Merge pull request #41 from alexander-zuev/feat/sql-validation

feat: sql syntax validation, new safety mode, automatic migration, new db client, improved tools

Author: alexander-zuev

.env.test

@@ -0,0 +1,12 @@
+# Supabase MCP Server Test Environment
+# Copy this file to .env.test and modify as needed for your tests
+
+# Connection settings for test database
+SUPABASE_PROJECT_REF=127.0.0.1:54322
+SUPABASE_DB_PASSWORD=postgres
+
+# Optional: Management API access token (for API tests)
+# SUPABASE_ACCESS_TOKEN=your_access_token
+
+# Optional: Service role key (for auth tests)
+# SUPABASE_SERVICE_ROLE_KEY=your_service_role_key

.env.test.example

@@ -1,6 +1,6 @@
 ---
 name: Bug report
-about: Report an issuewith the ser
+about: Report an issue with the Supabase MCP server
 title: "An issue with doing X when Y under conditions Z"
 labels: bug
 assignees: alexander-zuev

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,6 +1,6 @@
 ---
 name: Feature request
-about: Suggest an idea to improve this MCP server
+about: Suggest an idea to improve the Supabase MCP server
 title: "I want X so that I can do Y and gain Z"
 labels: ''
 assignees: ''

.github/ISSUE_TEMPLATE/feature_request.md

@@ -17,6 +17,7 @@ jobs:
       SUPABASE_PROJECT_REF: ${{ secrets.SUPABASE_PROJECT_REF }}
       SUPABASE_DB_PASSWORD: ${{ secrets.SUPABASE_DB_PASSWORD }}
       SUPABASE_ACCESS_TOKEN: ${{ secrets.SUPABASE_ACCESS_TOKEN }}
+      SUPABASE_SERVICE_ROLE_KEY: ${{ secrets.SUPABASE_SERVICE_ROLE_KEY }}
     steps:
       - uses: actions/checkout@v4
 
@@ -40,7 +41,14 @@ jobs:
       - name: Run tests
         run: |
           source .venv/bin/activate # necessary for pytest
-          pytest
+          pytest --cov=supabase_mcp --cov-report=xml --cov-report=term
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v3
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: ./coverage.xml
+          fail_ci_if_error: false
 
       - name: Build distribution packages
         run: |

.github/workflows/ci.yaml

@@ -16,6 +16,23 @@ Post-release
 - Clean install from PyPi works
 
 
+## v0.3.8 - 2025-03-07
+
+Pre-release
+1. Tests pass - [X]
+2. CI passes - [X]
+3. Build succeeds - [X]
+4. Documentation is up to date - [X]
+5. Changelog is up to date - [X]
+6. Tag and release on GitHub
+7. Release is published to PyPI
+8. Update dockerfile - [X]
+9. Update .env.example (if necessary) - [X]
+
+Post-release
+10. Clean install from PyPi works
+
+
 
 ## v0.3.0 - 2025-02-22
 

.github/workflows/docs/release-checklist.md

@@ -27,6 +27,7 @@ htmlcov/
 
 # Virtual Environment
 .env
+.env.test
 .venv
 env/
 venv/
@@ -61,8 +62,7 @@ Icon
 *.sublime-project
 
 # Local development
-.env.mcp
-.env.mcp2
+
 *.log
 logs/
 
@@ -78,3 +78,4 @@ supabase_mcp/_version.py
 # Docs
 .llms-full.txt
 COMMIT_CONVENTION.md
+feature-spec/

.gitignore

@@ -29,6 +29,29 @@ repos:
         name: Check for debugger imports
         stages: [pre-commit, manual]
 
+  # === SQL Linting ===
+  - repo: https://github.com/sqlfluff/sqlfluff
+    rev: 3.3.1
+    hooks:
+      - id: sqlfluff-lint
+        name: Run SQLFluff linter
+        description: Lint SQL files with SQLFluff
+        types: [sql]
+        args: [
+          "--dialect", "postgres",
+          "--exclude-rules", "L016,L031,LT02",  # Exclude some opinionated rules
+        ]
+        files: ^(supabase_mcp/sql|tests/sql)/
+      - id: sqlfluff-fix
+        name: Run SQLFluff fixer
+        description: Auto-fix SQL files with SQLFluff
+        types: [sql]
+        args: [
+          "--dialect", "postgres",
+          "--exclude-rules", "L016,L031,LT02",  # Exclude some opinionated rules
+        ]
+        files: ^(supabase_mcp/sql|tests/sql)/
+
   # === Type Checking ===
 
   - repo: https://github.com/pre-commit/mirrors-mypy
@@ -60,7 +83,7 @@ repos:
 
   # === Code Quality & Style ===
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.9.7
+    rev: v0.9.9
     hooks:
       - id: ruff
         name: Run Ruff linter
@@ -96,7 +119,12 @@ repos:
         types: [python]
         pass_filenames: false
         args: [
-          "--no-header",        ]
+          "--no-header",
+          "-v",
+          "--quiet",
+          "--no-summary",
+          "--show-capture=no"
+        ]
         stages: [pre-commit, pre-push]
 
   # === Build Check ===

.pre-commit-config.yaml

@@ -0,0 +1 @@
+3.12.9

.python-version

@@ -5,6 +5,36 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
 
+## [0.3.8] - 2025-03-07
+### Added
+- SQL query validation using PostgreSQL's parser (pglast v7.3+)
+- Automatic migration script generation for schema changes
+- Universal safety system with standardized risk levels (Low/Medium/High/Extreme)
+- Switched to asyncpg v0.30.0+ from psycopg2
+- Enhanced API spec tool with multiple query modes and risk assessment
+- Connection retry logic for database and API operations
+- Code coverage with pytest-cov
+- SQL linting with SQLFluff
+- Added pyyaml v6.0.2+ for configuration
+
+### Changed
+- Refactored to use dependency injection pattern
+- Standardized service initialization to synchronous pattern
+- Improved SQL safety categorization:
+  - `safe`: Read-only operations (always allowed)
+  - `write`: Data modification (requires unsafe mode)
+  - `destructive`: Schema changes (requires unsafe mode + confirmation)
+- Updated Ruff to v0.9.9
+- Added asyncpg-stubs and pytest-mock for testing
+
+## [0.3.7] - 2025-03-02
+### Fixed
+- Documentation inaccuracies
+
+### Added
+- Auth admin SDK support for local Supabase instances
+
+
 ## [0.3.6] - 2025-02-26
 ### Added
 - Added `call_auth_admin_method` which enables MCP server to manage users in your database (create, update, delete, confirm). All Auth SDK methods are supported