airis-mcp-supabase-selfhost
Verified Safeby agiletec-inc
Overview
MCP (Model Context Protocol) server for self-hosted Supabase with RLS-aware PostgreSQL + PostgREST layers, providing LLM access to database schema and data.
Installation
pnpm startEnvironment Variables
- PG_DSN
- POSTGREST_URL
- POSTGREST_JWT
- READ_ONLY
- FEATURES
- PORT
Security Notes
The server employs a 'READ_ONLY' mode by default, which blocks most DML/DDL/DCL operations via regex-based SQL validation. While the regex guard is not foolproof, the default read-only posture and recommendation for a dedicated read-only PostgreSQL user significantly enhance safety. Secrets (PG_DSN, POSTGREST_URL, POSTGREST_JWT) are loaded from environment variables, avoiding hardcoded values in production code. The PostgREST layer is RLS-aware, enforcing access policies. Potential risks arise if 'READ_ONLY' mode is disabled or if a powerful 'POSTGREST_JWT' (e.g., service_role key) is used without proper access control on the Supabase side.
Similar Servers
MCP-PostgreSQL-Ops
The MCP server provides professional operations, monitoring, and management capabilities for PostgreSQL databases using natural language queries.
mcp-server-couchbase
An MCP server enabling LLMs to interact directly with Couchbase clusters for data operations, schema retrieval, and query performance analysis.
supabase-mcp-server
This server provides interactive tools and React widgets for exploring and querying your Supabase database and viewing its service status.
enhanced-postgres-mcp-server
This server acts as a Model Context Protocol interface for PostgreSQL, enabling LLMs to query data, modify records, and manage database schema objects with read and write capabilities.