MCP Server Policy

SUPABASE MCP POLICY

Enforce policies on every tool call to the Supabase MCP Server. 32 tools listed, categorised, and ready for rules.

supabase-community/supabase-mcp 18 read 14 write 32 tools total

supabase database postgres edge-functions storage

GET STARTED

Download this policy scaffold and add your rules. Intercept enforces them on every tool call before it reaches Supabase.

terminal

# Download policy scaffold


curl -o supabase.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/supabase.yaml

# Run with Intercept


intercept --policy supabase.yaml -- npx -y @supabase-community/supabase-mcp

Server documentation: https://github.com/supabase-community/supabase-mcp

READ TOOLS

get_advisors Gets advisory notices for a Supabase project

get_cost Gets the cost of a new project or branch

get_edge_function Retrieves file contents for an Edge Function

get_logs Gets logs for a Supabase project by service type

get_organization Gets details for an organisation

get_project Gets details for a project

get_project_url Gets the API URL for a project

get_publishable_keys Gets the anonymous API keys for a project

get_storage_config Gets the storage config for a project

list_branches Lists all development branches

list_edge_functions Lists all Edge Functions in a project

list_extensions Lists all extensions in the database

list_migrations Lists all migrations in the database

list_organizations Lists all organisations the user is a member of

list_projects Lists all Supabase projects for the user

list_storage_buckets Lists all storage buckets in a project

list_tables Lists all tables within the specified schemas

search_docs Searches Supabase documentation

WRITE TOOLS

create_branch Creates a development branch with migrations

create_project Creates a new Supabase project

update_storage_config Updates the storage config for a project

DESTRUCTIVE TOOLS

delete_branch Deletes a development branch

EXECUTE TOOLS

execute_sql Executes raw SQL in the database

OTHER TOOLS

apply_migration Applies a SQL migration to the database

confirm_cost Confirms the user's understanding of costs

deploy_edge_function Deploys a new Edge Function to a project

generate_typescript_types Generates TypeScript types from the database schema

merge_branch Merges migrations from dev branch to production

pause_project Pauses a project

rebase_branch Rebases development branch on production

reset_branch Resets migrations of a development branch

restore_project Restores a project

POLICY YAML

This scaffold lists every tool with empty rules. Add conditions — rate limits, argument validation, deny rules — then deploy with Intercept.

supabase.yaml

version: "1"
description: "Policy for supabase-community/supabase-mcp"
default: "allow"
tools:
    get_advisors:
        rules: []
    get_cost:
        rules: []
    get_edge_function:
        rules: []
    get_logs:
        rules: []
    get_organization:
        rules: []
    get_project:
        rules: []
    get_project_url:
        rules: []
    get_publishable_keys:
        rules: []
    get_storage_config:
        rules: []
    list_branches:
        rules: []
    list_edge_functions:
        rules: []
    list_extensions:
        rules: []
    list_migrations:
        rules: []
    list_organizations:
        rules: []
    list_projects:
        rules: []
    list_storage_buckets:
        rules: []
    list_tables:
        rules: []
    search_docs:
        rules: []
    create_branch:
        rules: []
    create_project:
        rules: []
    update_storage_config:
        rules: []
    execute_sql:
        rules: []
    delete_branch:
        rules: []
    apply_migration:
        rules: []
    confirm_cost:
        rules: []
    deploy_edge_function:
        rules: []
    generate_typescript_types:
        rules: []
    merge_branch:
        rules: []
    pause_project:
        rules: []
    rebase_branch:
        rules: []
    reset_branch:
        rules: []
    restore_project:
        rules: []

RELATED POLICIES

Google Workspace Drive (gws CLI) 57 tools

storage

MongoDB 36 tools

database

FREQUENTLY ASKED QUESTIONS

What tools does the Supabase MCP server expose?

The Supabase MCP Server exposes 32 tools across 5 categories: Read, Write, Execute, Destructive, Other. Each tool can be individually controlled with Intercept policies.

How do I enforce policies on Supabase?

Download the policy scaffold, add rules (rate limits, argument validation, deny rules), then run Intercept as a proxy in front of the Supabase MCP server. Every tool call is evaluated against your YAML policy before execution.

Is the Supabase policy free to use?

Yes. All Intercept policies are open source under the Apache 2.0 licence. Download, modify, and deploy without restrictions.

ENFORCE POLICIES ON SUPABASE

Open source. One binary. Zero dependencies.

VIEW ON GITHUB Browse all policies →

SUPABASE MCP POLICY

GET STARTED

READ TOOLS

get_advisors

get_cost

get_edge_function

get_logs

get_organization

get_project

get_project_url

get_publishable_keys

get_storage_config

list_branches

list_edge_functions

list_extensions

list_migrations

list_organizations

list_projects

list_storage_buckets

list_tables

search_docs

WRITE TOOLS

create_branch

create_project

update_storage_config

DESTRUCTIVE TOOLS

delete_branch

EXECUTE TOOLS

execute_sql

OTHER TOOLS

apply_migration

confirm_cost

deploy_edge_function

generate_typescript_types

merge_branch

pause_project

rebase_branch

reset_branch

restore_project