Supabase · Capability

Supabase Backend As A Service

Unified workflow capability combining Supabase's database, authentication, and storage services for full-stack application development. Used by developers building web and mobile applications who need a complete backend without managing infrastructure. Combines the Management API, Auth API, Database REST API, and Storage API into a single coherent developer experience.

Run with Naftiko SupabaseBackend As A ServiceFull StackPostgreSQLAuthenticationStorage

What You Can Do

GET
List projects — List all projects
/v1/projects
POST
Create project — Create a new project
/v1/projects
GET
Get project — Get project details
/v1/projects/{ref}
GET
Get api keys — Get project API keys
/v1/projects/{ref}/api-keys
GET
Get health — Get project health status
/v1/projects/{ref}/health
POST
Sign up — Register a new user
/v1/auth/signup
POST
Sign in — Sign in a user
/v1/auth/signin
GET
List users — List all users
/v1/auth/users
GET
Select rows — Query table rows
/v1/data/{table}
POST
Insert rows — Insert rows
/v1/data/{table}
POST
Invoke function — Invoke a PostgreSQL function
/v1/rpc/{function_name}
GET
List buckets — List all storage buckets
/v1/buckets
POST
Create bucket — Create a storage bucket
/v1/buckets
GET
List organizations — List all organizations
/v1/organizations

MCP Tools

list-projects

List all Supabase projects

read-only
create-project

Create a new Supabase project

get-project

Get details for a specific project

read-only
get-project-health

Get project health and service status

read-only
get-api-keys

Get the API keys (anon, service_role) for a project

read-only
list-functions

List all Edge Functions for a project

read-only
create-function

Deploy a new Edge Function to a project

list-secrets

List secrets stored for a project

read-only
list-organizations

List all organizations the user belongs to

read-only
sign-up

Register a new user with email and password

sign-in

Sign in a user and get JWT access token

get-user

Get the currently authenticated user's profile

read-only
list-users

List all users in the project (admin)

read-only
select-rows

Query rows from a database table with filtering and pagination

read-only
insert-rows

Insert one or more rows into a database table

update-rows

Update rows in a table matching filter criteria

idempotent
invoke-function

Call a PostgreSQL stored function via RPC

list-buckets

List all storage buckets in the project

read-only
create-bucket

Create a new storage bucket

create-signed-url

Create a signed URL for temporary access to a private file

APIs Used

supabase-mgmt supabase-auth supabase-db supabase-storage

Capability Spec

backend-as-a-service.yaml Raw ↑ 
naftiko: "1.0.0-alpha1"

info:
  label: "Supabase Backend As A Service"
  description: >-
    Unified workflow capability combining Supabase's database, authentication, and
    storage services for full-stack application development. Used by developers
    building web and mobile applications who need a complete backend without
    managing infrastructure. Combines the Management API, Auth API, Database REST
    API, and Storage API into a single coherent developer experience.
  tags:
    - Supabase
    - Backend As A Service
    - Full Stack
    - PostgreSQL
    - Authentication
    - Storage
  created: "2026-05-02"
  modified: "2026-05-02"

binds:
  - namespace: env
    keys:
      SUPABASE_ACCESS_TOKEN: SUPABASE_ACCESS_TOKEN
      SUPABASE_ANON_KEY: SUPABASE_ANON_KEY
      SUPABASE_SERVICE_ROLE_KEY: SUPABASE_SERVICE_ROLE_KEY
      SUPABASE_PROJECT_REF: SUPABASE_PROJECT_REF

capability:
  consumes:
    - import: supabase-mgmt
      location: ./shared/management-api.yaml
    - import: supabase-auth
      location: ./shared/auth-api.yaml
    - import: supabase-db
      location: ./shared/database-rest-api.yaml
    - import: supabase-storage
      location: ./shared/storage-api.yaml

  exposes:
    - type: rest
      port: 8080
      namespace: supabase-baas-api
      description: "Unified REST API for Supabase backend services."
      resources:
        - path: /v1/projects
          name: projects
          description: "Manage Supabase projects"
          operations:
            - method: GET
              name: list-projects
              description: "List all projects"
              call: "supabase-mgmt.list-projects"
              outputParameters:
                - type: array
                  mapping: "$."
            - method: POST
              name: create-project
              description: "Create a new project"
              call: "supabase-mgmt.create-project"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/projects/{ref}
          name: project
          description: "Manage a specific project"
          operations:
            - method: GET
              name: get-project
              description: "Get project details"
              call: "supabase-mgmt.get-project"
              with:
                ref: "rest.ref"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/projects/{ref}/api-keys
          name: api-keys
          description: "Retrieve project API keys"
          operations:
            - method: GET
              name: get-api-keys
              description: "Get project API keys"
              call: "supabase-mgmt.get-project-api-keys"
              with:
                ref: "rest.ref"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/projects/{ref}/health
          name: project-health
          description: "Project health status"
          operations:
            - method: GET
              name: get-health
              description: "Get project health status"
              call: "supabase-mgmt.get-project-health"
              with:
                ref: "rest.ref"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/auth/signup
          name: signup
          description: "User registration"
          operations:
            - method: POST
              name: sign-up
              description: "Register a new user"
              call: "supabase-auth.sign-up"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/auth/signin
          name: signin
          description: "User login"
          operations:
            - method: POST
              name: sign-in
              description: "Sign in a user"
              call: "supabase-auth.sign-in"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/auth/users
          name: users
          description: "User management (admin)"
          operations:
            - method: GET
              name: list-users
              description: "List all users"
              call: "supabase-auth.list-users"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/data/{table}
          name: table-data
          description: "Database CRUD operations"
          operations:
            - method: GET
              name: select-rows
              description: "Query table rows"
              call: "supabase-db.select-rows"
              with:
                table: "rest.table"
              outputParameters:
                - type: array
                  mapping: "$."
            - method: POST
              name: insert-rows
              description: "Insert rows"
              call: "supabase-db.insert-rows"
              with:
                table: "rest.table"
              outputParameters:
                - type: array
                  mapping: "$."
        - path: /v1/rpc/{function_name}
          name: rpc
          description: "PostgreSQL function invocation"
          operations:
            - method: POST
              name: invoke-function
              description: "Invoke a PostgreSQL function"
              call: "supabase-db.invoke-function"
              with:
                function_name: "rest.function_name"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/buckets
          name: buckets
          description: "Storage bucket management"
          operations:
            - method: GET
              name: list-buckets
              description: "List all storage buckets"
              call: "supabase-storage.list-buckets"
              outputParameters:
                - type: array
                  mapping: "$."
            - method: POST
              name: create-bucket
              description: "Create a storage bucket"
              call: "supabase-storage.create-bucket"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/organizations
          name: organizations
          description: "Organization management"
          operations:
            - method: GET
              name: list-organizations
              description: "List all organizations"
              call: "supabase-mgmt.list-organizations"
              outputParameters:
                - type: array
                  mapping: "$."

    - type: mcp
      port: 9090
      namespace: supabase-baas-mcp
      transport: http
      description: "MCP server for AI-assisted Supabase application development."
      tools:
        - name: list-projects
          description: "List all Supabase projects"
          hints:
            readOnly: true
            openWorld: false
          call: "supabase-mgmt.list-projects"
          outputParameters:
            - type: array
              mapping: "$."
        - name: create-project
          description: "Create a new Supabase project"
          hints:
            readOnly: false
            destructive: false
          call: "supabase-mgmt.create-project"
          with:
            name: "tools.name"
            organization_id: "tools.organization_id"
            db_pass: "tools.db_pass"
            region: "tools.region"
          outputParameters:
            - type: object
              mapping: "$."
        - name: get-project
          description: "Get details for a specific project"
          hints:
            readOnly: true
            openWorld: false
          call: "supabase-mgmt.get-project"
          with:
            ref: "tools.ref"
          outputParameters:
            - type: object
              mapping: "$."
        - name: get-project-health
          description: "Get project health and service status"
          hints:
            readOnly: true
            openWorld: false
          call: "supabase-mgmt.get-project-health"
          with:
            ref: "tools.ref"
          outputParameters:
            - type: object
              mapping: "$."
        - name: get-api-keys
          description: "Get the API keys (anon, service_role) for a project"
          hints:
            readOnly: true
            openWorld: false
          call: "supabase-mgmt.get-project-api-keys"
          with:
            ref: "tools.ref"
          outputParameters:
            - type: object
              mapping: "$."
        - name: list-functions
          description: "List all Edge Functions for a project"
          hints:
            readOnly: true
            openWorld: false
          call: "supabase-mgmt.list-functions"
          with:
            ref: "tools.ref"
          outputParameters:
            - type: array
              mapping: "$."
        - name: create-function
          description: "Deploy a new Edge Function to a project"
          hints:
            readOnly: false
            destructive: false
          call: "supabase-mgmt.create-function"
          with:
            ref: "tools.ref"
            slug: "tools.slug"
            name: "tools.name"
            body: "tools.body"
          outputParameters:
            - type: object
              mapping: "$."
        - name: list-secrets
          description: "List secrets stored for a project"
          hints:
            readOnly: true
            openWorld: false
          call: "supabase-mgmt.list-secrets"
          with:
            ref: "tools.ref"
          outputParameters:
            - type: array
              mapping: "$."
        - name: list-organizations
          description: "List all organizations the user belongs to"
          hints:
            readOnly: true
            openWorld: false
          call: "supabase-mgmt.list-organizations"
          outputParameters:
            - type: array
              mapping: "$."
        - name: sign-up
          description: "Register a new user with email and password"
          hints:
            readOnly: false
            destructive: false
          call: "supabase-auth.sign-up"
          with:
            email: "tools.email"
            password: "tools.password"
          outputParameters:
            - type: object
              mapping: "$."
        - name: sign-in
          description: "Sign in a user and get JWT access token"
          hints:
            readOnly: false
            destructive: false
          call: "supabase-auth.sign-in"
          with:
            email: "tools.email"
            password: "tools.password"
          outputParameters:
            - type: object
              mapping: "$."
        - name: get-user
          description: "Get the currently authenticated user's profile"
          hints:
            readOnly: true
            openWorld: false
          call: "supabase-auth.get-user"
          outputParameters:
            - type: object
              mapping: "$."
        - name: list-users
          description: "List all users in the project (admin)"
          hints:
            readOnly: true
            openWorld: false
          call: "supabase-auth.list-users"
          outputParameters:
            - type: object
              mapping: "$."
        - name: select-rows
          description: "Query rows from a database table with filtering and pagination"
          hints:
            readOnly: true
            openWorld: false
          call: "supabase-db.select-rows"
          with:
            table: "tools.table"
            select: "tools.select"
            limit: "tools.limit"
            offset: "tools.offset"
          outputParameters:
            - type: array
              mapping: "$."
        - name: insert-rows
          description: "Insert one or more rows into a database table"
          hints:
            readOnly: false
            destructive: false
          call: "supabase-db.insert-rows"
          with:
            table: "tools.table"
            row_data: "tools.row_data"
          outputParameters:
            - type: array
              mapping: "$."
        - name: update-rows
          description: "Update rows in a table matching filter criteria"
          hints:
            readOnly: false
            destructive: false
            idempotent: true
          call: "supabase-db.update-rows"
          with:
            table: "tools.table"
            updates: "tools.updates"
          outputParameters:
            - type: array
              mapping: "$."
        - name: invoke-function
          description: "Call a PostgreSQL stored function via RPC"
          hints:
            readOnly: false
            destructive: false
          call: "supabase-db.invoke-function"
          with:
            function_name: "tools.function_name"
            args: "tools.args"
          outputParameters:
            - type: object
              mapping: "$."
        - name: list-buckets
          description: "List all storage buckets in the project"
          hints:
            readOnly: true
            openWorld: false
          call: "supabase-storage.list-buckets"
          outputParameters:
            - type: array
              mapping: "$."
        - name: create-bucket
          description: "Create a new storage bucket"
          hints:
            readOnly: false
            destructive: false
          call: "supabase-storage.create-bucket"
          with:
            id: "tools.id"
            public: "tools.public"
          outputParameters:
            - type: object
              mapping: "$."
        - name: create-signed-url
          description: "Create a signed URL for temporary access to a private file"
          hints:
            readOnly: false
            destructive: false
          call: "supabase-storage.create-signed-url"
          with:
            bucket_id: "tools.bucket_id"
            object_name: "tools.object_name"
            expiresIn: "tools.expiresIn"
          outputParameters:
            - type: object
              mapping: "$."