Skip to main content
Glama
deenesjakoruzh
alexander-zuev

Supabase MCP Server

by alexander-zuev
OverviewSchemaRelated ServersScoreDiscussions
Python
Hybrid

execute_postgresql

Execute PostgreSQL queries on Supabase databases with safety controls. Perform read, write, and schema operations, supported by transaction handling and automatic version-controlled migrations. Use UNSAFE mode for write and schema changes; confirm high-risk actions.

Instructions

Execute PostgreSQL statements against your Supabase database.

IMPORTANT: All SQL statements must end with a semicolon (;).

OPERATION TYPES AND REQUIREMENTS:

  1. READ Operations (SELECT, EXPLAIN, etc.):

    • Can be executed directly without special requirements

    • Example: SELECT * FROM public.users LIMIT 10;

  2. WRITE Operations (INSERT, UPDATE, DELETE):

    • Require UNSAFE mode (use live_dangerously('database', True) first)

    • Example: INSERT INTO public.users (email) VALUES ('user@example.com');

  3. SCHEMA Operations (CREATE, ALTER, DROP):

    • Require UNSAFE mode (use live_dangerously('database', True) first)

    • Destructive operations (DROP, TRUNCATE) require additional confirmation

    • Example: CREATE TABLE public.test_table (id SERIAL PRIMARY KEY, name TEXT);

MIGRATION HANDLING: All queries that modify the database will be automatically version controlled by the server. You can provide optional migration name, if you want to name the migration.

  • Respect the following format: verb_noun_detail. Be descriptive and concise.

  • Examples:

    • create_users_table

    • add_email_to_profiles

    • enable_rls_on_users

  • If you don't provide a migration name, the server will generate one based on the SQL statement

  • The system will sanitize your provided name to ensure compatibility with database systems

  • Migration names are prefixed with a timestamp in the format YYYYMMDDHHMMSS

SAFETY SYSTEM: Operations are categorized by risk level:

  • LOW RISK: Read operations (SELECT, EXPLAIN) - allowed in SAFE mode

  • MEDIUM RISK: Write operations (INSERT, UPDATE, DELETE) - require UNSAFE mode

  • HIGH RISK: Schema operations (CREATE, ALTER) - require UNSAFE mode

  • EXTREME RISK: Destructive operations (DROP, TRUNCATE) - require UNSAFE mode and confirmation

TRANSACTION HANDLING:

  • DO NOT use transaction control statements (BEGIN, COMMIT, ROLLBACK)

  • The database client automatically wraps queries in transactions

  • The SQL validator will reject queries containing transaction control statements

  • This ensures atomicity and provides rollback capability for data modifications

MULTIPLE STATEMENTS:

  • You can send multiple SQL statements in a single query

  • Each statement will be executed in order within the same transaction

  • Example: CREATE TABLE public.test_table (id SERIAL PRIMARY KEY, name TEXT); INSERT INTO public.test_table (name) VALUES ('test');

CONFIRMATION FLOW FOR HIGH-RISK OPERATIONS:

  • High-risk operations (DROP TABLE, TRUNCATE, etc.) will be rejected with a confirmation ID

  • The error message will explain what happened and provide a confirmation ID

  • Review the risks with the user before proceeding

  • Use the confirm_destructive_operation tool with the provided ID to execute the operation

IMPORTANT GUIDELINES:

  • The database client starts in SAFE mode by default for safety

  • Only enable UNSAFE mode when you need to modify data or schema

  • Never mix READ and WRITE operations in the same transaction

  • For destructive operations, be prepared to confirm with the confirm_destructive_operation tool

WHEN TO USE OTHER TOOLS INSTEAD:

  • For Auth operations (users, authentication, etc.): Use call_auth_admin_method instead of direct SQL The Auth Admin SDK provides safer, validated methods for user management

  • For project configuration, functions, storage, etc.: Use send_management_api_request The Management API handles Supabase platform features that aren't directly in the database

Note: This tool operates on the PostgreSQL database only. API operations use separate safety controls.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
migration_nameNo
queryYes

Implementation Reference

  • supabase_mcp/core/feature_manager.py:114-120 (handler)
    Core handler function implementing the execute_postgresql tool logic by delegating query execution to the query_manager.
    async def execute_postgresql(
    self, container: "ServicesContainer", query: str, migration_name: str = ""
) -> QueryResult:
    """Execute PostgreSQL statements against your Supabase database."""
    query_manager = container.query_manager
    return await query_manager.handle_query(query, has_confirmation=False, migration_name=migration_name)
  • supabase_mcp/tools/registry.py:47-55 (registration)
    Registration of the execute_postgresql tool using the @mcp.tool decorator, including input schema via type annotations. Delegates to feature_manager.
    @mcp.tool(description=tool_manager.get_description(ToolName.EXECUTE_POSTGRESQL))  # type: ignore
async def execute_postgresql(query: str, migration_name: str = "") -> QueryResult:
    """Execute PostgreSQL statements against your Supabase database."""
    return await feature_manager.execute_tool(
        ToolName.EXECUTE_POSTGRESQL,
        services_container=services_container,
        query=query,
        migration_name=migration_name,
    )
  • supabase_mcp/core/feature_manager.py:75-76 (registration)
    Dispatch registration within FeatureManager.execute_tool method for handling ToolName.EXECUTE_POSTGRESQL.
    elif tool_name == ToolName.EXECUTE_POSTGRESQL:
    return await self.execute_postgresql(services_container, **kwargs)
  • supabase_mcp/tools/manager.py:18-18 (schema)
    ToolName enum definition providing the string identifier for the execute_postgresql tool.
    EXECUTE_POSTGRESQL = "execute_postgresql"

Tool Definition Quality

A4.7/5.0
Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure and does so comprehensively. It details safety modes (SAFE/UNSAFE), risk categorization (LOW/MEDIUM/HIGH/EXTREME), transaction handling restrictions, migration version control, confirmation flows for destructive operations, and important operational guidelines. This provides rich behavioral context beyond basic functionality.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness3/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured with clear sections (OPERATION TYPES, MIGRATION HANDLING, SAFETY SYSTEM, etc.) but is quite lengthy. While most content is valuable, some redundancy exists (e.g., multiple mentions of UNSAFE mode requirements). The front-loading is good with purpose and immediate requirements, but the length may challenge quick comprehension.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of a database execution tool with 2 parameters, no annotations, and no output schema, the description provides exceptional completeness. It covers purpose, usage guidelines, behavioral traits, parameter semantics, safety systems, transaction handling, migration control, confirmation flows, and sibling tool relationships. This fully compensates for the lack of structured metadata.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

With 0% schema description coverage for the 2 parameters, the description compensates well by explaining both parameters' semantics. It describes 'migration_name' in detail (format requirements, examples, what happens if not provided, sanitization, timestamp prefixing) and 'query' through extensive examples and requirements (semicolon termination, operation types). While comprehensive, it doesn't explicitly map all schema properties like the default value for migration_name.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Execute PostgreSQL statements against your Supabase database.' It specifies the exact action (execute) and resource (PostgreSQL statements/Supabase database), distinguishing it from sibling tools like call_auth_admin_method or send_management_api_request that handle different aspects of the system.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides explicit guidance on when to use this tool versus alternatives. It includes a dedicated section 'WHEN TO USE OTHER TOOLS INSTEAD' that names specific sibling tools (call_auth_admin_method, send_management_api_request) and explains what operations they handle instead. It also provides detailed context about different operation types and their requirements.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Related Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/alexander-zuev/supabase-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server