Self-Hosted Supabase MCP Server
@HenkDz
An MCP Server for your Self Hosted Supabase
Overview
What is Self-Hosted Supabase MCP Server?
A Model Context Protocol (MCP) server for interacting with self-hosted Supabase instances. It enables MCP clients (like IDE extensions) to introspect, manage, and interact with local or privately hosted Supabase projects through database schema queries, migrations, statistics, authentication, storage, and edge functions.
How to use Self-Hosted Supabase MCP Server?
Install via Smithery (npx -y @smithery/cli install @HenkDz/selfhosted-supabase-mcp --client claude) or clone the repository, install dependencies with bun install, build with bun run build, then configure with required arguments --url and --anon-key (or environment variables). Optionally provide --service-key, --db-url, --jwt-secret for privileged tools and HTTP transport.
Key features of Self-Hosted Supabase MCP Server
- 40+ tools covering schema, migrations, database stats, RLS, auth, storage, functions, and edge functions.
- Tool privilege levels: regular (any authenticated JWT) and privileged (requires
service_roleJWT or direct DB access). - Supports both stdio and HTTP transports (HTTP enforces JWT authentication and RBAC).
- Relies on
supabase_migrations.schema_migrationstable (created by Supabase CLI). - Optional whitelist of enabled tools via
--tools-configJSON file. - Automatic
execute_sqlhelper function creation on startup if service key and DB URL are provided.
Use cases of Self-Hosted Supabase MCP Server
- Querying database schemas and data from an MCP-enabled editor.
- Managing database migrations without leaving the development environment.
- Inspecting database statistics, connections, and index usage.
- Managing authentication users and storage buckets programmatically.
- Generating TypeScript types from the database schema.
FAQ from Self-Hosted Supabase MCP Server
What is the difference from the official Supabase cloud MCP server?
This server is built specifically for self-hosted Supabase, avoiding cloud-specific APIs and multi-project complexity. It uses a minimal schema_migrations table compatible with the Supabase CLI's local-developement workflow.
What are the runtime requirements?
Bun v1.1 or later, access to a self-hosted Supabase instance (URL, keys, optionally direct PostgreSQL connection string). HTTP transport also requires setting a JWT secret for authentication.
Does the server require direct database access?
Some tools (apply_migration, Auth tools, Storage tools, pg_catalog queries) require a DATABASE_URL. The server starts successfully without it; only tools needing direct DB access will fail.
How are privileged tools protected?
In HTTP mode, the server enforces JWT authentication and role‑based access control (RBAC). Only JWTs with the service_role claim can invoke privileged tools. In stdio mode, privileged tools require direct database access or service key.
What transports are supported?
Two transports: stdio (default, for local use) and HTTP (for remote access with JWT authentication and CORS configuration). Use --transport http to enable the HTTP server.