[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-supabase-mcp-ai-projects-en":3,"tags-supabase-mcp-ai-projects-en":30,"related-lang-supabase-mcp-ai-projects-en":41,"related-posts-supabase-mcp-ai-projects-en":45,"series-tools-ad77b787-2121-4227-83f9-da2b2ffa9a93":82},{"id":4,"title":5,"content":6,"summary":7,"source":8,"source_url":9,"author":10,"image_url":11,"keywords":12,"language":18,"translated_content":10,"views":19,"is_premium":20,"created_at":21,"updated_at":21,"cover_image":11,"published_at":22,"rewrite_status":23,"rewrite_error":10,"rewritten_from_id":24,"slug":25,"category":26,"related_article_id":27,"status":28,"google_indexed_at":29,"x_posted_at":10,"tweet_text":10,"title_rewritten_at":10,"title_original":10,"key_takeaways":10,"topic_cluster_id":10,"embedding":10,"is_canonical_seed":20},"ad77b787-2121-4227-83f9-da2b2ffa9a93","Supabase MCP lets AI query your projects","\u003Cp>The \u003Ca href=\"https:\u002F\u002Fsupabase.com\u002Fdocs\u002Fguides\u002Fgetting-started\u002Fmcp\" target=\"_blank\" rel=\"noopener\">Supabase MCP\u003C\u002Fa> docs describe a very practical idea: let an AI tool talk to your Supabase project through a standard protocol, then keep a tight grip on what it can do. The hosted server lives at \u003Ccode>https:\u002F\u002Fmcp.supabase.com\u002Fmcp\u003C\u002Fcode>, and Supabase says project scoping can limit access to one project instead of every project in your account.\u003C\u002Fp>\u003Cp>That matters because the server is not a toy connector. It can list tables, run SQL, inspect logs, query docs, generate TypeScript types, and even deploy Edge Functions. In other words, this is a control plane for AI-assisted app work, which is useful and risky in equal measure.\u003C\u002Fp>\u003Ch2>What Supabase MCP actually connects\u003C\u002Fh2>\u003Cp>MCP, or Model Context Protocol, is a standard for connecting large language models to external tools and data sources. In Supabase’s setup, an MCP client such as \u003Ca href=\"https:\u002F\u002Fcursor.com\" target=\"_blank\" rel=\"noopener\">Cursor\u003C\u002Fa> can authenticate to your account, then call tools against your project with natural language prompts.\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1775093535794-gfg8.png\" alt=\"Supabase MCP lets AI query your projects\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>Supabase splits the server into feature groups. Database tools are enabled by default, Storage is disabled by default, and project-scoped mode can remove account-level tools entirely. That design tells you what Supabase thinks the default should be: narrow access first, broader access only when you need it.\u003C\u002Fp>\u003Cp>Here are the main capabilities listed in the docs:\u003C\u002Fp>\u003Cul>\u003Cli>\u003Cstrong>Database:\u003C\u002Fstrong> list tables, list extensions, list migrations, apply migrations, execute SQL\u003C\u002Fli>\u003Cli>\u003Cstrong>Debugging:\u003C\u002Fstrong> get service logs and advisor output for security and performance\u003C\u002Fli>\u003Cli>\u003Cstrong>Development:\u003C\u002Fstrong> get project URL, get publishable keys, generate TypeScript types\u003C\u002Fli>\u003Cli>\u003Cstrong>Edge Functions:\u003C\u002Fstrong> list, inspect, and deploy functions\u003C\u002Fli>\u003Cli>\u003Cstrong>Docs and branching:\u003C\u002Fstrong> search docs, create branches, merge branches, reset branches, rebase branches\u003C\u002Fli>\u003C\u002Ful>\u003Cp>The docs also note that the local Supabase CLI exposes MCP at \u003Ccode>http:\u002F\u002Flocalhost:54321\u002Fmcp\u003C\u002Fcode>. That is a small but useful detail for teams that want to test workflows locally before pointing an AI client at a hosted project.\u003C\u002Fp>\u003Ch2>Setup is simple, but the defaults matter\u003C\u002Fh2>\u003Cp>Supabase’s installation flow is deliberately direct. Pick a platform, choose a project, choose an MCP client, then connect. For Cursor, the docs show a one-click install option and a manual JSON config that points to the hosted MCP endpoint.\u003C\u002Fp>\u003Cp>Authentication is where the story gets more interesting. Supabase says the hosted server now uses dynamic client registration, so in many cases you do not need to create a personal access token or OAuth app manually. During setup, the browser opens, you sign in to Supabase, and you grant organization access to the client.\u003C\u002Fp>\u003Cp>That is a cleaner flow than the older token-heavy approach, but the docs still keep manual options around for CI systems and clients that cannot handle dynamic registration. For CI, Supabase shows a bearer token flow using a personal access token. For OAuth-only clients such as Azure API Center, it describes creating an OAuth app in your Supabase organization and passing the client ID and secret to the MCP client.\u003C\u002Fp>\u003Cul>\u003Cli>\u003Cstrong>Hosted server URL:\u003C\u002Fstrong> \u003Ccode>https:\u002F\u002Fmcp.supabase.com\u002Fmcp\u003C\u002Fcode>\u003C\u002Fli>\u003Cli>\u003Cstrong>Local CLI URL:\u003C\u002Fstrong> \u003Ccode>http:\u002F\u002Flocalhost:54321\u002Fmcp\u003C\u002Fcode>\u003C\u002Fli>\u003Cli>\u003Cstrong>Read-only mode:\u003C\u002Fstrong> \u003Ccode>read_only=true\u003C\u002Fcode>\u003C\u002Fli>\u003Cli>\u003Cstrong>Project scoping:\u003C\u002Fstrong> \u003Ccode>project_ref=abc123\u003C\u002Fcode>\u003C\u002Fli>\u003Cli>\u003Cstrong>Feature filtering:\u003C\u002Fstrong> \u003Ccode>features=database,docs\u003C\u002Fcode>\u003C\u002Fli>\u003C\u002Ful>\u003Cp>One detail worth calling out: if you do not select a project, all projects in the account are accessible. That is convenient for experimentation, and it is exactly the sort of default you should treat with suspicion in any production-adjacent workflow.\u003C\u002Fp>\u003Ch2>Security is the real product here\u003C\u002Fh2>\u003Cp>Supabase spends a lot of space on security, and that is the right call. The big risk is prompt injection, where untrusted content sneaks instructions into data that an LLM later reads. If a support ticket, database row, or log line contains malicious text, an AI client might follow it unless the human catches the tool call first.\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1775093548451-p9vy.png\" alt=\"Supabase MCP lets AI query your projects\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>The docs give a concrete example: a ticketing system stores a message that tells the model to ignore prior instructions and run SQL. If a developer asks Cursor to inspect that ticket through MCP, the injected text could push the client toward dangerous queries. Supabase says MCP clients like Cursor usually ask for manual approval before each tool call, and that setting should stay on.\u003C\u002Fp>\u003Cblockquote>“Prompt injection is the primary attack vector unique to LLMs.”\u003C\u002Fblockquote>\u003Cp>That quote appears in the Supabase docs, and it is the sentence to keep in your head if you are tempted to wire an AI agent into live data too quickly. Supabase also says it wraps SQL results with extra instructions to discourage models from obeying malicious content, but it is explicit that this is not foolproof.\u003C\u002Fp>\u003Cp>The recommendations are practical rather than theoretical:\u003C\u002Fp>\u003Cul>\u003Cli>Use development projects, not production\u003C\u002Fli>\u003Cli>Keep non-production or obfuscated data in your test environment\u003C\u002Fli>\u003Cli>Do not hand the server to customers or end users\u003C\u002Fli>\u003Cli>Use read-only mode if you must touch real data\u003C\u002Fli>\u003Cli>Scope access to one project when possible\u003C\u002Fli>\u003Cli>Restrict feature groups to the minimum you need\u003C\u002Fli>\u003C\u002Ful>\u003Cp>This is the sort of security guidance that feels obvious until you are under deadline and someone suggests “just connect it to prod for a minute.” Supabase is telling you to resist that temptation.\u003C\u002Fp>\u003Ch2>How it compares with other AI developer tools\u003C\u002Fh2>\u003Cp>Supabase MCP is part of a bigger shift in how AI assistants interact with software systems. Instead of asking a model to guess database structure from a pasted schema, you give it a controlled interface to real tools. That changes the quality of the answers and the blast radius of mistakes.\u003C\u002Fp>\u003Cp>Compared with a plain chat workflow, MCP gives the model structured access to facts. It can ask what tables exist, fetch migrations, inspect logs, and generate types from the schema. That is a lot more grounded than asking a model to infer your backend from screenshots or copied SQL.\u003C\u002Fp>\u003Cp>Compared with a generic agent that has broad shell access, Supabase’s approach is narrower. The server can be project-scoped, read-only, and filtered by feature group. Those controls matter because the difference between “helpful assistant” and “accidental data breach” is often one over-permissioned tool call.\u003C\u002Fp>\u003Cul>\u003Cli>\u003Cstrong>Supabase MCP:\u003C\u002Fstrong> direct access to Supabase-specific tools like migrations, logs, and Edge Functions\u003C\u002Fli>\u003Cli>\u003Cstrong>Generic chat assistant:\u003C\u002Fstrong> usually needs copy-pasted context and manual execution\u003C\u002Fli>\u003Cli>\u003Cstrong>Broad agent with shell access:\u003C\u002Fstrong> more flexible, but higher risk if permissions are loose\u003C\u002Fli>\u003Cli>\u003Cstrong>Local CLI MCP:\u003C\u002Fstrong> useful for development at \u003Ccode>localhost:54321\u003C\u002Fcode>, before touching hosted infrastructure\u003C\u002Fli>\u003C\u002Ful>\u003Cp>The repo is also open. Supabase points to the community repository at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsupabase-community\u002Fsupabase-mcp\" target=\"_blank\" rel=\"noopener\">supabase-community\u002Fsupabase-mcp\u003C\u002Fa>, which is useful if you want to inspect implementation details or track how the server evolves outside the docs.\u003C\u002Fp>\u003Cp>If you are already using AI in your editor, the practical takeaway is simple: MCP is the difference between “the model can talk about your backend” and “the model can query your backend with guardrails.” That is a meaningful step for developer tooling, especially for teams living in Postgres and shipping on Supabase every day.\u003C\u002Fp>\u003Ch2>What this means for teams using Supabase\u003C\u002Fh2>\u003Cp>Supabase MCP is most useful when the AI is acting like a junior pair programmer, not an autonomous operator. Ask it to list tables, inspect migrations, summarize logs, or generate types, and you get faster feedback with less context switching. Ask it to make broad changes in a live environment, and you are gambling with permissions.\u003C\u002Fp>\u003Cp>My read is that the strongest use case is development speed inside a controlled project branch. Supabase’s own branching feature, combined with read-only mode and feature filters, gives teams a sane setup for testing AI-driven workflows before anything gets near production data.\u003C\u002Fp>\u003Cp>The next practical question is how far teams will trust these clients once fine-grained permissions arrive. Supabase says more detailed control is coming in the future, and that is the feature I would watch most closely. If those controls are good enough, MCP could become a normal part of day-to-day database work. If they are clumsy, teams will keep it in the “nice demo, limited rollout” bucket.\u003C\u002Fp>\u003Cp>For now, the advice is boring in the best way: connect MCP to a non-production project, keep manual approval on, scope it tightly, and see what your AI assistant can do when it has real tools instead of guesses. That is the test that matters.\u003C\u002Fp>","Supabase’s MCP server connects AI tools to projects, databases, logs, and Edge Functions, with read-only mode and project scoping.","supabase.com","https:\u002F\u002Fsupabase.com\u002Fdocs\u002Fguides\u002Fgetting-started\u002Fmcp",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1775093535794-gfg8.png",[13,14,15,16,17],"Supabase MCP","Model Context Protocol","Cursor","AI tools","Postgres","en",0,false,"2026-04-02T01:30:33.999899+00:00","2026-04-02T01:30:33.956+00:00","done","289cea8a-68d0-41a9-b149-f1b529946d42","supabase-mcp-ai-projects-en","tools","b8d8ec05-dd94-4c90-bd64-fe0653227ed6","published","2026-04-09T09:00:52.463+00:00",[31,33,35,37,39],{"name":15,"slug":32},"cursor",{"name":17,"slug":34},"postgres",{"name":16,"slug":36},"ai-tools",{"name":14,"slug":38},"model-context-protocol",{"name":13,"slug":40},"supabase-mcp",{"id":27,"slug":42,"title":43,"language":44},"supabase-mcp-ai-projects-zh","Supabase MCP 讓 AI 直連專案","zh",[46,52,58,64,70,76],{"id":47,"slug":48,"title":49,"cover_image":50,"image_url":50,"created_at":51,"category":26},"a6c1d84d-0d9c-4a5a-9ca0-960fbfc1412e","why-gemini-api-pricing-is-cheaper-than-it-looks-en","Why Gemini API pricing is cheaper than it looks","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778869846824-s2r1.png","2026-05-15T18:30:26.595941+00:00",{"id":53,"slug":54,"title":55,"cover_image":56,"image_url":56,"created_at":57,"category":26},"8b02abfa-eb16-4853-8b15-63d302c7b587","why-vidhub-huiyuan-hutong-bushi-quan-shebei-tongyong-en","Why VidHub 会员互通不是“买一次全设备通用”","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778789439875-uceq.png","2026-05-14T20:10:26.046635+00:00",{"id":59,"slug":60,"title":61,"cover_image":62,"image_url":62,"created_at":63,"category":26},"abe54a57-7461-4659-b2a0-99918dfd2a33","why-buns-zig-to-rust-experiment-is-right-en","Why Bun’s Zig-to-Rust experiment is the right move","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778767895201-5745.png","2026-05-14T14:10:29.298057+00:00",{"id":65,"slug":66,"title":67,"cover_image":68,"image_url":68,"created_at":69,"category":26},"f0015918-251b-43d7-95af-032d2139f3f6","why-openai-api-pricing-is-product-strategy-en","Why OpenAI API pricing is a product strategy, not a footnote","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778749841805-uyhg.png","2026-05-14T09:10:27.921211+00:00",{"id":71,"slug":72,"title":73,"cover_image":74,"image_url":74,"created_at":75,"category":26},"7096dab0-6d27-42d9-b951-7545a5dddf33","why-claude-code-prompt-design-beats-ide-copilots-en","Why Claude Code’s prompt design beats IDE copilots","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778742651754-3kxk.png","2026-05-14T07:10:30.953808+00:00",{"id":77,"slug":78,"title":79,"cover_image":80,"image_url":80,"created_at":81,"category":26},"1f1bff1e-0ebc-4fa7-a078-64dc4b552548","why-databricks-model-serving-is-right-default-en","Why Databricks Model Serving is the right default for production infe…","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778692290314-gopj.png","2026-05-13T17:10:32.167576+00:00",[83,88,93,98,103,108,113,118,123,128],{"id":84,"slug":85,"title":86,"created_at":87},"8008f1a9-7a00-4bad-88c9-3eedc9c6b4b1","surepath-ai-mcp-policy-controls-en","SurePath AI's New MCP Policy Controls Enhance AI Security","2026-03-26T01:26:52.222015+00:00",{"id":89,"slug":90,"title":91,"created_at":92},"27e39a8f-b65d-4f7b-a875-859e2b210156","mcp-standard-ai-tools-2026-en","MCP Standard in 2026: Integrating AI Tools","2026-03-26T01:27:43.127519+00:00",{"id":94,"slug":95,"title":96,"created_at":97},"165f9a19-c92d-46ba-b3f0-7125f662921d","rag-2026-transforming-enterprise-ai-en","How RAG in 2026 is Transforming Enterprise AI","2026-03-26T01:28:11.485236+00:00",{"id":99,"slug":100,"title":101,"created_at":102},"6a2a8e6e-b956-49d8-be12-cc47bdc132b2","mastering-ai-prompts-2026-guide-en","Mastering AI Prompts: A 2026 Guide for Developers","2026-03-26T01:29:07.835148+00:00",{"id":104,"slug":105,"title":106,"created_at":107},"d6653030-ee6d-4043-898d-d2de0388545b","evolving-world-prompt-engineering-en","The Evolving World of Prompt Engineering","2026-03-26T01:29:42.061205+00:00",{"id":109,"slug":110,"title":111,"created_at":112},"3ab2c67e-4664-4c67-a013-687a2f605814","garry-tan-open-sources-claude-code-toolkit-en","Garry Tan Open-Sources a Claude Code Toolkit","2026-03-26T08:26:20.245934+00:00",{"id":114,"slug":115,"title":116,"created_at":117},"66a7cbf8-7e76-41d4-9bbf-eaca9761bf69","github-ai-projects-to-watch-in-2026-en","20 GitHub AI Projects to Watch in 2026","2026-03-26T08:28:09.752027+00:00",{"id":119,"slug":120,"title":121,"created_at":122},"231306b3-1594-45b2-af81-bb80e41182f2","claude-code-vs-cursor-2026-en","Claude Code vs Cursor in 2026","2026-03-26T13:27:14.177468+00:00",{"id":124,"slug":125,"title":126,"created_at":127},"9f332fda-eace-448a-a292-2283951eee71","practical-github-guide-learning-ml-2026-en","A Practical GitHub Guide to Learning ML in 2026","2026-03-27T01:16:50.125678+00:00",{"id":129,"slug":130,"title":131,"created_at":132},"1b1f637d-0f4d-42bd-974b-07b53829144d","aiml-2026-student-ai-ml-lab-repo-review-en","AIML-2026 Is a Bare-Bones Student Lab Repo","2026-03-27T01:21:51.661231+00:00"]