You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Replace `<personal-access-token>` with the token you created in step 1. Alternatively you can omit `--access-token` and instead set the `SUPABASE_ACCESS_TOKEN`environment variable to your personal access token (you will need to restart your MCP client after setting this). This allows you to keep your token out of version control if you plan on committing this configuration to a repository.
50
+
Replace `<personal-access-token>` with the token you created in step 1. Alternatively you can omit `SUPABASE_ACCESS_TOKEN`in this config and instead set it globally on your machine. This allows you to keep your token out of version control if you plan on committing this configuration to a repository.
48
51
49
-
The following additional options are available:
52
+
The following options are available:
50
53
51
-
-`--project-ref`: Used to scope the server to a specific project. See [project scoped mode](#project-scoped-mode).
52
-
-`--read-only`: Used to restrict the server to read-only queries. See [read-only mode](#read-only-mode).
54
+
-`--read-only`: Used to restrict the server to read-only queries. Recommended by default. See [read-only mode](#read-only-mode).
55
+
-`--project-ref`: Used to scope the server to a specific project. Recommended by default. If you omit this, the server will have access to all projects in your Supabase account. See [project scoped mode](#project-scoped-mode).
53
56
54
57
If you are on Windows, you will need to [prefix the command](#windows). If your MCP client doesn't accept JSON, the direct CLI command is:
> Note: Do not run this command directly - this is meant to be executed by your MCP client in order to start the server. `npx` automatically downloads the latest version of the MCP server from `npm` and runs it in a single command.
@@ -73,9 +76,12 @@ On Windows, you will need to prefix the command with `cmd /c`:
@@ -118,10 +127,10 @@ Make sure Node.js is available in your system `PATH` environment variable. If yo
118
127
119
128
### Project scoped mode
120
129
121
-
By default, the MCP server will have access to all organizations and projects in your Supabase account. If you want to restrict the server to a specific project, you can set the `--project-ref` flag on the CLI command:
130
+
Without project scoping, the MCP server will have access to all organizations and projects in your Supabase account. We recommend you restrict the server to a specific project by setting the `--project-ref` flag on the CLI command:
Replace `<project-ref>` with the ID of your project. You can find this under **Project ID** in your Supabase [project settings](https://supabase.com/dashboard/project/_/settings/general).
@@ -130,13 +139,13 @@ After scoping the server to a project, [account-level](#project-management) tool
130
139
131
140
### Read-only mode
132
141
133
-
If you wish to restrict the Supabase MCP server to read-only queries, set the `--read-only` flag on the CLI command:
142
+
To restrict the Supabase MCP server to read-only queries, set the `--read-only` flag on the CLI command:
This prevents write operations on any of your databases by executing SQL as a read-only Postgres user. Note that this flag only applies to database tools (`execute_sql` and `apply_migration`) and not to other tools like `create_project` or `create_branch`.
148
+
We recommend you enable this by default. This prevents write operations on any of your databases by executing SQL as a read-only Postgres user. Note that this flag only applies to database tools (`execute_sql` and `apply_migration`) and not to other tools like `create_project` or `create_branch`.
0 commit comments