You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* fix(supabase): remove non-functional SQL introspection path, harden storage URL encoding, add missing storage endpoints
- introspect.ts no longer attempts raw SQL via a nonexistent PostgREST
RPC endpoint (always failed); now uses the OpenAPI-spec path directly
with honest heuristic/best-effort documentation for PK/FK/index fields
- storage tools now trim + URL-encode bucket/path segments before
building request URLs (download, list, get_public_url,
create_signed_url, delete_bucket, delete, and the upload API route)
- storage_create_signed_url guards against a missing signedURL field
in the response instead of silently building a broken URL
- add supabase_storage_create_signed_upload_url, supabase_storage_update_bucket,
and supabase_storage_empty_bucket tools + block wiring
- change insert/upsert `data` param type from 'array' to 'json' to match
actual accepted shapes (array or single object)
- bump tool versions to semver (1.0 -> 1.0.0)
- rewrite a BlockMeta template that implied unsupported Supabase Auth
Admin user-provisioning
(cherry picked from commit 52b655a)
* fix(supabase): address review feedback on update-bucket, signed upload url, and introspect
- storage_update_bucket now fetches the bucket's current config first
and only overrides isPublic/fileSizeLimit/allowedMimeTypes when the
caller explicitly provides them, instead of silently forcing
public: false on every update (the Storage API's PUT is a full
replace, not a patch)
- storage_create_signed_upload_url and storage_empty_bucket now check
response.ok before surfacing an error, so a non-2xx response reports
Supabase's actual error instead of a misleading parse-side message
- introspect.ts drops the spurious ?select=* query param from the
OpenAPI spec request (meaningless on the root spec endpoint)
(cherry picked from commit 557e407)
* fix(supabase): tri-state bucket visibility on update, empty-string param coercion, introspect schema header
- introspect.ts now sends Accept-Profile when a schema param is given,
matching the convention used by the other DB tools, so schema-scoped
introspection actually reads from that schema's spec
- storage_update_bucket.ts treats an empty-string param the same as
"not provided" (e.g. an untouched file size limit input no longer
coerces to 0)
- the shared "Public Bucket" dropdown always sent an explicit true/false
for storage_update_bucket (its default masked "not touched"), which
could still flip a public bucket private; added a dedicated
"Keep Current / True / False" control for the update operation so
omitting a choice genuinely omits the isPublic override
(cherry picked from commit c80567b)
* fix(supabase): check response.ok before parsing storage_create_signed_url
Matches the pattern already applied to the new signed-upload-url tool
this session — a non-2xx response now surfaces Supabase's actual error
message instead of the generic "did not return a signed URL path" one.
(cherry picked from commit 9f40427)
* fix(supabase): correct download param semantics, echoed path field, and schema hint mismatch
Found by a second, per-tool parallel validation pass against live Supabase/PostgREST docs and source:
- storage_get_public_url.ts and storage_create_signed_url.ts sent
download=true literally, which Supabase's Storage API treats as a
filename override (renaming the downloaded file to "true") rather
than a boolean flag; forcing a download while keeping the original
filename requires an empty download= value
- storage_create_signed_url.ts also sent download in the POST body,
which the sign endpoint ignores entirely — forcing download only
works as a query param on the returned URL
- storage_create_signed_upload_url.ts read a `path` field from the API
response that doesn't exist there; it now echoes the caller-supplied
path, matching the official storage-js client
- introspect.ts's nullable heuristic didn't disclose that a NOT NULL
column with a default is misreported as nullable (PostgREST omits it
from the OpenAPI required list in that case); documented alongside
the other already-disclosed heuristics, and removed a tautological
schema-filter check left over from an earlier revision
- insert.ts/upsert.ts's `data` param reverted from 'json' back to
'array': the 'json' type mapped to an LLM-facing JSON-schema type of
'object', which contradicted the param's own description ("array of
objects or a single object")
'Build a workflow that listens for Stripe new-customer events, provisions a Supabase user with the correct role and metadata, and emails the welcome login link.',
1378
+
'Build a workflow that listens for Stripe new-customer events and upserts a row into a Supabase customers table with the correct plan and metadata, then emails a welcome message.',
0 commit comments