MCP Server Configuration

The agent expects Supabase MCP or another schema-introspection MCP exposing read-only tools.

Approved servers

• Supabase MCP for Supabase projects, with ?read_only=true for hosted sources
• local-storestorm-tenant, dev-storestorm-tenant, and prod-storestorm-tenant for this repo's tenant schema sources
• postgres-mcp-pro / pgEdge for non-Supabase Postgres targets, restricted/read-only
• Other cloud-vendor MCPs only when read-only

Forbidden

• @modelcontextprotocol/server-postgres — archived July 2025 with a SQL injection CVE.

Read-only role

CREATE ROLE mcp_readonly LOGIN PASSWORD '...';
GRANT CONNECT ON DATABASE your_db TO mcp_readonly;
GRANT USAGE ON SCHEMA public TO mcp_readonly;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO mcp_readonly;
ALTER DEFAULT PRIVILEGES IN SCHEMA public
  GRANT SELECT ON TABLES TO mcp_readonly;
ALTER ROLE mcp_readonly SET default_transaction_read_only = on;
ALTER ROLE mcp_readonly SET statement_timeout = '5s';
ALTER ROLE mcp_readonly SET idle_in_transaction_session_timeout = '10s';

.mcp.json

{
  "mcpServers": {
    "local-storestorm-tenant": {
      "type": "http",
      "url": "http://localhost:54321/mcp"
    },
    "dev-storestorm-tenant": {
      "type": "http",
      "url": "https://mcp.supabase.com/mcp?project_ref=<dev-storestorm-tenant-project-ref>&read_only=true"
    },
    "prod-storestorm-tenant": {
      "type": "http",
      "url": "https://mcp.supabase.com/mcp?project_ref=<prod-storestorm-tenant-project-ref>&read_only=true"
    }
  }
}

Supabase access tokens are selected for CLI work with supawho and stored in macOS Keychain, not committed to the repo. Current account names are dev-storestorm-tenant and prod-storestorm-tenant. Direct Postgres connection strings, when used for non-Supabase targets, live in env vars. Production introspection is read-only and preferably replica-backed; production mutations require explicit current-session approval.