file access with automatic expiration","I want to automatically delete old files based on age or custom criteria to manage storage costs"],"best_for":["applications with user-generated content (images, documents, videos) requiring fine-grained access control","multi-tenant applications where each tenant has isolated storage buckets","cost-conscious projects needing automated storage cleanup and lifecycle management"],"limitations":["Signed URL generation is time-based; cannot revoke URLs before expiration without external tracking","File lifecycle policies are limited to age-based rules; cannot implement complex conditional deletion logic","No built-in virus scanning or content validation; requires external services for security"],"requires":["Supabase project with Storage API access","MCP client with file I/O capabilities for local file operations","Understanding of S3-compatible storage concepts"],"input_types":["bucket name and configuration (public/private, size limits)","file paths and lifecycle rules (expiration age, archival policy)","access parameters (user_id, expiration_seconds)"],"output_types":["bucket creation confirmation","signed URLs (with expiration timestamp)","storage usage report (bytes per bucket, growth rate)"],"categories":["automation-workflow","safety-moderation"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"smithery_abdqum-supabase-mcp-selfhosted__cap_6","uri":"capability://automation.workflow.real.time.subscription.management.and.event.streaming.configuration","name":"real-time subscription management and event streaming configuration","description":"Configures Supabase Realtime subscriptions through MCP tools that manage PostgreSQL LISTEN/NOTIFY channels and broadcast subscriptions. Enables defining which tables/events trigger real-time updates, configuring message filtering and transformation, and managing subscription lifecycle. Provides tools to test real-time event delivery and monitor active subscriptions for debugging connection issues.","intents":["I want to configure real-time updates for specific tables so clients receive changes instantly without polling","I need to filter real-time events based on conditions (e.g., only notify users of changes to their own records)","I want to debug why real-time subscriptions aren't working or are missing events"],"best_for":["collaborative applications (documents, whiteboards, chat) requiring instant synchronization","dashboards and monitoring tools needing live data updates","applications with presence features (who's online, active users)"],"limitations":["Real-time events are only generated for changes made through Supabase APIs; direct database modifications bypass Realtime","Event filtering happens on the client; server-side filtering not available, increasing bandwidth for large datasets","No built-in event replay; clients connecting after events miss historical changes"],"requires":["Supabase project with Realtime enabled","PostgreSQL 10+ with LISTEN/NOTIFY support (Supabase default)","MCP client capable of maintaining long-lived connections for subscription testing"],"input_types":["table names and event types (INSERT, UPDATE, DELETE)","filter conditions (column values, user context)","subscription configuration (message format, batch settings)"],"output_types":["subscription configuration confirmation","real-time event samples (test messages)","subscription metrics (active connections, message throughput)"],"categories":["automation-workflow","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"smithery_abdqum-supabase-mcp-selfhosted__cap_7","uri":"capability://automation.workflow.database.backup.and.disaster.recovery.orchestration.with.point.in.time.restore","name":"database backup and disaster recovery orchestration with point-in-time restore","description":"Manages Supabase database backups through MCP tools that trigger on-demand backups, configure automated backup schedules, and manage backup retention policies. Implements point-in-time recovery (PITR) by leveraging PostgreSQL WAL (Write-Ahead Logs) to restore database state to any moment within the retention window. Provides backup verification and restore testing capabilities to ensure recovery procedures work before disaster strikes.","intents":["I want to create automated daily backups of my Supabase database with configurable retention","I need to restore my database to a specific point in time if data corruption or accidental deletion occurs","I want to test restore procedures regularly to ensure backups are valid and recovery time is acceptable"],"best_for":["production applications with strict data durability requirements","teams managing databases with regulatory compliance needs (GDPR, HIPAA requiring audit trails)","applications where data loss would have significant business impact"],"limitations":["PITR window is limited by Supabase's WAL retention policy (typically 7 days); older restore points unavailable","Restore operations create a new database instance; requires DNS/connection string updates and application restart","Backup storage costs scale with database size and retention period; no compression or deduplication"],"requires":["Supabase project with backup API access","Sufficient storage quota for backup retention","MCP client with long-running operation support (backups can take minutes)"],"input_types":["backup schedule (frequency, retention days)","restore target (timestamp or backup ID)","backup verification parameters (test query, data integrity checks)"],"output_types":["backup creation confirmation (backup_id, size, timestamp)","restore status (in_progress, completed, failed)","backup verification report (data integrity checks, row counts)"],"categories":["automation-workflow","safety-moderation"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"smithery_abdqum-supabase-mcp-selfhosted__cap_8","uri":"capability://data.processing.analysis.api.endpoint.introspection.and.postgrest.configuration.management","name":"api endpoint introspection and postgrest configuration management","description":"Introspects Supabase's PostgREST API to discover available endpoints, query parameters, and response schemas based on the current database schema. Manages PostgREST configuration (request limits, CORS settings, response headers) through MCP tools. Generates API documentation and provides tools to test endpoints with various parameter combinations to validate API behavior.","intents":["I want to discover all available API endpoints generated from my database schema without reading documentation","I need to configure CORS, rate limiting, and other API settings programmatically","I want to test API endpoints with different parameters to ensure they work as expected"],"best_for":["developers building API-first applications using Supabase's auto-generated REST API","teams documenting APIs and need to keep documentation in sync with schema changes","projects requiring API testing and validation as part of CI/CD pipelines"],"limitations":["PostgREST introspection only reveals schema-based endpoints; custom RPC functions require separate documentation","API testing through MCP tools is limited to read operations; write operations require careful state management","CORS and rate limiting configuration is global; cannot set per-endpoint policies"],"requires":["Supabase project with PostgREST API enabled","MCP client with HTTP request capabilities","Understanding of REST API concepts and query parameters"],"input_types":["table/schema names for endpoint discovery","API configuration parameters (CORS origins, rate limits)","test parameters (filters, sorting, pagination)"],"output_types":["endpoint list with methods and parameters","API documentation (OpenAPI/Swagger format)","test results (response status, data, errors)"],"categories":["data-processing-analysis","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"smithery_abdqum-supabase-mcp-selfhosted__cap_9","uri":"capability://automation.workflow.environment.specific.configuration.management.with.deployment.orchestration","name":"environment-specific configuration management with deployment orchestration","description":"Manages environment-specific configurations (dev/staging/prod) through MCP tools that handle configuration synchronization, secret management per environment, and deployment orchestration. Enables defining environment-specific database schemas, Auth settings, and storage policies, then deploying changes across environments in a controlled manner. Provides rollback capabilities and deployment validation to ensure configuration consistency.","intents":["I want to manage separate Supabase projects for dev/staging/prod with different configurations and secrets","I need to deploy schema changes and configuration updates across environments in a controlled sequence","I want to validate configurations before deployment to catch issues early"],"best_for":["teams following GitOps practices with infrastructure-as-code for database configuration","organizations with strict change management processes requiring approval workflows","projects with multiple environments requiring configuration consistency and drift detection"],"limitations":["Configuration management is limited to Supabase-specific settings; application-level configuration requires separate tooling","Deployment orchestration is sequential; no parallel deployment across environments","Rollback capability depends on backup availability; cannot rollback beyond backup retention window"],"requires":["Multiple Supabase projects (one per environment)","Admin API credentials for each environment","MCP client with file I/O for configuration file management"],"input_types":["environment names (dev, staging, prod)","configuration definitions (schema, auth settings, storage policies)","deployment sequence and validation rules"],"output_types":["deployment plan (changes to be applied)","deployment status (in_progress, completed, failed)","configuration validation report (conflicts, inconsistencies)"],"categories":["automation-workflow","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0}],"trust":{"score":36,"verified":false,"data_access_risk":"high","permissions":["Supabase project with admin API credentials","PostgreSQL 12+ (Supabase default)","MCP client capable of executing tool calls with file I/O for migration artifacts","Supabase project with schema introspection permissions","TypeScript 4.5+ for generated code compatibility","MCP client with file write capabilities to persist generated files","Supabase project with audit logging enabled","Understanding of compliance requirements (SOC 2, HIPAA, GDPR)","MCP client with report generation capabilities","Supabase project with admin role access"],"failure_modes":["Cannot detect data transformation logic — only structural changes; complex migrations with data backfills require manual SQL","Idempotency depends on proper constraint naming conventions; unnamed constraints may cause duplicate migration generation","No built-in support for zero-downtime migrations on large tables — requires external tooling like pg_partman for production safety","Generated types are snapshots — require regeneration after schema changes; no watch mode for automatic updates","Complex PostgreSQL types (arrays, JSON schemas, custom types) may generate overly permissive `any` types","CRUD scaffolding assumes standard PostgREST conventions; custom RLS policies or complex business logic require manual function wrapping","Audit logs are stored in Supabase; if account is compromised, logs may be tampered with","Data lineage tracking requires RLS policies to capture user context; custom business logic changes may not be logged","Compliance reports are generated from Supabase logs; external data sources (third-party APIs) require separate logging","RLS policy testing requires actual database connections with different user contexts; cannot fully simulate without live database","builder identity is not verified yet","no observed match outcomes yet"],"rank_breakdown":{"adoption":0.05,"quality":0.47,"ecosystem":0.6900000000000001,"match_graph":0.25,"freshness":0.6,"weights":{"adoption":0.25,"quality":0.25,"ecosystem":0.15,"match_graph":0.23,"freshness":0.12}},"observed_outcomes":{"matches":0,"success_rate":0,"avg_confidence":0,"top_intents":[],"last_matched_at":null},"maintenance":{"status":"active","updated_at":"2026-05-24T12:16:25.061Z","last_scraped_at":"2026-05-03T15:19:15.091Z","last_commit":null},"community":{"stars":null,"forks":null,"weekly_downloads":null,"model_downloads":null,"model_likes":null}},"distribution":{"claim_url":"https://unfragile.ai/submit?claim=abdqum-supabase-mcp-selfhosted","compare_url":"https://unfragile.ai/compare?artifact=abdqum-supabase-mcp-selfhosted"}},"signature":"eHSy6MEa9D7u8ABxHbOnMR9dVWkr0Gipf9hp4WXTT5yFvAEzRle58DeKV9J17rvwaBh20nxQft1Jf3y9YiRcBQ==","signedAt":"2026-06-21T22:51:12.257Z","signedBy":"unfragile.ai","version":1},"_links":{"self":"https://unfragile.ai/api/v1/passport/abdqum-supabase-mcp-selfhosted","artifact":"https://unfragile.ai/abdqum-supabase-mcp-selfhosted","verify":"https://unfragile.ai/api/v1/verify?slug=abdqum-supabase-mcp-selfhosted","publicKey":"https://unfragile.ai/api/v1/trust-passport-public-key","spec":"https://unfragile.ai/trust","schema":"https://unfragile.ai/schema.json","docs":"https://unfragile.ai/docs"}}