UNPKG

@rip-user/rls-debugger-mcp

Version:

AI-powered MCP server for debugging Supabase Row Level Security policies with Claude structured outputs

github.com/rip-user/rls-debugger-mcp

rip-user/rls-debugger-mcp

175 lines (129 loc) 4.76 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
# Configuration Examples This directory contains example configuration files for the RLS Debugger MCP server. ## Files ### `.mcp.json` Example MCP server configuration for Claude Code. Copy this to your project root as `.mcp.json` (project-specific) or `~/.mcp.json` (global). **Usage**: ```bash # Project-specific (committed to git) cp examples/.mcp.json .mcp.json # User-global (all projects) cp examples/.mcp.json ~/.mcp.json # Local override (gitignored) cp examples/.mcp.json .mcp.local.json ``` ### `.env.example` Example environment variables. While MCP configuration typically includes env vars inline, you can also use a `.env` file for development. **Usage**: ```bash cp examples/.env.example .env # Edit .env with your actual credentials ``` **Note**: Never commit `.env` files to git. They are in `.gitignore` by default. ## Configuration Scopes Claude Code supports three configuration scopes: 1. **Project** (`.mcp.json`): - Committed to git - Shared with team - Project-specific servers 2. **User** (`~/.mcp.json`): - Global across all projects - Personal configuration - Not in git 3. **Local** (`.mcp.local.json`): - Gitignored - Overrides project config - For development/testing ## Environment Variables | Variable | Required | Description | |----------|----------|-------------| | `SUPABASE_URL` | Yes | Your Supabase project URL (e.g., `https://abc.supabase.co`) | | `SUPABASE_SERVICE_KEY` | Yes | Service role key from Supabase settings → API | | `ANTHROPIC_API_KEY` | Yes | Get from https://console.anthropic.com/ | | `CLAUDE_MODEL` | No | Model to use (default: `claude-sonnet-4-5-20250514`) | | `MEMORY_DIR` | No | Knowledge storage location (default: `./.rls-memory`) | ## Getting Credentials ### Supabase 1. Go to your project at https://supabase.com/dashboard 2. Navigate to **Settings****API** 3. Copy: - **Project URL**`SUPABASE_URL` - **service_role secret** → `SUPABASE_SERVICE_KEY` (⚠️ Keep this secret!) ### Anthropic 1. Go to https://console.anthropic.com/ 2. Navigate to **API Keys** 3. Create a new key 4. Copy the key → `ANTHROPIC_API_KEY` ## Model Selection The `CLAUDE_MODEL` environment variable controls which Claude model is used for analysis: ### claude-sonnet-4-5-20250514 (Default) - **Best for**: General debugging, most use cases - **Speed**: Fast - **Cost**: Most cost-effective - **Quality**: High quality analysis ### claude-opus-4-1-20250514 - **Best for**: Complex policy interactions, thorough analysis - **Speed**: Slower - **Cost**: More expensive - **Quality**: Maximum detail and thoroughness **Recommendation**: Start with Sonnet. Only switch to Opus for exceptionally complex scenarios. ## Installation Methods ### Via npx (No installation) ```bash # Server runs from npm registry "command": "npx", "args": ["-y", "@rip-user/rls-debugger-mcp"] ``` ### Via global install ```bash npm install -g @rip-user/rls-debugger-mcp # Then use: "command": "rls-debugger-mcp" ``` ### From source (Development) ```bash git clone https://github.com/rip-user/rls-debugger-mcp cd rls-debugger-mcp npm install npm run build # Then use: "command": "node", "args": ["/absolute/path/to/rls-debugger-mcp/dist/index.js"] ``` ## Troubleshooting ### Server not connecting 1. Check environment variables are set correctly 2. Verify Supabase URL and service key 3. Ensure Anthropic API key is valid 4. Check Claude Code logs: **View** → **Output** → Select "MCP" ### Invalid credentials ```bash # Test Supabase connection curl https://your-project.supabase.co/rest/v1/ \ -H "apikey: your-service-role-key" # Test Anthropic API curl https://api.anthropic.com/v1/messages \ -H "x-api-key: your-api-key" \ -H "anthropic-version: 2023-06-01" \ -H "content-type: application/json" \ -d '{"model":"claude-sonnet-4-5-20250514","max_tokens":1024,"messages":[{"role":"user","content":"Hi"}]}' ``` ### Model not found If you get an error about the model: 1. Check you're using a valid model name 2. Ensure your Anthropic API key has access to the model 3. Try removing `CLAUDE_MODEL` to use the default ## Security Notes ⚠️ **Never commit secrets to git**: - Add `.env` to `.gitignore` - Use `.mcp.local.json` for personal credentials - Never share your service role key publicly ⚠️ **Service role key has admin access**: - Can bypass all RLS policies - Can access all data in your database - Only use server-side (never expose to clients) ## Additional Resources - [MCP Documentation](https://spec.modelcontextprotocol.io/) - [Claude Code Documentation](https://code.claude.com/) - [Supabase RLS Guide](https://supabase.com/docs/guides/auth/row-level-security) - [Anthropic API Reference](https://docs.anthropic.com/)