home / skills / willsigmon / sigstack / supabase-project-creator

supabase-project-creator skill

safe

/plugins/app-dev/skills/supabase-project-creator

This skill creates a new Supabase project with full auth setup and generates provider configuration details for quick integration.

npx playbooks add skill willsigmon/sigstack --skill supabase-project-creator

Review the files below or copy the command above to add this skill to your agents.

Files (1)

SKILL.md

5.1 KB

---
name: supabase-project-creator
description: Create a new Supabase project with full auth setup (Email, Google, Apple SIWA)
model: sonnet
---

# Supabase Project Creator

Automate the creation of a new Supabase project with complete authentication setup.

## What This Skill Does

1. Creates a new Supabase project
2. Applies auth schema migration (profiles table, triggers)
3. Outputs callback URLs for Google/Apple console
4. Provides Supabase dashboard links for auth provider configuration

## Prerequisites (Already Configured)

Credentials are stored in MCP memory:
- **Google OAuth**: `GoogleOAuthCredentials` entity
- **Apple SIWA**: `AppleSIWACredentials` entity
- **Supabase Org**: `SupabaseOrgInfo` entity

## Workflow

### Step 1: Get Project Details

Ask the user for:
- Project name (e.g., "MyNewApp")
- Region preference (default: us-east-1)

### Step 2: Confirm Cost

```
Use mcp__supabase__get_cost with:
- type: "project"
- organization_id: "cqwwexcenmknepxltuea"

Then use mcp__supabase__confirm_cost with:
- type: "project"
- recurrence: "monthly"
- amount: (from get_cost result)
```

### Step 3: Create Project

```
Use mcp__supabase__create_project with:
- name: <project_name>
- organization_id: "cqwwexcenmknepxltuea"
- region: <chosen_region>
- confirm_cost_id: <from step 2>
```

Wait for project to be ACTIVE_HEALTHY (poll with get_project).

### Step 4: Apply Auth Schema Migration

```sql
-- Enable extensions
create extension if not exists "uuid-ossp";

-- Profiles table
create table public.profiles (
  id uuid references auth.users on delete cascade primary key,
  email text,
  full_name text,
  avatar_url text,
  provider text,
  created_at timestamptz default now() not null,
  updated_at timestamptz default now() not null
);

-- Enable RLS
alter table public.profiles enable row level security;

-- Policies
create policy "Users can view own profile"
  on public.profiles for select using (auth.uid() = id);

create policy "Users can update own profile"
  on public.profiles for update using (auth.uid() = id);

create policy "Users can insert own profile"
  on public.profiles for insert with check (auth.uid() = id);

-- Auto-create profile on signup
create or replace function public.handle_new_user()
returns trigger language plpgsql security definer set search_path = ''
as $$
begin
  insert into public.profiles (id, email, full_name, avatar_url, provider)
  values (
    new.id,
    new.email,
    coalesce(new.raw_user_meta_data->>'full_name', new.raw_user_meta_data->>'name'),
    coalesce(new.raw_user_meta_data->>'avatar_url', new.raw_user_meta_data->>'picture'),
    coalesce(new.raw_app_meta_data->>'provider', 'email')
  );
  return new;
end;
$$;

create or replace trigger on_auth_user_created
  after insert on auth.users
  for each row execute procedure public.handle_new_user();

-- Updated_at trigger
create or replace function public.update_updated_at()
returns trigger language plpgsql security invoker set search_path = ''
as $$
begin
  new.updated_at = now();
  return new;
end;
$$;

create trigger profiles_updated_at
  before update on public.profiles
  for each row execute procedure public.update_updated_at();
```

### Step 5: Get API Keys

```
Use mcp__supabase__get_project_url
Use mcp__supabase__get_publishable_keys
```

### Step 6: Output Results

Provide the user with:

```
## Project Created: <name>

**Supabase URL:** https://<project_ref>.supabase.co
**Anon Key:** <key>
**Dashboard:** https://supabase.com/dashboard/project/<project_ref>

### Callback URL (add to Google & Apple):
https://<project_ref>.supabase.co/auth/v1/callback

### Manual Steps Required:

1. **Add callback URL to Google OAuth:**
   - Go to: https://console.cloud.google.com/apis/credentials
   - Edit "Supabase Auth" OAuth client
   - Add redirect URI: https://<project_ref>.supabase.co/auth/v1/callback

2. **Add callback URL to Apple SIWA:**
   - Go to: https://developer.apple.com/account/resources/identifiers/list/serviceId
   - Edit "Leavn Web Auth" (com.leavn.web)
   - Add domain: <project_ref>.supabase.co
   - Add return URL: https://<project_ref>.supabase.co/auth/v1/callback

3. **Configure Auth Providers in Supabase:**
   - Go to: https://supabase.com/dashboard/project/<project_ref>/auth/providers

   **Google:**
   - Client ID: 266992035640-0oegr8f1q49ub97si4s3c73al036mbvg.apps.googleusercontent.com
   - Client Secret: (retrieve from MCP memory: GoogleOAuthCredentials)

   **Apple:**
   - Service ID: com.leavn.web
   - Team ID: 49HAGQE8FB
   - Key ID: M652AAWJXF
   - Private Key: (retrieve from MCP memory: ApplePrivateKey)
```

### Step 7: Run Security Advisor

```
Use mcp__supabase__get_advisors with:
- project_id: <new_project_id>
- type: "security"
```

Fix any warnings found.

## Stored Credentials Reference

### Google OAuth
- Client ID: `266992035640-0oegr8f1q49ub97si4s3c73al036mbvg.apps.googleusercontent.com`
- Client Secret: Retrieve from `mcp__memory__open_nodes` with name `GoogleOAuthCredentials`

### Apple SIWA
- Services ID: `com.leavn.web`
- Team ID: `49HAGQE8FB`
- Key ID: `M652AAWJXF`
- Private Key: Retrieve from `mcp__memory__open_nodes` with name `ApplePrivateKey`

### Supabase Org
- Organization ID: `cqwwexcenmknepxltuea`
- Default Region: `us-east-1`

Overview

This skill automates creating a new Supabase project and fully configures authentication with Email, Google OAuth, and Apple SIWA. It provisions the project, applies auth schema migrations (profiles table, triggers, RLS), and returns the keys and dashboard links you need to finish provider configuration. It also provides the exact callback URL and steps for adding Google and Apple credentials.

How this skill works

The skill collects basic project details (name and region), confirms and approves the project cost, then calls the Supabase API to create the project and waits until it becomes healthy. It runs a migration to create a profiles table, row-level security policies, triggers to auto-create and update profiles, and then retrieves the project URL and publishable keys. Finally it outputs dashboard links, the callback URL you must add to provider consoles, and runs a security advisor check for any issues.

When to use it

You need a new Supabase project scaffolded quickly with full auth setup.
You want consistent auth schema (profiles table, RLS, auto-create triggers) applied automatically.
You already have Google and Apple credentials stored and want to wire them into a new project.
You want the exact callback URL and dashboard links to finish OAuth/SIWA configuration.
You need automated cost confirmation and project creation in a specific region.

Best practices

Provide a clear project name and preferred region (default us-east-1) to avoid delays.
Verify GoogleOAuthCredentials and ApplePrivateKey are present in memory before starting.
Confirm cost when prompted to ensure billing is accepted for the new project.
After creation, add the callback URL to Google and Apple consoles as instructed.
Run the security advisor results and address any warnings before going to production.

Example use cases

Create a staging Supabase project for a new web app with email, Google, and Apple sign-in.
Onboard a new client by provisioning their Supabase backend and delivering keys and setup steps.
Reproduce consistent auth configuration across multiple environments or teams.
Rapidly iterate on auth-related features with an automated, repeatable project setup.
Provision a sandbox for QA with enforced RLS and profile auto-creation on user signup.

FAQ

What credentials must be available before running this skill?

Google OAuth client secret and Apple private key must be stored in memory entities named GoogleOAuthCredentials and ApplePrivateKey. The Supabase organization info must also be available.

Do I need to do anything manually after the skill runs?

Yes. You must add the provided callback URL to Google and Apple consoles and configure providers in the Supabase dashboard using the returned client IDs and secrets.