confirm_destructive_operation
Execute high-risk database or API operations safely by confirming with a unique ID. Designed for Supabase PostgreSQL, this tool ensures user approval before proceeding with destructive actions.
Instructions
Execute a destructive database or API operation after confirmation. Use this only after reviewing the risks with the user.
HOW IT WORKS:
This tool executes a previously rejected high-risk operation using its confirmation ID
The operation will be exactly the same as the one that generated the ID
No need to retype the query or api request params - the system remembers it
STEPS:
Explain the risks to the user and get their approval
Use this tool with the confirmation ID from the error message
The original query will be executed as-is
PARAMETERS:
operation_type: Type of operation ("api" or "database")
confirmation_id: The ID provided in the error message (required)
user_confirmation: Set to true to confirm execution (default: false)
NOTE: Confirmation IDs expire after 5 minutes for security
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| confirmation_id | Yes | ||
| operation_type | Yes | ||
| user_confirmation | No |
Implementation Reference
- Core handler implementing the confirm_destructive_operation tool logic: checks user confirmation and delegates to API or database manager's handle_confirmation method.async def confirm_destructive_operation( self, container: "ServicesContainer", operation_type: Literal["api", "database"], confirmation_id: str, user_confirmation: bool = False, ) -> QueryResult | dict[str, Any]: """Execute a destructive operation after confirmation. Use this only after reviewing the risks with the user.""" api_manager = container.api_manager query_manager = container.query_manager if not user_confirmation: raise ConfirmationRequiredError("Destructive operation requires explicit user confirmation.") if operation_type == "api": return await api_manager.handle_confirmation(confirmation_id) elif operation_type == "database": return await query_manager.handle_confirmation(confirmation_id)
- supabase_mcp/tools/registry.py:154-165 (registration)MCP server tool registration with @mcp.tool decorator and wrapper function that invokes the feature manager.@mcp.tool(description=tool_manager.get_description(ToolName.CONFIRM_DESTRUCTIVE_OPERATION)) # type: ignore async def confirm_destructive_operation( operation_type: Literal["api", "database"], confirmation_id: str, user_confirmation: bool = False ) -> QueryResult | dict[str, Any]: """Execute a destructive operation after confirmation. Use this only after reviewing the risks with the user.""" return await feature_manager.execute_tool( ToolName.CONFIRM_DESTRUCTIVE_OPERATION, services_container=services_container, operation_type=operation_type, confirmation_id=confirmation_id, user_confirmation=user_confirmation, )
- supabase_mcp/tools/manager.py:23-23 (helper)ToolName enum value defining the tool name.CONFIRM_DESTRUCTIVE_OPERATION = "confirm_destructive_operation"
- Dispatch in execute_tool method routing to the confirm_destructive_operation handler.elif tool_name == ToolName.CONFIRM_DESTRUCTIVE_OPERATION: return await self.confirm_destructive_operation(services_container, **kwargs)