Learning

Supabase CLI vs Supabase MCP with Claude Code - How I Actually Use Both

A field report from someone who uses both daily. Not a tutorial - more like what actually happens when an AI agent has access to your entire infrastructure.

April 3, 20265 min142 views

I use Supabase every day. Multiple projects, real users, real data, real money flowing through Stripe. And for the last few months, I've been doing almost all of it through Claude Code.

Not the Supabase dashboard. Not manually typing CLI commands. An AI agent that runs the CLI for me, connects to my databases through MCP, and teaches me things about my own infrastructure while we work. It sounds like a flex, but it's just how my workflow evolved. And I think it's where a lot of us are headed.

This post is about the two ways Claude Code talks to Supabase - the CLI and the MCP - and how I actually use both. Not a tutorial. More like a field report from someone who's been living in this setup for a while.

Quick context: CLI and MCP are different tools

The Supabase CLI is the command-line tool. 50+ commands. You install it with npm or brew, authenticate with supabase login, link a project, and then you can do everything from spinning up a local dev stack with Docker to deploying edge functions, running migrations, managing secrets, generating TypeScript types - the full lifecycle.

The Supabase MCP is different. It's a set of 32 tools organized into 8 groups that an AI agent can use directly. Think of it as the API layer that lets Claude Code interact with your Supabase project without going through the terminal. It can execute SQL, list tables, check logs, get security and performance advisors, deploy edge functions, search the docs, and more.

They overlap in some areas, but each one can do things the other can't.

CLI-only: local dev environment, db diff/pull/dump, secrets management, serving functions locally, inspecting database internals, network configuration.

MCP-only: searching Supabase docs (built-in), reading logs (API, Postgres, edge functions, auth, storage, realtime), getting security and performance advisors, pausing/restoring projects, cost estimation, read-only safety mode, storage management.

The interesting part isn't what each tool does individually. It's what happens when an AI agent has access to both at the same time.

How I actually use them

Here's what a typical day looks like.

I open Claude Code and say something like "check the database for any tables missing RLS policies." Claude Code uses the MCP to list tables, then runs SQL to check which ones have Row Level Security enabled. If something's off, it tells me what's exposed and suggests a migration. I say "fix it," and it writes the migration SQL and applies it through the MCP.

Or I'll say "deploy the stripe-webhook edge function." Claude Code switches to the CLI for that - runs supabase functions deploy stripe-webhook through the terminal. Same session, different tool, zero context switching on my end.

The MCP handles the conversational stuff. Schema exploration, running queries against my memory system, checking auth logs when something looks weird, pulling security advisors to see what Supabase recommends. The CLI handles the heavy operations. Deploying functions, pushing database changes, managing secrets, generating types.

I don't decide which tool to use. Claude Code does. It picks the right one based on what I'm asking for. I just describe what I need.

The memory system angle

This is the part that makes the whole setup feel different from just "AI runs commands for me."

I have a semantic memory system with 560+ memories stored in Supabase itself. Support cases, recurring patterns, project details, workarounds, contacts, everything I've learned in months of community support work. All searchable by meaning through MCP.

So when I'm working on a project and something feels familiar, Claude Code searches my memory for similar cases. When we solve something new, it saves the pattern. When I'm writing a support response, it pulls up the 3 most relevant cases from my history.

The database IS the brain. And the MCP is how the AI reads and writes to it. It's a loop - I work, the system learns, the next session starts smarter.

The security story

This is where it gets real.

I have a project that processes payments through Stripe. Real money, real users. A few weeks ago, I did a full security audit and found things that needed attention - write policies open to anonymous users, functions callable without authentication, sensitive columns exposed through the API.

That audit became a skill. It's now an open-source tool called supabase-security-audit - a Claude Code skill that checks RLS policies, function permissions, storage policies, API exposure, and auth configuration. It produces an ASCII visual report that shows you exactly what's exposed and what needs fixing.

The thing is, I never would have caught all of that manually. The combination of MCP (to inspect the schema, check policies, read the advisors) and CLI (to apply the fixes, deploy updated functions) made it possible to go from "something feels off" to a fully hardened setup in one session.

Now I'm building agents that continuously monitor my Supabase setup. Not just run-once audits, but ongoing watchers that check for vulnerabilities, flag changes that weaken security, and alert me before something becomes a problem.

The "CLI vs MCP" debate (and why it's the wrong question)

There's a whole conversation happening right now about whether CLI or MCP is "better" for AI agents. Perplexity dropped MCP citing 72% context window waste. Benchmarks show CLI is 10-32x cheaper in tokens. Simon Willison documented a real vulnerability where the Supabase MCP with service_role access could be exploited through prompt injection.

These are valid concerns. But the framing is wrong. It's not about which one is better. It's about how you use both to your advantage.

Here's something people miss: the MCP is actually more secure than the CLI in several ways. The CLI is all-or-nothing, no read-only mode, no project scoping, no feature groups. The MCP has all of that built in. You can lock it to one project, disable write operations, limit which tool categories are available. The remote MCP server uses OAuth 2.1 instead of raw API keys.

My workflow is supervised. I'm in the conversation approving every action. Claude Code suggests, I confirm. That changes the risk profile completely.

The question isn't "CLI or MCP?" It's "how do I set up my tools so I have visibility, control, and safety at every step?"

What I've actually learned

Here's the thing nobody talks about when they say "AI writes my code." It also teaches you.

I understand more about Supabase now than I did before Claude Code. Not less. Because every time the AI runs a command or writes a query, I see what it's doing. I ask why. It explains. I learn something about RLS that I wouldn't have found in the docs. I discover that Supabase Realtime requires public in exposed schemas even if you're trying to isolate with a custom schema.

These are the kinds of things you learn from doing, not from reading. And having an AI that can both do the work AND explain it while it's happening is genuinely different from either doing it yourself or having someone else do it for you.

The comparison, honestly

Best for

CLI (via Claude Code)

Heavy operations, local dev, deployments

MCP

Exploration, queries, monitoring, logs

How I trigger it

CLI (via Claude Code)

"Deploy this function", "push the migration"

MCP

"Check the schema", "what do the logs say"

Security

CLI (via Claude Code)

Manages secrets, applies fixes

MCP

Inspects policies, gets advisors, reads config

Learning

CLI (via Claude Code)

See the commands, understand the workflow

MCP

See the data, understand the state

My memory system

CLI (via Claude Code)

-

MCP

Search and save memories via MCP

Edge functions

CLI (via Claude Code)

Deploy, serve locally, delete

MCP

List, read code, deploy

Read-only mode

CLI (via Claude Code)

No

MCP

Yes - safety net for exploration

They're not competing. They're complementary. CLI is the hands, MCP is the eyes. Claude Code is the brain that decides which one to use.

Where this is going

I'm not building a static workflow. This is evolving.

The security audit skill already works. The memory system already works. The agent delegation - where Claude Code assigns tasks to other agents - is already running. What comes next is the continuous part. Agents that don't wait for me to ask "is everything secure?" but instead check on their own schedule and report back.

I think this is the future of how we'll work with infrastructure. Not clicking through dashboards, not memorizing CLI flags, not even writing scripts. Just describing what you need and having an AI that knows your tools, your projects, your history, and your security posture well enough to make it happen.

I'm figuring this out in real time. And the weird thing is, Supabase is both the tool I'm managing AND the tool that stores everything I've learned about managing it. The database is the brain. The CLI and MCP are the hands and eyes. And Claude Code is the thing that ties it all together.

If you're using Supabase and you haven't tried working through an AI agent yet - the door is open. You don't need to be an expert. Honestly, that's kind of the point.

Enjoyed this?

Carol Ships: building, shipping, figuring it out.

Have another workaround to share?

Start the thread below!

Comments

No comments yet. Be the first to share your thoughts!