Supabase MCP Server
OfficialOfficial Supabase server: manage tables, run SQL, branches, configs and edge functions from your AI client.
Add to your client
Copy the config for your MCP client and paste it into its config file.
Add remote URL https://mcp.supabase.com/mcp to your MCP client (OAuth login)Paste into ~/Library/Application Support/Claude/claude_desktop_config.json
{
"mcpServers": {
"supabase-mcp-server": {
"command": "npx",
"args": [
"-y",
"mcp-remote",
"https://mcp.supabase.com/mcp?read_only=true&project_ref=<your-project-ref>"
]
}
}
}Claude Desktop connects to remote servers through the `mcp-remote` proxy (installed on first run via npx). Restart Claude Desktop after saving.
Step-by-step guides: Add to Claude Desktop · Add to Cursor · Add to Windsurf
Before you start
- A Supabase account and at least one project (sign up at supabase.com)
- An MCP-capable client (Cursor, Claude Code, VS Code, Windsurf, etc.)
- For the remote server: nothing to install — authentication is handled by an OAuth 2.1 browser flow, no manual token needed
- For local/self-hosted stdio mode: Node.js and the Supabase CLI; a Supabase personal access token can be created in the dashboard under Account > Access Tokens
- Know your project ref (the `project_ref` ID from your project URL) to scope access
About Supabase MCP Server
The official Supabase MCP server lets an AI client manage a Supabase project end to end: design and query Postgres tables, run SQL, apply migrations, deploy Edge Functions, spin up development branches, fetch logs and security/performance advisors, and generate TypeScript types. It is maintained by Supabase.
The recommended way to connect is the hosted, remote HTTP endpoint at https://mcp.supabase.com/mcp, which uses an OAuth 2.1 login flow so you never have to paste a personal access token into your client config. A self-hosted/local stdio mode is also available (e.g. via the Supabase CLI at http://localhost:54321/mcp).
Security controls are passed as URL query parameters: scope the server to a single project with project_ref=<id> and enable read_only=true so the agent can only issue read transactions. You can also restrict which feature groups (account, database, branching, storage, etc.) are enabled, which is strongly recommended when connecting to production data.
Tools & capabilities (12)
list_projects / get_project / create_projectList, inspect, and create Supabase projects
list_tablesList database tables and their schema
execute_sqlRun an arbitrary SQL query against the project database
apply_migrationApply a named SQL migration (DDL/schema change)
list_migrations / list_extensionsInspect applied migrations and installed Postgres extensions
deploy_edge_functionDeploy a Supabase Edge Function; list_edge_functions and get_edge_function inspect them
create_branch / list_branches / merge_branch / reset_branch / rebase_branch / delete_branchManage development branches of the database
get_logs / get_advisorsFetch service logs and security/performance advisor findings for debugging
generate_typescript_typesGenerate TypeScript types from the current database schema
get_project_url / get_publishable_keysRetrieve API URL and publishable keys for the project
list_storage_buckets / get_storage_config / update_storage_configInspect and configure Storage
search_docsSearch the Supabase documentation
When to use it
- Use it when you want an AI agent to scaffold tables and write migrations for a Supabase project from a natural-language description
- Use it when you need to run ad-hoc SQL or debug data without leaving your editor
- Use it when you want to deploy or iterate on Edge Functions directly from your AI client
- Use it when you want safe, isolated database branches for testing schema changes before merging
- Use it when you want the agent to pull logs and security/performance advisors to diagnose a problem
- Use it when you need up-to-date TypeScript types generated from your live schema
Quick setup
- 1In your MCP client, add a remote server pointing at https://mcp.supabase.com/mcp
- 2Append query params to scope access, e.g. ?project_ref=<your-ref>&read_only=true
- 3Restart/refresh the client and complete the OAuth 2.1 login in the browser when prompted
- 4Approve the project and feature scopes you want to expose
- 5Verify by asking the agent to list your tables or projects
Security notes
Grants broad access to your Supabase project including data and configuration; always scope with project_ref and enable read_only mode unless writes are explicitly needed. The OAuth flow authorizes the MCP client against your whole org, so review requested scopes.
Supabase MCP Server FAQ
Do I need a personal access token?
Not for the recommended remote server — it uses an OAuth 2.1 browser login. A personal access token is only relevant for local/self-hosted CLI setups; create one in the dashboard under Account > Access Tokens.
How do I stop the agent from modifying my database?
Add read_only=true to the server URL. This forces all database operations into read-only transactions so the agent cannot write or run DDL.
Can I limit it to one project?
Yes. Pass project_ref=<id> in the URL to scope the server to a single project instead of your whole account.
Is it safe to point at production?
Treat it cautiously: enable read_only mode, scope to the specific project, and limit feature groups. Supabase recommends against running write-enabled, unscoped access against production data.
Which clients are supported?
Any MCP-compatible client, including Cursor, Claude Code, VS Code, Windsurf, and Claude Desktop.
Alternatives to Supabase MCP Server
Compare all alternatives →
Google's official MCP server with prebuilt BigQuery tools, querying datasets via Application Default Credentials.
Read/write Postgres access plus index tuning, EXPLAIN plans, and database health analysis for AI agents.
Manage serverless Postgres on Neon with natural language: projects, branches, migrations, and SQL.
Compare Supabase MCP Server with: