supabase-mcp icon indicating copy to clipboard operation
supabase-mcp copied to clipboard

Published 20 hours ago verified publisher icon supabase-community

Add configuration option to control which tools are exposed to MCP clients

Open aneym opened this issue 7 months ago • 5 comments

Additional context

When using multiple MCP servers together (Supabase plus others), the combined number of tools can exceed Cursor's 40-tool limit. This feature would help users prioritize which tools are most important for their workflow.

Benefits:

  • Ensures critical tools are available to the agent when using multiple MCP servers
    • Reduces confusion when tools appear in the list but aren't actually available
      • Allows users to customize their MCP experience based on their specific needs References:
  • Cursor MCP Documentation
    • Current limitation: "Cursor will only send the first 40 tools to the Agent"

aneym avatar Apr 14 '25 15:04 aneym

Thanks for the suggestion @afneyman. Agreed - I've given this one a little bit of thought previously and am leaning towards grouping tools into "feature groups" where related tools are grouped together and you can optionally enable specific groups. Eg.

npx -y @supabase/mcp-server-supabase --features=['database', 'project', 'branching']

Another thing we're looking into is a "scoped" mode, where the MCP server is scoped only to a single project at a time. If we were to introduce this mode, we would likely strip out up to 9 tools that are project management related (if you were to choose this mode).

Would love to hear any other opinions/ideas too.

gregnr avatar Apr 14 '25 16:04 gregnr

We would very much like a scoped mode only for a single project and all not having to provide an access token. Maybe using the api tokens already provided by Supabase. This would let us more safely provide access to the "data" parts of our database in a read only mode. Thanks!

pgroth avatar May 30 '25 08:05 pgroth

@pgroth I should have updated this thread - we've supported project scoped mode since 0.4.0! Docs can be found here: https://github.com/supabase-community/supabase-mcp#project-scoped-mode

Read only mode is also supported, docs here: https://github.com/supabase-community/supabase-mcp#read-only-mode

gregnr avatar May 30 '25 14:05 gregnr

Thanks @gregnr . I've actually using that but I guess I want it in the hosted supabase service. Providing the access token seems a bit unsafe. But maybe I should bring that up with the service.

pgroth avatar May 30 '25 15:05 pgroth

@pgroth Can you clarify what you mean by wanting it in the hosted supabase service? Currently personal access tokens provide account level access - do you mean you wish for PATs to offer more fine-grain scoping?

gregnr avatar May 30 '25 15:05 gregnr

@gregnr the use case I was thinking about is to provide our customers direct MCP access to our database through some sort of token. I would only want them to have read access to particular tables.

This is not the use case that I think PAT and the current Supabase MCP is aimed at supporting as far as I understand. But maybe that's not for this issue or even this library?

pgroth avatar Jun 01 '25 15:06 pgroth

I typically use supabase with data that i would prefer not to send to ai tools, but the table definitions and other things like functions are fair game. I'd love to see a mode that limits access to data universally or on specific tables.

dticson avatar Jun 13 '25 08:06 dticson

We now support controlling which tools are exposed via feature groups.

For discussions on fine-grain scoping on the token level, see https://github.com/supabase-community/supabase-mcp/issues/93.

gregnr avatar Jun 30 '25 21:06 gregnr

That's great on both fronts. Thank you!

pgroth avatar Jul 01 '25 07:07 pgroth