home / mcp / aliyun supabase mcp server
Connect Supabase on Aliyun to AI assistants via MCP to manage projects, data, and configurations.
Configuration
View docs{
"mcpServers": {
"aliyun-alibabacloud-supabase-mcp-server": {
"command": "npx",
"args": [
"-y",
"@aliyun-supabase/mcp-server-supabase@latest",
"--features=aliyun"
],
"env": {
"ALIYUN_ACCESS_TOKEN": "<YOUR_TOKEN>",
"ALIBABA_CLOUD_ACCESS_KEY_ID": "<AK>",
"ALIBABA_CLOUD_ACCESS_KEY_SECRET": "<SK>"
}
}
}
}You can connect Supabase projects to AI assistants using the Model Context Protocol (MCP) server for Aliyun Supabase. This enables the AI to manage databases, fetch configuration, run queries, and interact with storage and authentication in your Supabase project, all through guarded, controllable MCP channels.
You run a local MCP client that talks to the Aliyun Supabase MCP server. Configure the client to load the Supabase MCP server you deploy, then enable the AI assistants you use (Cursor, Claude, Windsurf, Lingma, Qoder, etc.) to perform actions such as listing projects, creating new projects, querying data, and managing storage or authentication. You can scope the server to a specific Aliyun project and region to simplify discovery, and you can enable read-only mode to prevent any writes during QA or production demonstrations.
# Prerequisites
node -v
# If Node.js is not installed, install it from https://nodejs.org/
# Install MCP server dependencies (example from the provided setup flow)
npm install --ignore-scripts
# Create an MCP client configuration file (example using ALIBABA credentials)
# This enables the aliYun-based Supabase MCP server with read-only off
cat > mcp_config.json << 'JSON'
{
"mcpServers": {
"supabase": {
"command": "npx",
"args": [
"-y",
"@aliyun-supabase/mcp-server-supabase@latest",
"--features=aliyun"
],
"env": {
"ALIBABA_CLOUD_ACCESS_KEY_ID": "<YOUR_AK>",
"ALIBABA_CLOUD_ACCESS_KEY_SECRET": "<YOUR_SK>"
}
}
}
}
JSON
# Start the MCP server via the client configuration (example)
node -e "console.log('Use your MCP client to load mcp_config.json')"
```
Note: You will run the actual MCP server through your MCP client using the provided configuration when you connect to your Supabase projects. Use the proper CLI flow of your MCP client to load the mcp_config.json and start listening for commands.{
"mcpServers": {
"supabase": {
"command": "npx",
"args": [
"-y",
"@aliyun-supabase/mcp-server-supabase@latest",
"--features=aliyun",
"--project-id=your-project-id",
"--region-id=cn-hangzhou"
],
"env": {
"ALIBABA_CLOUD_ACCESS_KEY_ID": "<YOUR_AK>",
"ALIBABA_CLOUD_ACCESS_KEY_SECRET": "<YOUR_SK>"
}
}
}
}
```
This configuration scopes the MCP server to a specific Aliyun project and region so tools don’t traverse all regions and projects.{
"mcpServers": {
"supabase": {
"command": "npx",
"args": [
"-y",
"@aliyun-supabase/mcp-server-supabase@latest",
"--features=aliyun",
"--read-only"
],
"env": {
"ALIBABA_CLOUD_ACCESS_KEY_ID": "<YOUR_AK>",
"ALIBABA_CLOUD_ACCESS_KEY_SECRET": "<YOUR_SK>"
}
}
}
}
```
Enable read-only mode to ensure SQL writes are not committed; any write operations are wrapped in a read-only transaction and rolled back.The MCP server exposes a comprehensive set of tools to manage your Supabase projects on Aliyun. You can list projects, create or delete projects, fetch API keys, adjust IP whitelists, reset passwords, inspect database schemas, run SQL, manage authentication users, deploy and invoke Edge Functions, and handle storage operations. You can also enable read-only mode for security during demonstrations or production-related testing.
Security risks exist when connecting data sources to an LLM. Always review tool calls before execution, especially for operations that modify data or schema. When possible, enable read-only mode for sensitive environments and wrap SQL results with safeguards to discourage unintended actions.
If you cannot see your intended Aliyun project in tools, use describe_regions to discover available regions, then describe_rds_vpcs and describe_rds_vswitches to locate VPCs and vswitches. Ensure your access token or AK/SK values are correct and that your MCP client is configured to load your mcp configuration file.
The server provides a wide set of capabilities grouped by feature. You can manage projects, inspect and modify database schemas, operate authentication users, deploy and interact with Edge Functions, and handle storage. Each tool is designed to work within the Aliyun Supabase environment and requires specific credentials or URLs obtained through the tools’ prerequisites.
Here is a high-level list of the actions you can perform through the MCP server, organized by category. Each item is available to the LLM when you load the server with the proper configuration.
- You can scope the MCP server to a specific project and region to avoid traversing all regions. - Read-only mode is optional and available where indicated. - The server supports various administrative and data access tools for Supabase on Aliyun.
- list_aliyun_supabase_projects: List all Supabase projects deployed on Aliyun. - get_supabase_project: Get details for a specific Supabase project. - create_supabase_project: Create a new Supabase project. - delete_supabase_project: Delete a Supabase project. - get_supabase_project_api_keys: Get API keys for a Supabase project. - modify_supabase_project_security_ip_list: Modify the IP whitelist for a project. - reset_supabase_project_password: Reset the database password. - describe_regions: Describe available regions and zones. - describe_rds_vpcs: Describe VPCs for deployment. - describe_rds_vswitches: Describe vswitches for deployment. - execute_sql: Run SQL against the project database with optional read-only wrap. - list_table: List tables in schemas. - list_columns: List columns with metadata. - list_indexes: List indexes. - list_extensions: List installed PostgreSQL extensions. - list_auth_users: List authentication users. - get_auth_user: Get details for a user. - create_auth_user: Create a new user. - update_auth_user: Update a user. - delete_auth_user: Delete a user. - deploy_edge_function: Deploy an Edge Function. - list_edge_functions: List Edge Functions. - invoke_edge_function: Invoke an Edge Function. - delete_edge_function: Delete an Edge Function. - list_storage_buckets: List storage buckets. - create_storage_bucket: Create a storage bucket. - delete_storage_bucket: Delete a storage bucket. - list_storage_files: List files in a bucket. - upload_storage_file: Upload a file. - download_storage_file: Download a file. - delete_storage_file: Delete files. - Any other tool described similarly is available when configured.
When connecting to external data sources, prompt injection and data access risks exist. Review tool calls before execution and limit write-capable operations in sensitive environments. Supabase MCP wraps SQL results to discourage following embedded instructions, but you should always verify outputs before taking actions.
This MCP approach uses Node.js as the runtime and npm for package management. Ensure you have a compatible Node.js version and install dependencies before starting the server. If you encounter issues on newer macOS versions, you may need to use the ignore-scripts option to install transient dependencies.
This project is licensed under Apache 2.0. See the LICENSE file for details.
Lists all Supabase projects deployed on the Aliyun platform and provides basic information. If none are found in the default region, try other regions.
Retrieves details for a specific Supabase project on the Aliyun platform.
Creates a new Supabase project on Aliyun.
Deletes a Supabase project on Aliyun.
Fetches the API keys for a Supabase project, including anon key and serviceRoleKey.
Modifies the IP whitelist for a Supabase project; you must add allowed IP addresses before use.
Resets the database password for a Supabase project.
Describes available Aliyun regions and zones for Supabase projects.
Describes available VPCs for deployment in Aliyun.
Describes available vswitches for deployment in Aliyun.
Executes custom SQL queries against a Supabase project database. Supports read-only mode to wrap writes in transactions that are rolled back.
Lists all tables in specified schemas of a Supabase project database.
Lists all columns in a table with metadata like data type, nullable, defaults, and constraints.
Lists indexes on tables in a schema with names and definitions.
Lists installed PostgreSQL extensions with version and description.
Lists authentication users via the Supabase Admin API.
Retrieves details for a specific authentication user.
Creates a new authentication user via the Admin API.
Updates user details via the Admin API.
Deletes an authentication user via the Admin API.
Deploys an Edge Function to a Supabase project; file must be index.ts and TypeScript; optional JWT verification.
Lists Edge Functions with metadata like name, slug, status, version, timestamps.
Invokes an Edge Function; requires PublicConnectUrl and anon key for authentication; can send JSON data.
Deletes an Edge Function by slug.
Lists storage buckets for a Supabase project.
Creates a storage bucket with public/private options and restrictions.
Deletes a storage bucket.
Lists files in a storage bucket with path filtering and pagination.
Uploads a file to a storage bucket with content type and upsert options.
Downloads a file and returns content as base64.
Deletes one or more files from a storage bucket.