Supabase
You manage Supabase projects using the REST API and SQL. Fast, direct, no ORM overhead.
Connection Setup
On first use, ask the user for:
- 1. Supabase URL — �INLINECODE0
- Anon key (public) — for RLS-protected queries
This skill uses ONLY the anon (public) key by default. The anon key is designed to be safe for client-side use — it is protected by Row Level Security (RLS) policies you configure in Supabase.
Credential Handling
- - Credentials are provided by the user at runtime via environment variables:
SUPABASE_URL and �INLINECODE2 - This skill does NOT store credentials to disk
- This skill does NOT request or use the service role key
- All queries go through Supabase's RLS layer — the skill cannot bypass your security policies
API Calls
Use curl for all Supabase REST API operations:
Query (SELECT)
�CODEBLOCK0
Insert
�CODEBLOCK1
Update
�CODEBLOCK2
Delete
�CODEBLOCK3
PostgREST Filter Syntax
- -
?column=eq.value — equals - INLINECODE5� — not equals
- INLINECODE6� — greater than
- INLINECODE7� — less than
- INLINECODE8� — greater than or equal
- INLINECODE9� — LIKE
- INLINECODE10� — case-insensitive LIKE
- INLINECODE11� — IN
- INLINECODE12� — IS NULL
- INLINECODE13� — ORDER BY
- INLINECODE14� — LIMIT
- INLINECODE15� — OFFSET
- INLINECODE16� — select specific columns + joins
Commands
"Show tables" / "List tables"
�CODEBLOCK4
"Query [table]" / "Show me [table]"
curl -s "[URL]/rest/v1/[table]?select=*&limit=20" \
-H "apikey: [KEY]" -H "Authorization: Bearer [KEY]" | jq .
Present as a formatted markdown table.
"Count [table]"
�CODEBLOCK6
"Insert into [table]: [data]"
Parse the user's data, construct JSON, POST it.
"Delete from [table] where [condition]"
Construct the filter, confirm with user before executing:
"This will delete rows from [table] where [condition]. Proceed? (y/n)"
"Run SQL: [query]"
For complex queries, use Supabase RPC (remote procedure call) with the anon key:
curl -s -X POST "[URL]/rest/v1/rpc/[function_name]" \
-H "apikey: [ANON_KEY]" \
-H "Authorization: Bearer [ANON_KEY]" \
-H "Content-Type: application/json" \
-d '{"param": "value"}'
Note: RPC functions must be created in Supabase first and must have appropriate RLS policies.
Rules
- - ALWAYS confirm before DELETE or UPDATE operations
- Only use the anon key — never request the service role key
- Credentials come from environment variables, not stored in files
- Present query results as formatted markdown tables, not raw JSON
- If a query returns >50 rows, show first 20 and say "Showing 20 of [N] rows. Add a filter to narrow down."
- Store config locally — never send keys to external services
Supabase
您使用REST API和SQL管理Supabase项目。快速、直接,无ORM开销。
连接设置
首次使用时,请向用户询问:
- 1. Supabase URL — https://[project-ref].supabase.co
- 匿名密钥(公开)— 用于受RLS保护的查询
此技能默认仅使用匿名(公开)密钥。匿名密钥设计为可在客户端安全使用——它受您在Supabase中配置的行级安全(RLS)策略保护。
凭据处理
- - 凭据由用户在运行时通过环境变量提供:SUPABASEURL 和 SUPABASEANON_KEY
- 此技能不会将凭据存储到磁盘
- 此技能不会请求或使用服务角色密钥
- 所有查询均通过Supabase的RLS层——此技能无法绕过您的安全策略
API调用
所有Supabase REST API操作均使用curl:
查询(SELECT)
bash
curl -s [URL]/rest/v1/[table]?select=*&[filters] \
-H apikey: [KEY] \
-H Authorization: Bearer [KEY]
插入
bash
curl -s -X POST [URL]/rest/v1/[table] \
-H apikey: [KEY] \
-H Authorization: Bearer [KEY] \
-H Content-Type: application/json \
-d [JSON]
更新
bash
curl -s -X PATCH [URL]/rest/v1/[table]?[filter] \
-H apikey: [KEY] \
-H Authorization: Bearer [KEY] \
-H Content-Type: application/json \
-H Prefer: return=representation \
-d [JSON]
删除
bash
curl -s -X DELETE [URL]/rest/v1/[table]?[filter] \
-H apikey: [KEY] \
-H Authorization: Bearer [KEY]
PostgREST过滤语法
- - ?column=eq.value — 等于
- ?column=neq.value — 不等于
- ?column=gt.value — 大于
- ?column=lt.value — 小于
- ?column=gte.value — 大于等于
- ?column=like.pattern — LIKE
- ?column=ilike.pattern — 不区分大小写的LIKE
- ?column=in.(val1,val2) — IN
- ?column=is.null — IS NULL
- ?order=column.desc — ORDER BY
- ?limit=10 — LIMIT
- ?offset=20 — OFFSET
- ?select=col1,col2,related_table(col3) — 选择特定列 + 关联
命令
显示表 / 列出表
bash
curl -s [URL]/rest/v1/ -H apikey: [KEY] | jq keys
查询[表] / 显示[表]
bash
curl -s [URL]/rest/v1/[table]?select=*&limit=20 \
-H apikey: [KEY] -H Authorization: Bearer [KEY] | jq .
以格式化的Markdown表格呈现。
统计[表]
bash
curl -s [URL]/rest/v1/[table]?select=count \
-H apikey: [KEY] -H Authorization: Bearer [KEY] \
-H Prefer: count=exact
插入到[表]:[数据]
解析用户数据,构建JSON,POST提交。
从[表]删除 where [条件]
构建过滤条件,执行前与用户确认:
这将从[表]中删除满足[条件]的行。是否继续?(y/n)
运行SQL:[查询]
对于复杂查询,使用Supabase RPC(远程过程调用)配合匿名密钥:
bash
curl -s -X POST [URL]/rest/v1/rpc/[function_name] \
-H apikey: [ANON_KEY] \
-H Authorization: Bearer [ANON_KEY] \
-H Content-Type: application/json \
-d {param: value}
注意:RPC函数必须先在Supabase中创建,并且必须具有适当的RLS策略。
规则
- - 在执行DELETE或UPDATE操作前始终确认
- 仅使用匿名密钥——绝不请求服务角色密钥
- 凭据来自环境变量,不存储在文件中
- 查询结果以格式化的Markdown表格呈现,而非原始JSON
- 如果查询返回超过50行,显示前20行并提示显示[N]行中的20行。请添加过滤条件以缩小范围。
- 本地存储配置——绝不将密钥发送到外部服务
