Self-Hosted Supabase MCP Server

Instructions

Implementation Reference

• src/tools/verify_jwt_secret.ts:29-43 (handler)

  The execute function implementing the tool's core logic: retrieves the JWT secret from the client, provides a secure preview if available, and returns the configuration status.

  execute: async (input: VerifyJwtInput, context: ToolContext) => {
      const client = context.selfhostedClient;
      const secret = client.getJwtSecret();
  
      if (secret) {
          // Return only a preview for security
          const preview = `${secret.substring(0, Math.min(secret.length, 5))}...`;
          return {
              jwt_secret_status: 'found',
              jwt_secret_preview: preview,
          };
      }
  
      return { jwt_secret_status: 'not_configured' };
  },

• src/tools/verify_jwt_secret.ts:5-20 (schema)

  Zod input schema (empty object), output schema for status and preview, and MCP-compatible static JSON input schema.

  // Input schema (none needed)
  const VerifyJwtInputSchema = z.object({});
  type VerifyJwtInput = z.infer<typeof VerifyJwtInputSchema>;
  
  // Output schema
  const VerifyJwtOutputSchema = z.object({
      jwt_secret_status: z.enum(['found', 'not_configured']).describe('Whether the JWT secret was provided to the server.'),
      jwt_secret_preview: z.string().optional().describe('A preview of the JWT secret (first few characters) if configured.'),
  });
  
  // Static JSON Schema for MCP capabilities
  const mcpInputSchema = {
      type: 'object',
      properties: {},
      required: [],
  };

• src/index.ts:112-112 (registration)

  Registers the verifyJwtSecretTool in the availableTools object used by the MCP server.

  [verifyJwtSecretTool.name]: verifyJwtSecretTool as AppTool,

• src/index.ts:23-23 (registration)

  Imports the verifyJwtSecretTool for use in the MCP server.

  import { verifyJwtSecretTool } from './tools/verify_jwt_secret.js';