Supabase MCP. Run full CRUD operations directly from your AI client.
Gemini Works with every AI agent you already use
…and any MCP-compatible client
Just plug in your AI agents and start using Vinkius.
Supabase lets your AI client run database commands directly in your terminal. Use this to execute PostgreSQL queries, modify data, and manage user accounts without leaving your IDE.
You can query records with `db_select`, insert new rows using `db_insert`, or run complex backend logic via `db_rpc`. It gives your agent full-admin access rights for testing and debugging.
What your AI agents can do
Create storage bucket
Optionally make it public for unauthenticated reads.
Create a new storage bucket
Db count
Counts the number of rows in a specific database table, useful for pagination metrics.
Db delete
Irreversibly deletes one or more targeted records from any database table.
The agent queries a table and returns a set of data rows based on specified filters.
The agent adds a brand new row of structured data into a database table.
The agent changes the values in specific, targeted rows within a table.
The agent triggers complex stored procedures or functions defined within PostgreSQL.
The agent lists and retrieves detailed information about registered users in the system.
The agent maps out all available object storage containers and files for debugging file paths.
Ask AI about this MCP
Supported MCP Clients
Gemini Waiting for input…
Supabase MCP Server: 10 Tools for Backend Management
Use these tools to read, write, update, delete data records, manage user accounts, or run custom backend procedures across your Supabase database.
019e9aa4create storage bucket
Optionally make it public for unauthenticated reads. Create a new storage bucket
019d760edb count
Counts the number of rows in a specific database table, useful for pagination metrics.
019d760edb delete
Irreversibly deletes one or more targeted records from any database table.
019d760edb insert
Inserts a new row of data into a specified database table using a JSON payload.
019d760edb rpc
Executes any pre-compiled PostgreSQL stored function or procedure (RPC) with defined arguments.
019d760edb select
Queries records from a database table using PostgREST syntax and specific filters, returning up to 50 rows by default.
019d760edb update
Updates the values in existing rows of a database table, requiring a target filter for accuracy.
019e9aa4delete auth user
Requires service_role key. This action is irreversible. Delete an authenticated user permanently
019e9aa4delete storage file
Provide a comma-separated list of file paths. Delete files from a storage bucket
019d760eget auth user
Fetches detailed account information for one specific user by their ID or email.
019d760elist auth users
Retrieves a list of all registered and authenticated users from the Supabase Auth system.
019d760elist storage buckets
Lists every available storage container (bucket) configured within the service for file management.
019d760elist storage files
Retrieves a list of all specific files stored inside a designated bucket.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on every call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with Supabase, then connect any of our 4,700+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 4,700+ others, all in one place
- Add new capabilities to your AI anytime you want
- Every connection is secured and compliant automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog every week
What you can do with this MCP connector
You're connecting your AI client straight to a PostgreSQL database. This setup gives your agent full-admin rights—it bypasses row-level security checks so you can test data flows and debug backend logic without hesitation. It’s basically giving your bot the keys to the kingdom, which is exactly what engineers need.
Database Management (CRUD)
When you need to read data, you'll use db_select to query records from any table; it takes PostgREST syntax and specific filters, bringing back up to 50 rows by default. If you just need a quick count of how many records are in a table for pagination metrics, run db_count.
To create new data, you'll use db_insert, providing the agent with a JSON payload that populates a brand-new row in your specified table. Need to change something? You'll use db_update to adjust values in existing rows; remember, it requires a target filter so it doesn't mess up everything. If you gotta wipe stuff out—and this is irreversible—you run db_delete, targeting one or more records from any table.
Backend Logic & Custom Functions
Sometimes the logic needs to happen on the server side, not just in a simple query. You can trigger complex stored procedures or functions defined within PostgreSQL using db_rpc; you'll supply it with the required arguments for that pre-compiled function call. This lets your agent execute heavy backend operations directly.
User and Account Auditing
To check who’s logged in, you can use list_auth_users to retrieve a complete list of every registered user in the Supabase Auth system. If you need deep details on one specific account—say, checking an email or getting their full profile info—you run get_auth_user, feeding it either an ID or an email address.
Storage and File Inspection
If your app uses file storage, this setup handles that too. You start by calling list_storage_buckets to map out every available container the service configured for file management. Once you know which bucket it is, you use list_storage_files to get a list of all specific files stored inside that designated area.
This whole suite gives your agent comprehensive control over querying data records using specified filters, adding brand new rows of structured data into a database table, changing the values in specific targeted rows within a table, executing complex stored procedures or functions defined within PostgreSQL, listing and retrieving detailed information about registered users in the system, and mapping out all available object storage containers and files for debugging file paths.
How Supabase MCP Works
- 1 Enable the Supabase MCP plugin in your configuration.
- 2 Bind your
SUPABASE_URLand provide the powerfulSUPABASE_SERVICE_ROLE_KEYfor authentication. - 3 Instruct your AI client to perform a multi-step action, like "Get all active users who also have files stored in the 'profiles' bucket."
The bottom line is that your agent executes complex data operations using native PostgreSQL commands without you needing to open an external database console.
Who Is Supabase MCP For?
This tool is for the backend developer who gets frustrated with context switching. Specifically, it helps the platform engineer who needs to test a new feature's data flow or the DevOps admin debugging why user permissions fail at 2 AM. If your job involves running validation queries against production data structures, this server saves time.
Uses db_insert and db_update to mock rapid changes to database state or test how a new feature handles data writes.
Runs complex validation queries using db_select and invokes custom business logic with db_rpc during review cycles.
Combines calls, such as checking user status via list_auth_users then querying related data using db_select, all in one prompt.
What Changes When You Connect
- Debugging is faster. Instead of opening three separate tabs (SQL console, user table, storage browser), you can run a multi-step check in one prompt. For example, use
list_storage_bucketsto find the right path, thendb_selectto verify data existence. - Procedural logic is simple. You don't need to write raw SQL for every business rule. Just call
db_rpcwith a function name (like 'restock_items') and pass arguments; the server handles the complex backend work. - Data integrity checks are immediate. Need to know how many active users exist? Call
list_auth_users. Then, check their profiles usingdb_selectto confirm data matches up. It’s all automated. - Storage and database sync is easy. If a user uploads a file (tracked by
list_storage_files), you can immediately use that context to write a new record in theuser_activitytable viadb_insert, keeping your state synced without manual copy-pasting. - Full audit capability. You can verify who has access and what data they see. Use
get_auth_userto check one account, orlist_auth_usersto get a roster of everyone logged in right now.
Real-World Use Cases
Validating user onboarding flow
A new feature requires users to upload an avatar and create profile data. The agent first calls list_storage_buckets to confirm the correct 'avatars' bucket exists. It then uses db_insert to create a placeholder record in the 'profiles' table, setting the user ID. Finally, it runs get_auth_user to confirm the entire sequence worked for that specific account.
Running end-of-month data cleanup
The DBA needs to delete old records and run a specialized maintenance procedure. The agent first uses db_select to find all user IDs older than 90 days. It then calls db_rpc with the 'archive_user' function, passing those IDs. Finally, it runs db_delete on temporary tables for cleanup.
Investigating data discrepancies
A bug report claims some records are missing. The agent uses list_storage_files to check the file system metadata first. If the files look fine, it runs a targeted query using db_select, specifying the exact table and filters to isolate which records were supposed to be there but aren't showing up.
Auditing administrative changes
The full-stack team needs to verify if a specific user (ID 456) has permission to access certain data. They use get_auth_user to confirm the account is active, then run a query via db_select on the 'permissions' table, cross-referencing the user ID to audit their current rights.
The Tradeoffs
Trying to manually join data sources
A developer runs a db_select on Table A, copies 10 IDs into their clipboard, and then has to run 10 separate queries against Table B.
→
Don't copy/paste. Use the agent to chain calls: Start with list_auth_users, then use the resulting list of user IDs in a single query via db_select or pass them as an array argument directly into a custom function using db_rpc. This keeps it automated.
Assuming all data is ready for insertion
The developer runs db_insert with a payload, but forgets to check if the target table even exists or if required fields are populated.
→
Before inserting, run list_storage_buckets (if files are involved) and use db_select on that specific table first. This confirms the schema and validates the necessary data structure before you attempt any write operation.
Bypassing security checks entirely
Trying to delete records using simple direct queries without confirming who has permission or if a complex rule needs running.
→
Never rely only on db_delete. Always wrap critical writes in the procedural layer. Use db_rpc with your business logic functions; this forces the execution through controlled, auditable code paths instead of raw SQL.
When It Fits, When It Doesn't
Use Supabase if your workflow requires connecting a conversational agent directly to a PostgreSQL backend for data manipulation and user management. The toolset is perfect when you need the AI client to act like a privileged database administrator, executing CRUD operations (db_select, db_update, etc.) and triggering complex business logic via stored procedures (db_rpc) without leaving your IDE.
Don't use this if all you need is read-only access; while db_select works for that, the full power of write tools might introduce risk. If your primary goal is just message passing or document storage retrieval (like a pure vector database), look at those specialized alternatives. However, if your core problem space involves state changes—inserting records, updating profiles, or managing user roles—this set provides necessary control and visibility.
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Supabase. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS INFRASTRUCTURE
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on every call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Works with Claude, ChatGPT, Cursor, and more
The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.
This server provides 13 capabilities that interface natively with Claude, ChatGPT, Cursor, and any MCP client. No middleware. No custom integration required.
Available Capabilities
Database queries used to be slow, manual copy-paste tasks.
Today, if you need to verify data across multiple tables (e.g., checking a user's profile, their recent activities, and associated files), you have to open the database console. You run Query 1, copy results. Then you switch to the file browser. You manually check the IDs against the records. It’s clicking through dashboards until your eyes glaze over.
With this MCP server, you just prompt your agent: "Find all active users who have uploaded a profile picture and list their names." The agent runs `list_auth_users`, then uses that data to query the 'profiles' table with `db_select`—all in one go. You get an immediate, clean report.
Supabase MCP Server: Control your entire data lifecycle.
Previously, updating a user profile was risky. You'd run `db_update`, but if the related status flag wasn't updated manually afterward, your application would break because of an inconsistent state. It required multiple steps and human memory to keep track.
Now, you execute that whole process in one go using `db_rpc`. The agent calls the single 'update_profile' function. That function handles updating the record *and* changing the status flag internally. One command does all the heavy lifting.
Common Questions About Supabase MCP
Can I use db_select to filter by user ID? +
Yes, you can. When using db_select, structure your query using a match_query syntax like id=eq.[user_id]. This lets you pull data for one specific user while still querying the table.
How do I run complex business logic with db_rpc? +
You must call db_rpc and provide two things: the exact function name (e.g., 'calculate_tax') and a JSON object containing all required input arguments for that function.
Does list_auth_users show everything? +
It lists all authenticated users managed by Supabase Auth. This tool is useful for auditing your user base size or verifying if specific accounts exist in the system roster.
Is it safe to use db_delete in my workflow? +
No, db_delete is irreversible and dangerous. Always confirm with an admin or DBA before calling this tool. Test deletions first using db_select with the same filters.
When using `list_storage_buckets`, how do I actually find files inside a specific container? Should I use `list_storage_files`? +
You must use the list_storage_files tool for this. It targets the contents of an existing bucket, giving you file paths and metadata. This is separate from listing the buckets themselves.
If I need to both modify a user's record AND add a new related entry, do I have to call `db_update` and `db_insert` separately? +
Yes. The system treats these as two distinct operations. You execute the update first, then run the insert command. There is no single atomic tool for combined modifications.
If I know a user's ID, how does the `get_auth_user` tool provide detailed profile data, unlike just listing them with `list_auth_users`? +
The get_auth_user tool retrieves a specific, enriched object for one account. It pulls details beyond basic authentication status—things like user metadata and complex profiles.
When using `db_select`, how do I handle very large tables efficiently, and what role does `db_count` play in pagination? +
You pair them up. First, use db_count to get the total number of records you're dealing with. Then, use db_select with a specific limit or offset (pagination) to pull data in manageable chunks.
Why do I need to use the service role key instead of the safe public anon key? +
The MCP integration operates inherently as an administration module properly securely autonomously. Utilizing the service_role actively gracefully securely circumvents logical Row Level Security settings globally, empowering correct system manipulation properly dynamically successfully without error friction organically.
Is there a safety measure preventing unintended whole table destructive deletions? +
Yes. Commands mutating or destroying rows, such as accurately calling db_delete, rigorously mandate explicit logical matching definitions (like exact ID tracking) seamlessly inherently systematically mitigating risk effectively fully locally organically efficiently properly.
Can the AI call custom PostgreSQL functions (RPC)? +
Yes. Use db_rpc to invoke any server-side PL/pgSQL function by name, passing JSON arguments. This lets the AI trigger stored procedures, computed views, or custom business logic directly.
Use it with your favorite AI tools
Connect this server to Cursor, Claude, VS Code, and more.
More in this category
Vercel
Deploy frontend applications instantly with a platform optimized for Next.js, serverless functions, and edge computing globally.
DataFrame Aggregator Engine
Perform blazingly fast GroupBy and Aggregations on massive CSVs local. Save millions of AI tokens and get mathematically perfect sums, means, and counts.
Tinybird Data Platform
Analyze real-time data via Tinybird — manage Data Sources, inspect Pipes, and query endpoints directly.
You might also like
JokeAPI
Universal humor engine — get random jokes, filter by category and safety flags via AI.
Certify (Emburse)
Manage expenses and invoices via Certify (Emburse) — track reports, receipts, and employee spend directly from any AI agent.
Customerly
Combine live chat, email marketing, and customer surveys in one platform that helps SaaS companies grow and retain users.