mcp-supabase-selfhosted 1.0.0 → 1.2.0

package/dist/tools/index.js

@@ -3,26 +3,26 @@ import { getSupabaseClient } from '../supabase/client.js';
 export const toolsDefinitions = [
     {
         name: 'list_tables',
-        description: 'Lista todas las tablas en un esquema específico de la base de datos PostgreSQL.',
+        description: 'List all tables in a specific PostgreSQL database schema.',
         inputSchema: {
             type: 'object',
             properties: {
                 schema: {
                     type: 'string',
-                    description: "El nombre del esquema (ej. 'public', 'auth'). Por defecto es 'public'.",
+                    description: "The name of the schema (e.g. 'public', 'auth'). Defaults to 'public'.",
                 },
             },
         },
     },
     {
         name: 'execute_sql',
-        description: 'Ejecuta una consulta SQL cruda en la base de datos PostgreSQL de Supabase. Útil para leer datos, modificar esquemas o administrar la base de datos. ATENCIÓN: Esta herramienta tiene acceso directo, sin pasar por RLS.',
+        description: 'Execute a raw SQL query on the Supabase PostgreSQL database. Useful for reading data, modifying schemas, or managing the database. WARNING: This tool has direct access, bypassing RLS.',
         inputSchema: {
             type: 'object',
             properties: {
                 sql: {
                     type: 'string',
-                    description: 'La consulta SQL a ejecutar.',
+                    description: 'The SQL query to execute.',
                 },
             },
             required: ['sql'],
@@ -30,32 +30,32 @@ export const toolsDefinitions = [
     },
     {
         name: 'list_users',
-        description: 'Lista los usuarios registrados en el servicio de Autenticación de Supabase (auth.users). Devuelve información básica de los usuarios.',
+        description: 'List users registered in the Supabase Authentication service (auth.users). Returns basic user information.',
         inputSchema: {
             type: 'object',
             properties: {
                 page: {
                     type: 'number',
-                    description: 'El número de página para paginación (por defecto 1).',
+                    description: 'The page number for pagination (defaults to 1).',
                 },
                 perPage: {
                     type: 'number',
-                    description: 'La cantidad de usuarios por página (por defecto 50).',
+                    description: 'The amount of users per page (defaults to 50).',
                 },
             },
         },
     },
     {
         name: 'create_user',
-        description: 'Crea un nuevo usuario en Supabase Auth. Útil para inicializar cuentas administrativas o de prueba.',
+        description: 'Create a new user in Supabase Auth. Useful for initializing administrative or test accounts.',
         inputSchema: {
             type: 'object',
             properties: {
-                email: { type: 'string', description: 'Correo electrónico del usuario.' },
-                password: { type: 'string', description: 'Contraseña del usuario (mínimo 6 caracteres).' },
+                email: { type: 'string', description: 'User email address.' },
+                password: { type: 'string', description: 'User password (minimum 6 characters).' },
                 email_confirm: {
                     type: 'boolean',
-                    description: 'Si es true, autoconfirma el email (por defecto true).',
+                    description: 'If true, auto-confirms the email (defaults to true).',
                 },
             },
             required: ['email', 'password'],
@@ -63,14 +63,14 @@ export const toolsDefinitions = [
     },
     {
         name: 'delete_user',
-        description: 'Elimina un usuario de Supabase Auth por su ID.',
+        description: 'Delete a Supabase Auth user by their ID.',
         inputSchema: {
             type: 'object',
             properties: {
-                user_id: { type: 'string', description: 'El UUID del usuario a eliminar.' },
+                user_id: { type: 'string', description: 'The UUID of the user to delete.' },
                 confirm: {
                     type: 'boolean',
-                    description: 'Debe ser true para confirmar la eliminación destructiva.',
+                    description: 'Must be true to confirm the destructive deletion.',
                 },
             },
             required: ['user_id', 'confirm'],
@@ -78,7 +78,7 @@ export const toolsDefinitions = [
     },
     {
         name: 'list_buckets',
-        description: 'Lista todos los buckets de almacenamiento (Storage) configurados en el proyecto de Supabase.',
+        description: 'List all storage buckets configured in the Supabase project.',
         inputSchema: {
             type: 'object',
             properties: {},
@@ -86,14 +86,14 @@ export const toolsDefinitions = [
     },
     {
         name: 'create_bucket',
-        description: 'Crea un nuevo bucket de almacenamiento (Storage) en Supabase.',
+        description: 'Create a new storage bucket in Supabase.',
         inputSchema: {
             type: 'object',
             properties: {
-                bucket: { type: 'string', description: 'Nombre del nuevo bucket.' },
+                bucket: { type: 'string', description: 'Name of the new bucket.' },
                 public: {
                     type: 'boolean',
-                    description: 'Si el bucket debe ser público (por defecto false).',
+                    description: 'Whether the bucket should be public (defaults to false).',
                 },
             },
             required: ['bucket'],
@@ -101,14 +101,14 @@ export const toolsDefinitions = [
     },
     {
         name: 'delete_bucket',
-        description: 'Elimina un bucket de almacenamiento (Storage) en Supabase. El bucket debe estar vacío o fallará.',
+        description: 'Delete a storage bucket in Supabase. The bucket must be empty or it will fail.',
         inputSchema: {
             type: 'object',
             properties: {
-                bucket: { type: 'string', description: 'Nombre del bucket a eliminar.' },
+                bucket: { type: 'string', description: 'Name of the bucket to delete.' },
                 confirm: {
                     type: 'boolean',
-                    description: 'Debe ser true para confirmar la eliminación destructiva.',
+                    description: 'Must be true to confirm the destructive deletion.',
                 },
             },
             required: ['bucket', 'confirm'],
@@ -116,24 +116,24 @@ export const toolsDefinitions = [
     },
     {
         name: 'get_schema',
-        description: 'Obtiene el esquema de la base de datos o de una tabla específica. Útil para entender la estructura antes de ejecutar SQL.',
+        description: 'Retrieve the database schema or a specific table structure. Useful for understanding columns before executing SQL.',
         inputSchema: {
             type: 'object',
             properties: {
                 table_name: {
                     type: 'string',
-                    description: 'Nombre de la tabla para obtener sus columnas. Si se omite, devuelve una lista de todas las tablas con sus columnas.',
+                    description: 'Table name to get columns for. If omitted, returns all tables with their columns.',
                 },
                 schema: {
                     type: 'string',
-                    description: "El nombre del esquema (ej. 'public'). Por defecto es 'public'.",
+                    description: "The name of the schema (e.g. 'public'). Defaults to 'public'.",
                 },
             },
         },
     },
     {
         name: 'get_advisors',
-        description: 'Obtiene alertas y recomendaciones de rendimiento y seguridad directamente de la base de datos (similar a las alertas del panel de Supabase). Analiza índices sin uso, políticas RLS faltantes y ratio de caché.',
+        description: 'Get performance and security alerts/recommendations directly from the database (similar to Supabase dashboard alerts). Analyzes unused indexes, missing RLS policies, and cache hit ratio.',
         inputSchema: {
             type: 'object',
             properties: {},
@@ -141,17 +141,17 @@ export const toolsDefinitions = [
     },
     {
         name: 'list_files',
-        description: 'Lista los archivos y carpetas dentro de un bucket de almacenamiento (Storage) específico.',
+        description: 'List files and folders within a specific storage bucket.',
         inputSchema: {
             type: 'object',
             properties: {
                 bucket: {
                     type: 'string',
-                    description: 'El nombre del bucket a consultar.',
+                    description: 'The name of the bucket to query.',
                 },
                 path: {
                     type: 'string',
-                    description: 'La ruta de la carpeta dentro del bucket (opcional).',
+                    description: 'The folder path within the bucket (optional).',
                 },
             },
             required: ['bucket'],
@@ -159,20 +159,20 @@ export const toolsDefinitions = [
     },
     {
         name: 'list_rls_policies',
-        description: 'Lista todas las políticas de seguridad a nivel de fila (Row Level Security - RLS) activas en la base de datos. Útil para auditar reglas de acceso.',
+        description: 'List all Row Level Security (RLS) policies active in the database. Useful for auditing access rules.',
         inputSchema: {
             type: 'object',
             properties: {
                 schema: {
                     type: 'string',
-                    description: "El esquema a auditar. Por defecto 'public'.",
+                    description: "The schema to audit. Defaults to 'public'.",
                 },
             },
         },
     },
     {
         name: 'get_active_connections',
-        description: 'Muestra las conexiones activas actuales a la base de datos y qué consultas están ejecutando. Excelente para depurar problemas de rendimiento, bloqueos o saturación del pool de conexiones.',
+        description: 'Show current active database connections and their running queries. Excellent for debugging performance issues, locks, or connection pool saturation.',
         inputSchema: {
             type: 'object',
             properties: {},
@@ -202,7 +202,7 @@ export async function handleGetSchema(params) {
     catch (error) {
         return {
             isError: true,
-            content: [{ type: 'text', text: `Error obteniendo esquema: ${error.message}` }],
+            content: [{ type: 'text', text: `Error retrieving schema: ${error.message}` }],
         };
     }
 }
@@ -223,7 +223,7 @@ export async function handleListTables(params) {
     catch (error) {
         return {
             isError: true,
-            content: [{ type: 'text', text: `Error listando tablas: ${error.message}` }],
+            content: [{ type: 'text', text: `Error listing tables: ${error.message}` }],
         };
     }
 }
@@ -232,7 +232,7 @@ export async function handleExecuteSql(params) {
     if (!sql) {
         return {
             isError: true,
-            content: [{ type: 'text', text: "El parámetro 'sql' es obligatorio." }],
+            content: [{ type: 'text', text: "The 'sql' parameter is required." }],
         };
     }
     try {
@@ -244,7 +244,7 @@ export async function handleExecuteSql(params) {
     catch (error) {
         return {
             isError: true,
-            content: [{ type: 'text', text: `Error ejecutando SQL: ${error.message}` }],
+            content: [{ type: 'text', text: `Error executing SQL: ${error.message}` }],
         };
     }
 }
@@ -266,7 +266,7 @@ export async function handleListUsers(params) {
     catch (error) {
         return {
             isError: true,
-            content: [{ type: 'text', text: `Error listando usuarios: ${error.message}` }],
+            content: [{ type: 'text', text: `Error listing users: ${error.message}` }],
         };
     }
 }
@@ -276,7 +276,7 @@ export async function handleCreateUser(params) {
     if (!email || !password) {
         return {
             isError: true,
-            content: [{ type: 'text', text: "Los parámetros 'email' y 'password' son obligatorios." }],
+            content: [{ type: 'text', text: "Both 'email' and 'password' parameters are required." }],
         };
     }
     try {
@@ -294,7 +294,7 @@ export async function handleCreateUser(params) {
     catch (error) {
         return {
             isError: true,
-            content: [{ type: 'text', text: `Error creando usuario: ${error.message}` }],
+            content: [{ type: 'text', text: `Error creating user: ${error.message}` }],
         };
     }
 }
@@ -318,7 +318,7 @@ export async function handleDeleteUser(params) {
     catch (error) {
         return {
             isError: true,
-            content: [{ type: 'text', text: `Error eliminando usuario: ${error.message}` }],
+            content: [{ type: 'text', text: `Error deleting user: ${error.message}` }],
         };
     }
 }
@@ -335,7 +335,7 @@ export async function handleListBuckets() {
     catch (error) {
         return {
             isError: true,
-            content: [{ type: 'text', text: `Error listando buckets: ${error.message}` }],
+            content: [{ type: 'text', text: `Error listing buckets: ${error.message}` }],
         };
     }
 }
@@ -345,7 +345,7 @@ export async function handleCreateBucket(params) {
     if (!bucket) {
         return {
             isError: true,
-            content: [{ type: 'text', text: "El parámetro 'bucket' es obligatorio." }],
+            content: [{ type: 'text', text: "The 'bucket' parameter is required." }],
         };
     }
     try {
@@ -361,7 +361,7 @@ export async function handleCreateBucket(params) {
     catch (error) {
         return {
             isError: true,
-            content: [{ type: 'text', text: `Error creando bucket: ${error.message}` }],
+            content: [{ type: 'text', text: `Error creating bucket: ${error.message}` }],
         };
     }
 }
@@ -372,7 +372,7 @@ export async function handleDeleteBucket(params) {
         return {
             isError: true,
             content: [
-                { type: 'text', text: "El parámetro 'bucket' es obligatorio y 'confirm' debe ser true." },
+                { type: 'text', text: "The 'bucket' parameter is required and 'confirm' must be true." },
             ],
         };
     }
@@ -387,7 +387,7 @@ export async function handleDeleteBucket(params) {
     catch (error) {
         return {
             isError: true,
-            content: [{ type: 'text', text: `Error eliminando bucket: ${error.message}` }],
+            content: [{ type: 'text', text: `Error deleting bucket: ${error.message}` }],
         };
     }
 }
@@ -417,19 +417,19 @@ export async function handleGetAdvisors() {
         const cacheRows = await query(cacheSql);
         const report = {
             security: {
-                issue: 'Tablas sin Row Level Security (RLS) habilitado',
-                description: 'Estas tablas están expuestas a la API anónima si no configuras RLS.',
+                issue: 'Tables without Row Level Security (RLS) enabled',
+                description: 'These tables are exposed to the anonymous API if RLS is not configured.',
                 tables_affected: rlsRows.map((r) => r.table_name),
             },
             performance: {
                 unused_indexes: {
-                    issue: 'Índices sin uso',
-                    description: 'Índices que ocupan espacio y ralentizan escrituras pero no se están usando en lecturas.',
+                    issue: 'Unused indexes',
+                    description: 'Indexes that occupy space and slow down writes but are not being used in reads.',
                     indexes: unusedIndexesRows,
                 },
                 cache_health: {
-                    issue: 'Ratio de acierto en caché',
-                    description: 'Debe estar lo más cerca posible al 99%.',
+                    issue: 'Cache hit ratio',
+                    description: 'Should be as close to 99% as possible.',
                     ratio_percentage: cacheRows[0]?.cache_hit_ratio || 'N/A',
                 },
             },
@@ -441,7 +441,7 @@ export async function handleGetAdvisors() {
     catch (error) {
         return {
             isError: true,
-            content: [{ type: 'text', text: `Error obteniendo alertas: ${error.message}` }],
+            content: [{ type: 'text', text: `Error retrieving alerts: ${error.message}` }],
         };
     }
 }
@@ -451,7 +451,7 @@ export async function handleListFiles(params) {
     if (!bucket) {
         return {
             isError: true,
-            content: [{ type: 'text', text: "El parámetro 'bucket' es obligatorio." }],
+            content: [{ type: 'text', text: "The 'bucket' parameter is required." }],
         };
     }
     try {
@@ -465,7 +465,7 @@ export async function handleListFiles(params) {
     catch (error) {
         return {
             isError: true,
-            content: [{ type: 'text', text: `Error listando archivos en el bucket: ${error.message}` }],
+            content: [{ type: 'text', text: `Error listing files in bucket: ${error.message}` }],
         };
     }
 }
@@ -486,7 +486,7 @@ export async function handleListRlsPolicies(params) {
     catch (error) {
         return {
             isError: true,
-            content: [{ type: 'text', text: `Error listando políticas RLS: ${error.message}` }],
+            content: [{ type: 'text', text: `Error listing RLS policies: ${error.message}` }],
         };
     }
 }
@@ -515,7 +515,7 @@ export async function handleGetActiveConnections() {
     catch (error) {
         return {
             isError: true,
-            content: [{ type: 'text', text: `Error obteniendo conexiones activas: ${error.message}` }],
+            content: [{ type: 'text', text: `Error retrieving active connections: ${error.message}` }],
         };
     }
 }

package/package.json

@@ -1,11 +1,11 @@
 {
   "name": "mcp-supabase-selfhosted",
-  "version": "1.0.0",
+  "version": "1.2.0",
   "description": "An open-source Model Context Protocol (MCP) server designed specifically for self-hosted Supabase instances.",
   "main": "dist/index.js",
   "type": "module",
   "bin": {
-    "mcp-supabase-selfhosted": "./dist/index.js"
+    "mcp-supabase-selfhosted": "dist/index.js"
   },
   "scripts": {
     "test": "tsx --test tests/tools.test.ts",

package/src/config/env.ts

@@ -7,12 +7,9 @@ dotenv.config();
 // Esquema de validación para las variables de entorno
 const envSchema = z
   .object({
-    SUPABASE_URL: z.string().url('La URL de Supabase debe ser válida').optional(),
+    SUPABASE_URL: z.string().url('Supabase URL must be a valid URL').optional(),
     SUPABASE_SERVICE_ROLE_KEY: z.string().optional(),
-    DATABASE_URL: z
-      .string()
-      .url('La URL de la base de datos (Postgres) debe ser válida')
-      .optional(),
+    DATABASE_URL: z.string().url('Database URL (Postgres) must be a valid URL').optional(),
   })
   .refine(
     (data) => {
@@ -23,7 +20,7 @@ const envSchema = z
     },
     {
       message:
-        'Debes configurar al menos DATABASE_URL o (SUPABASE_URL y SUPABASE_SERVICE_ROLE_KEY)',
+        'You must configure at least DATABASE_URL or (SUPABASE_URL and SUPABASE_SERVICE_ROLE_KEY)',
     },
   );
 
@@ -33,7 +30,7 @@ export function getConfig() {
     return config;
   } catch (error: unknown) {
     if (error instanceof z.ZodError) {
-      console.error(' Error de configuración. Faltan variables de entorno o son inválidas:');
+      console.error(' Configuration error. Environment variables are missing or invalid:');
       error.issues.forEach((e: z.ZodIssue) => console.error(`  - ${e.message}`));
       process.exit(1);
     }

package/src/db/postgres.ts

@@ -14,29 +14,27 @@ export async function getDbPool(): Promise<Pool> {
   const config = getConfig();
 
   if (!config.DATABASE_URL) {
-    throw new Error(
-      'DATABASE_URL no está configurada. Las herramientas de base de datos directa no funcionarán.',
-    );
+    throw new Error('DATABASE_URL is not configured. Direct database tools will not work.');
   }
 
   pgPool = new Pool({
     connectionString: config.DATABASE_URL,
-    max: 10, // Límite máximo de conexiones activas para este MCP
-    idleTimeoutMillis: 30000, // Cerrar conexiones inactivas después de 30s
-    connectionTimeoutMillis: 5000, // Abortar intentos de conexión lentos
-    statement_timeout: 10000, // (10s) Abortar consultas pesadas/erróneas generadas por la IA
+    max: 10, // Maximum active connections for this MCP
+    idleTimeoutMillis: 30000, // Close idle connections after 30s
+    connectionTimeoutMillis: 5000, // Abort slow connection attempts
+    statement_timeout: 10000, // (10s) Abort heavy/incorrect queries generated by the AI
   });
 
   try {
-    // Verificamos la conexión con una consulta sencilla
+    // Verify connection with a simple query
     const client = await pgPool.connect();
     client.release();
-    console.error(' Conectado exitosamente a PostgreSQL (Pool con timeouts configurados).');
+    console.error(' Successfully connected to PostgreSQL (Pool with timeouts configured).');
     return pgPool;
   } catch (error: unknown) {
     pgPool = null;
     const msg = error instanceof Error ? error.message : String(error);
-    console.error(' Error conectando a PostgreSQL:', msg);
+    console.error(' Error connecting to PostgreSQL:', msg);
     throw error;
   }
 }
@@ -51,7 +49,7 @@ export async function query(sql: string, params: unknown[] = []) {
     return result.rows;
   } catch (error: unknown) {
     const msg = error instanceof Error ? error.message : String(error);
-    console.error(' Error ejecutando query:', msg);
+    console.error(' Error executing query:', msg);
     throw error;
   }
 }

package/src/index.ts

@@ -1,7 +1,14 @@
 #!/usr/bin/env node
 import { Server } from '@modelcontextprotocol/sdk/server/index.js';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
-import { CallToolRequestSchema, ListToolsRequestSchema } from '@modelcontextprotocol/sdk/types.js';
+import {
+  CallToolRequestSchema,
+  ListToolsRequestSchema,
+  ListResourcesRequestSchema,
+  ReadResourceRequestSchema,
+  ListPromptsRequestSchema,
+  GetPromptRequestSchema,
+} from '@modelcontextprotocol/sdk/types.js';
 import { getConfig } from './config/env.js';
 import {
   toolsDefinitions,
@@ -19,6 +26,7 @@ import {
   handleListRlsPolicies,
   handleGetActiveConnections,
 } from './tools/index.js';
+import { query } from './db/postgres.js';
 
 async function main() {
   // 1. Validar la configuración al inicio
@@ -33,10 +41,78 @@ async function main() {
     {
       capabilities: {
         tools: {},
+        resources: {},
+        prompts: {},
       },
     },
   );
 
+  // --- RECURSOS (Resources) ---
+  server.setRequestHandler(ListResourcesRequestSchema, async () => {
+    return {
+      resources: [
+        {
+          uri: 'supabase://database/schema',
+          name: 'Complete database schema',
+          description: 'Returns the structure of all tables and columns in the public schema.',
+          mimeType: 'application/json',
+        },
+      ],
+    };
+  });
+
+  server.setRequestHandler(ReadResourceRequestSchema, async (request) => {
+    if (request.params.uri === 'supabase://database/schema') {
+      const sql = `
+        SELECT table_name, column_name, data_type 
+        FROM information_schema.columns 
+        WHERE table_schema = 'public'
+        ORDER BY table_name, ordinal_position;
+      `;
+      const rows = await query(sql);
+      return {
+        contents: [
+          {
+            uri: request.params.uri,
+            mimeType: 'application/json',
+            text: JSON.stringify(rows, null, 2),
+          },
+        ],
+      };
+    }
+    throw new Error('Resource not found');
+  });
+
+  // --- PROMPTS ---
+  server.setRequestHandler(ListPromptsRequestSchema, async () => {
+    return {
+      prompts: [
+        {
+          name: 'audit-security',
+          description: 'Performs a complete security audit of the Supabase instance.',
+        },
+      ],
+    };
+  });
+
+  server.setRequestHandler(GetPromptRequestSchema, async (request) => {
+    if (request.params.name === 'audit-security') {
+      return {
+        description: 'Supabase Security Audit',
+        messages: [
+          {
+            role: 'user',
+            content: {
+              type: 'text',
+              text: 'Please perform the following steps to audit my instance:\n1. Use get_advisors to detect performance and RLS issues.\n2. Use list_rls_policies to review all active access rules.\n3. Use get_active_connections to see if there are suspicious accesses or blocks.\n4. Finally, provide a detailed report with security recommendations.',
+            },
+          },
+        ],
+      };
+    }
+    throw new Error('Prompt not found');
+  });
+
   // 3. Registrar el manejador para listar herramientas (Tools)
   server.setRequestHandler(ListToolsRequestSchema, async () => {
     return {
@@ -84,10 +160,10 @@ async function main() {
   const transport = new StdioServerTransport();
   await server.connect(transport);
 
-  console.error(' Servidor MCP de Supabase Self-Hosted iniciado correctamente.');
+  console.error(' Supabase Self-Hosted MCP Server started successfully.');
 }
 
 main().catch((error) => {
-  console.error(' Error fatal al iniciar el servidor MCP:', error);
+  console.error(' Fatal error starting MCP server:', error);
   process.exit(1);
 });

package/src/supabase/client.ts

@@ -15,13 +15,13 @@ export function getSupabaseClient(): SupabaseClient {
 
   if (!config.SUPABASE_URL || !config.SUPABASE_SERVICE_ROLE_KEY) {
     throw new Error(
-      'SUPABASE_URL y SUPABASE_SERVICE_ROLE_KEY son obligatorias para utilizar las herramientas de Auth y Storage.',
+      'SUPABASE_URL and SUPABASE_SERVICE_ROLE_KEY are required to use Auth and Storage tools.',
     );
   }
 
-  // Creamos el cliente usando la service role key.
-  // IMPORTANTE: En el contexto de un MCP (que actúa como un super admin), es seguro
-  // y necesario usar la service role key, pero el usuario debe estar consciente de esto.
+  // Create client using the service role key.
+  // IMPORTANT: In an MCP context (acting as super admin), it is safe
+  // and necessary to use the service role key, but the user should be aware of this.
   supabaseClient = createClient(config.SUPABASE_URL, config.SUPABASE_SERVICE_ROLE_KEY, {
     auth: {
       autoRefreshToken: false,
@@ -29,6 +29,6 @@ export function getSupabaseClient(): SupabaseClient {
     },
   });
 
-  console.error(' Cliente Supabase API inicializado.');
+  console.error(' Supabase API client initialized.');
   return supabaseClient;
 }