Most database integrations for AI agents stop at "run this query." This one hands the agent the whole Supabase control plane — schema migrations, Edge Function deploys, branch creation, type generation, log access — which is exactly where the security questions start. The interesting design choice here isn't the breadth of tools; it's that the breadth is opt-in.
What Sets It Apart
- Access is gated by composable flags, not all-or-nothing:
--read-onlyblocks every write at the SQL level,--project-refpins the agent to a single project, and feature groups (database, functions, branching, storage, debugging) can be enabled individually — so you can give a coding agent type generation and docs search without ever exposing migrations. - The tool set mirrors the actual Supabase surface — migrations, advisories, log fetching, TypeScript type generation — meaning the agent works against the same primitives you use in the dashboard, not a thinned-down wrapper.
- It separates project-management tools (create projects, list orgs) from in-project tools, so a personal access token's blast radius is a deliberate decision rather than an accident.
Who It's For
Great fit if you're building agentic dev workflows on Supabase and want the agent to own schema and Edge Function changes inside a scoped, read-only-by-default sandbox. Look elsewhere if you only need a plain Postgres connection — a generic Postgres MCP server is lighter and avoids handing out a token that can reach your whole Supabase organization. Be deliberate about branching and write access: those tools touch billable, production-adjacent resources.