Skip to main content
Glama
Desmond-Labs

Supabase Storage MCP

by Desmond-Labs
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Hybrid

get_file_url

Generate secure, time-limited download URLs for files stored in Supabase Storage buckets to enable controlled access to stored content.

Instructions

Generate signed download URL for secure file access

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
bucket_nameYesSource bucket
storage_pathYesFull file path in storage
expires_inNoURL expiration in seconds (default: 7200)

Implementation Reference

  • src/index.ts:762-803 (handler)
    The core handler function that implements the get_file_url tool logic: extracts parameters, generates a signed URL using Supabase storage.createSignedUrl, handles errors, audits the request, and returns the signed URL with expiration info.
    async function handleGetFileUrl(args: any, requestId: string, startTime: number) {
  const { bucket_name, storage_path, expires_in = 7200 } = args;
  
  const inputHash = generateSecureHash(JSON.stringify({ bucket_name, storage_path, expires_in }));
  
  try {
    const { data, error } = await supabase.storage
      .from(bucket_name)
      .createSignedUrl(storage_path, expires_in);
    
    if (error) {
      throw new Error(`Failed to create signed URL: ${error.message}`);
    }
    
    const expiresAt = new Date(Date.now() + expires_in * 1000).toISOString();
    
    auditRequest('get_file_url', true, inputHash);
    
    const result: SignedUrlResult = {
      signedUrl: data.signedUrl,
      expiresAt,
      fileSize: 0, // Would need additional call to get file info
      mimeType: 'unknown' // Would need additional call to get file info
    };
    
    return {
      content: [
        {
          type: 'text',
          text: JSON.stringify({
            ...result,
            request_id: requestId,
            processing_time: Date.now() - startTime
          }, null, 2)
        }
      ]
    };
  } catch (error) {
    auditRequest('get_file_url', false, inputHash, getErrorMessage(error));
    throw error;
  }
}
  • src/index.ts:205-233 (schema)
    The input schema definition for the get_file_url tool, specifying parameters bucket_name (string), storage_path (string), and optional expires_in (number with constraints).
    {
  name: 'get_file_url',
  description: 'Generate signed download URL for secure file access',
  inputSchema: {
    type: 'object',
    properties: {
      bucket_name: {
        type: 'string',
        description: 'Source bucket',
        minLength: 3,
        maxLength: 63
      },
      storage_path: {
        type: 'string',
        description: 'Full file path in storage',
        maxLength: 1024
      },
      expires_in: {
        type: 'number',
        description: 'URL expiration in seconds (default: 7200)',
        minimum: 60,
        maximum: 604800,
        default: 7200
      }
    },
    required: ['bucket_name', 'storage_path'],
    additionalProperties: false
  }
},
  • src/index.ts:476-477 (registration)
    Registration/dispatch in the main CallToolRequestSchema switch statement that routes calls to the get_file_url tool to its handler function.
    case 'get_file_url':
  return await handleGetFileUrl(args, requestId, startTime);

Tool Definition Quality

B3.1/5.0
Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden for behavioral disclosure. It mentions 'signed' and 'secure' which imply authentication/authorization needs, but doesn't specify required permissions, rate limits, or what happens if the file doesn't exist. For a tool that generates access URLs with security implications, this is insufficient.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence that gets straight to the point with zero wasted words. It's appropriately sized for a tool with good schema coverage and no output schema.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a tool with 100% schema coverage but no annotations and no output schema, the description provides basic purpose but lacks important context about security requirements, error conditions, and return format. It's minimally adequate but leaves significant gaps about how the tool actually behaves in practice.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the schema fully documents all three parameters. The description adds no parameter-specific information beyond what's in the schema. The baseline of 3 is appropriate when the schema does all the parameter documentation work.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the verb 'Generate' and the resource 'signed download URL', specifying it's for 'secure file access'. It distinguishes from siblings like 'download_file' by focusing on URL generation rather than direct download, but doesn't explicitly contrast with 'create_signed_urls' which appears similar.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives like 'download_file', 'batch_download', or 'create_signed_urls'. It mentions 'secure file access' but doesn't explain why this method is preferred over direct download tools in specific contexts.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Desmond-Labs/supabase-storage-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server