LLMversus

Supabase MCP in Claude Code: Setup and Config 2026

Updated: April 16, 2026

Supabase MCP in Claude Code

Quick answer: Install the Supabase MCP server with npx -y @supabase/mcp-server-supabase --project-url=https://xyz.supabase.co --service-role-key=eyJ..., add the JSON block below to ~/.claude/settings.json, restart Claude Code, and run /mcp to confirm the connection. Setup runs about 5 minutes on a fresh machine, verified on @supabase/mcp-server-supabase as of April 15, 2026.

The Supabase MCP server hands Claude Code a management surface over a Supabase project. After setup, the model can list tables, run SQL, apply migrations, manage Row Level Security policies, deploy Edge Functions, and inspect logs. The server is maintained by Supabase as @supabase/mcp-server-supabase and uses the project URL plus service role key for auth.

This guide covers what you get after the wiring is done, the exact config, verification steps, prompt patterns that tend to work well, and the 4 issues that trip people up most often in the first week.

What you get when it is connected

Once the Supabase server is attached, Claude Code can call the server tools from inside any conversation. You do not invoke the tools by hand. When you ask Claude a question the model decides which tool to call and parses the response for you. For teams that live inside Supabase day to day, this replaces dozens of context switches per week with a single line in chat.

Tools exposed include list_tables, execute_sql, list_migrations, apply_migration, create_branch, deploy_edge_function, get_logs, list_organizations, get_advisors. The server doubles as a management surface and a runtime SQL surface, which is unusual - you can both change schema and query data through the same connection.

Prerequisites

A Supabase project, the project URL, and the service role key from the API settings page. Node 20 or later. The service role key bypasses RLS, so treat it as a production credential.

If you use a version manager like nvm or asdf for Node, confirm the version Claude Code inherits. Open a terminal, run node -v, and note the output. Claude Code uses the Node it sees on PATH at launch, so a shell profile that sets the right version is the reliable path.

Install via npx

Run the package once with npx to verify it starts cleanly:

npx -y @supabase/mcp-server-supabase --project-url=https://xyz.supabase.co --service-role-key=eyJ...

The first run downloads the package (a few MB) and starts the server on stdio. The server does not print much on success - it waits for MCP protocol messages on stdin. Press Ctrl-C to stop it. The actual runtime setup happens through Claude Code itself in the next step.

If the install fails with a network error, your npm registry may be blocked. Set npm config set registry https://registry.npmjs.org and retry. Behind a corporate proxy, also set HTTP_PROXY and HTTPS_PROXY in your shell.

Add the config block to ~/.claude/settings.json

Open ~/.claude/settings.json in your editor. If the file does not exist yet, create it with {} as the starting content. Add an mcpServers object with an entry for this server:

{
  "mcpServers": {
    "supabase": {
      "command": "npx",
      "args": [
        "-y",
        "@supabase/mcp-server-supabase",
        "--project-url=https://xyz.supabase.co",
        "--service-role-key=eyJ..."
      ]
    }
  }
}

Save the file. If you already have other MCP servers defined, merge the new entry into the existing mcpServers object rather than replacing it.

Restart Claude Code fully (quit and reopen, not just close the window). The server is spawned lazily on the first tool call in a session, not at launch, but the config is read once per Claude Code start.

Verify the connection

Open a new Claude Code session and type /mcp at the prompt. You should see the server listed with a green or connected indicator. If it shows as failed, click into it for the stderr output - the error message usually points at the problem directly (bad token, wrong path, missing Node).

Run a trivial first prompt to confirm round trips work. Good smoke tests:

  • For read servers: ask for a list of whatever resource type it exposes.
  • For write servers: ask for a describe on a known resource first, then try a safe write on a test resource.

If the first prompt works, the wiring is done. From here on you interact with the server purely through normal prompts in Claude Code.

Example prompts that work well

Here are prompts that tend to get good responses once the server is attached:

  • List every table in the public schema and tell me which ones have RLS enabled.
  • Create a new table called feedback with columns id uuid primary key, body text, rating int, and created_at timestamptz.
  • Read the last 100 rows from the users table ordered by created_at descending.
  • Deploy the edge function at supabase/functions/send-email and tell me the deployment status.
  • Show me the RLS policies on the orders table and explain what each one allows.
  • Check the auth logs for any failed sign-in attempts in the last hour and list the IP addresses.

Claude will chain tool calls on its own when the prompt implies several steps. For a summarize-then-write flow the model will often call read tools first, then a single write tool at the end. If a prompt keeps burning tool calls, narrow it: specify the resource ID, the time range, or the exact field you want rather than asking Claude to scan everything.

Environment variable security

The project URL and service role key are passed as CLI flags rather than env vars in the config, but you can template them from env via shell expansion. A safer pattern is to use the sb personal access token plus project ref, which scopes permissions down to what you actually need. Rotate the service role key from the Supabase dashboard if it leaks.

A general rule across every MCP server: never paste secrets directly into settings.json that lives in a shared or git-tracked directory. Keep the actual secret values in your shell profile (~/.zshrc, ~/.bashrc, or a 1Password-cli helper), export them at shell start, and reference the variable names from the Claude config. That way the secret stays on your machine and the config file is safe to share with teammates.

On macOS, terminals launched from Spotlight or from the Dock both inherit the shell profile. If you launch Claude Code from a GUI shortcut that does not go through a shell, env vars may not propagate - launch from a terminal instead.

Troubleshooting

Tool calls return 401 Invalid JWT. The service role key is wrong or belongs to a different project. Copy the exact value from the Supabase dashboard Settings > API > service_role, paste it into the config, and restart Claude Code.

SQL calls fail with must be owner of table. Even the service role cannot run certain DDL on tables owned by other roles. Connect with the postgres role via the connection string instead, or transfer ownership in the SQL editor first.

Edge function deploys fail with project not linked. The server needs the project ref and auth token for edge function management. Set SUPABASE_ACCESS_TOKEN to a personal access token from supabase.com/dashboard/account/tokens.

Tools work but are slow. Every call round-trips through the Supabase management API, which lives in us-east-1 by default. From other regions expect 300 to 800 ms per call. Batch reads where possible.

For any issue not listed here, the first step is /mcp inside Claude Code to see the current status and any recent stderr from the server. The second step is running the exact npx command from your terminal to see if the server starts cleanly outside Claude Code. Between those two checks, most problems become obvious within a minute.

Next steps

Once the Supabase server is attached and verified, the useful next move is writing a short prompt template you keep in your notes. List the 3 or 4 prompts you run most often against this server, and paste them into Claude Code when needed. Over a few weeks you build a personal command library that gets real work done without typing much.

For team projects, commit a .mcp.json at the repo root with the same structure. Everyone on the team gets the server wired up automatically on first open, and individual secrets stay in shell profiles. That is the setup pattern that scales past a single developer.

Frequently asked questions

Do I need a paid Supabase account to use this MCP server?

No. The server works with any Supabase plan that issues API credentials or allows client connections. Most free tiers are fine for day-to-day Claude Code use. Rate limits differ by plan though, so if you hit throttling during bulk operations consider upgrading or batching calls.

How do I update the Supabase MCP server to the latest version?

If your config uses `npx -y @supabase/mcp-server-supabase`, npx fetches the latest published version on each fresh install. Clear the npx cache with `npx clear-npx-cache` and restart Claude Code to force a pull. For pinned versions, change the package reference to `@supabase/mcp-server-supabase@version` in the args array.

Can I use this server with Cursor or other MCP clients?

Yes. The MCP spec is the same across clients. Drop the same config block into `~/.cursor/mcp.json` for Cursor, or the equivalent config file for any other MCP-compatible client. The server itself does not know or care which client connects.

What happens if the server crashes mid-session?

Claude Code detects the dropped connection and marks the server as disconnected. Run `/mcp reconnect supabase` to restart it without losing your conversation. If the crash repeats, check the server stderr through `/mcp` and look for the root cause (usually auth expiry or a malformed input).

Is it safe to run writes through Claude Code?

Claude asks for confirmation before destructive operations in most clients. Still, the server itself runs with whatever credentials you gave it. For production Supabase accounts, use read-only credentials when possible and switch to write credentials only when you have a specific task in mind. Treat the same way you would a shell with root.

How do I see exactly which tool calls Claude is making?

Claude Code exposes a tool call trace in its UI for every response that used tools. Click the tool icon to expand the tool name, the arguments passed, and the response. For audit trails, run Claude Code in verbose mode or pipe its output to a log file; the MCP server itself logs calls to stderr, visible through `/mcp`.