UNPKG

@rip-user/rls-debugger-mcp

Version:

AI-powered MCP server for debugging Supabase Row Level Security policies with Claude structured outputs

github.com/rip-user/rls-debugger-mcp

rip-user/rls-debugger-mcp

115 lines 3.55 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
/** * SQL query to fetch all RLS policies from PostgreSQL system tables */ export const GET_ALL_RLS_POLICIES = ` SELECT nsp.nspname AS schemaname, rel.relname AS tablename, pol.polname AS policyname, CASE pol.polpermissive WHEN true THEN 'PERMISSIVE' WHEN false THEN 'RESTRICTIVE' END AS polpermissive, CASE WHEN cardinality(pol.polroles) > 0 THEN pg_get_userbyid(pol.polroles[1]) ELSE 'public' END AS policyrole, CASE pol.polcmd WHEN '*' THEN 'ALL' WHEN 'r' THEN 'SELECT' WHEN 'a' THEN 'INSERT' WHEN 'w' THEN 'UPDATE' WHEN 'd' THEN 'DELETE' END AS polcmd, pg_get_expr(pol.polqual, pol.polrelid) AS policyqual, pg_get_expr(pol.polwithcheck, pol.polrelid) AS policywithcheck FROM pg_catalog.pg_policy pol JOIN pg_catalog.pg_class rel ON pol.polrelid = rel.oid JOIN pg_catalog.pg_namespace nsp ON rel.relnamespace = nsp.oid WHERE nsp.nspname = 'public' ORDER BY rel.relname, pol.polname; `; /** * SQL query to get policies for a specific table */ export function getTablePoliciesQuery(tableName) { return ` SELECT nsp.nspname AS schemaname, rel.relname AS tablename, pol.polname AS policyname, CASE pol.polpermissive WHEN true THEN 'PERMISSIVE' WHEN false THEN 'RESTRICTIVE' END AS polpermissive, CASE WHEN cardinality(pol.polroles) > 0 THEN pg_get_userbyid(pol.polroles[1]) ELSE 'public' END AS policyrole, CASE pol.polcmd WHEN '*' THEN 'ALL' WHEN 'r' THEN 'SELECT' WHEN 'a' THEN 'INSERT' WHEN 'w' THEN 'UPDATE' WHEN 'd' THEN 'DELETE' END AS polcmd, pg_get_expr(pol.polqual, pol.polrelid) AS policyqual, pg_get_expr(pol.polwithcheck, pol.polrelid) AS policywithcheck FROM pg_catalog.pg_policy pol JOIN pg_catalog.pg_class rel ON pol.polrelid = rel.oid JOIN pg_catalog.pg_namespace nsp ON rel.relnamespace = nsp.oid WHERE nsp.nspname = 'public' AND rel.relname = '${tableName}' ORDER BY pol.polname; `; } /** * Fetch all RLS policies from Supabase */ export async function fetchAllPolicies(supabase) { // Use raw SQL query directly const { data, error } = await supabase.rpc('exec_sql', { query: GET_ALL_RLS_POLICIES }); if (error) { // Try alternative approach using information_schema const altQuery = ` SELECT schemaname, tablename, policyname FROM pg_policies WHERE schemaname = 'public'; `; const { data: altData, error: altError } = await supabase.rpc('exec_sql', { query: altQuery }); if (altError) { throw new Error(`Failed to fetch RLS policies: ${error.message || altError.message}`); } return altData || []; } return data || []; } /** * Fetch policies for a specific table */ export async function fetchTablePolicies(supabase, tableName) { const allPolicies = await fetchAllPolicies(supabase); return allPolicies.filter(p => p.tablename === tableName); } /** * Check if a table has RLS enabled */ export async function isRLSEnabled(supabase, tableName) { const query = ` SELECT relrowsecurity FROM pg_class WHERE relname = '${tableName}'; `; const { data, error } = await supabase.rpc('exec_sql', { query }); if (error || !data || data.length === 0) { return false; } return data[0].relrowsecurity === true; } //# sourceMappingURL=rls-queries.js.map