How to integrate Supabase MCP with Autogen

BOOK A CALLGET STARTED FOR FREE
Framework Integration Gradient
Supabase Logo
AutoGen Logo
divider

Introduction

This guide walks you through connecting Supabase to AutoGen using the Composio tool router. By the end, you'll have a working Supabase agent that can create a new secret api key for my project, list all third-party auth providers configured, delete google oauth from my supabase project, check if 'app-preview' subdomain is available through natural language commands.

This guide will help you understand how to give your AutoGen agent real control over a Supabase account through Composio's Supabase MCP server.

Before we dive in, let's take a quick look at the key ideas and tools involved.

TL;DR

Here's what you'll learn:
  • Get and set up your OpenAI and Composio API keys
  • Install the required dependencies for Autogen and Composio
  • Initialize Composio and create a Tool Router session for Supabase
  • Wire that MCP URL into Autogen using McpWorkbench and StreamableHttpServerParams
  • Configure an Autogen AssistantAgent that can call Supabase tools
  • Run a live chat loop where you ask the agent to perform Supabase operations

What is AutoGen?

Autogen is a framework for building multi-agent conversational AI systems from Microsoft. It enables you to create agents that can collaborate, use tools, and maintain complex workflows.

Key features include:

  • Multi-Agent Systems: Build collaborative agent workflows
  • MCP Workbench: Native support for Model Context Protocol tools
  • Streaming HTTP: Connect to external services through streamable HTTP
  • AssistantAgent: Pre-built agent class for tool-using assistants

What is the Supabase MCP server, and what's possible with it?

The Supabase MCP server is an implementation of the Model Context Protocol that connects your AI agent and assistants like Claude, Cursor, etc directly to your Supabase account. It provides structured and secure access to your Supabase projects, so your agent can perform actions like managing API keys, configuring authentication, and handling custom domains on your behalf.

  • API key management: Create, update, or permanently delete project API keys, including setting descriptions and customizing JWT templates for secure access control.
  • Third-party auth integration control: List, retrieve, or remove third-party authentication providers (like Google or GitHub) from your Supabase project to tailor user sign-in options.
  • Custom domain and subdomain setup: Activate custom hostnames or vanity subdomains for your Supabase project, ensuring your app is accessible at a branded URL after DNS verification.
  • OAuth authorization handling: Generate OAuth 2.0 authorization URLs for secure user authentication flows, supporting seamless integration with registered apps.
  • Subdomain availability checks: Instantly verify if a desired vanity subdomain is available for your project before making DNS changes or launching branded experiences.

Supported Tools & Triggers

Tools
Create project api keyCreates a 'publishable' or 'secret' api key for an existing supabase project, optionally with a description; 'secret' keys can have customized jwt templates.
Delete an API key from the projectPermanently deletes a specific api key (identified by `id`) from a supabase project (identified by `ref`), revoking its access.
Get a third-party integrationRetrieves the detailed configuration for a specific third-party authentication (tpa) provider, identified by `tpa id`, within an existing supabase project specified by `ref`.
List third-party auth integrations for projectLists all configured third-party authentication provider integrations for an existing supabase project (using its `ref`), suitable for read-only auditing or verifying current authentication settings.
Delete third party auth configRemoves a third-party authentication provider (e.
Update an API key for the projectUpdates an existing supabase project api key's `description` and/or `secret jwt template` (which defines its `role`); does not regenerate the key string.
Beta activate custom hostname for projectActivates a previously configured custom hostname for a supabase project, assuming dns settings are verified externally.
Activate vanity subdomain for projectActivates a vanity subdomain for the specified supabase project, requiring subsequent dns configuration for the subdomain to become operational.
Authorize user through OAuthGenerates a supabase oauth 2.
Check vanity subdomain availabilityChecks if a specific vanity subdomain is available for a supabase project; this action does not reserve or assign the subdomain.
Enable project database webhooksEnables database webhooks for the supabase project `ref`, triggering real-time notifications for insert, update, or delete events.
Get project SSL enforcement configurationRetrieves the ssl enforcement configuration for a specified supabase project, indicating if ssl connections are mandated for its database.
Get current vanity subdomain configFetches the current vanity subdomain configuration, including its status and custom domain name, for a supabase project identified by its reference id.
Beta get project's custom hostname configRetrieves a supabase project's custom hostname configuration, including its status, ssl certificate, and ownership verification, noting that availability may depend on the project's plan.
Retrieve network bans for projectRetrieves the list of banned ipv4 addresses for a supabase project using its unique project reference string; this is a read-only operation.
Retrieve project network restrictionsRetrieves the current network restriction settings (e.
Get project pgsodium configRetrieves the pgsodium configuration, including the root encryption key, for an existing supabase project identified by its `ref`.
Beta remove a read replicaIrreversibly initiates the removal of a specified read replica from an existing supabase project, confirming only the start of the process, not its completion.
Remove project network bansRemoves specified ipv4 addresses from a supabase project's network ban list, granting immediate access; ips not currently banned are ignored.
Execute project database queryExecutes a given sql query against the project's database; use for advanced data operations or when standard api endpoints are insufficient, ensuring queries are valid postgresql and sanitized.
Setup read replica for projectProvisions a read-only replica for a supabase project in a specified, supabase-supported aws region to enhance read performance and reduce latency.
Beta update project network restrictionsUpdates and applies network access restrictions (ipv4/ipv6 cidr lists) for a supabase project, which may terminate existing connections not matching the new rules.
Upgrade the project's PostgreSQL versionInitiates an asynchronous upgrade of a supabase project's postgresql database to a specified `target version` from a selected `release channel`, returning a `tracking id` to monitor status; the `target version` must be available in the chosen channel.
Update pgsodium root keyCritically updates or initializes a supabase project's pgsodium root encryption key for security setup or key rotation, requiring secure backup of the new key to prevent irreversible data loss.
Create a database branchCreates a new, isolated database branch from an existing supabase project (identified by `ref`), useful for setting up separate environments like development or testing, which can optionally be linked to a git branch.
Create a functionCreates a new serverless edge function for a supabase project (identified by `ref`), requiring valid javascript/typescript in `body` and a project-unique `slug 1` identifier.
Create an organizationCreates a new supabase organization, which serves as a top-level container for projects, billing, and team access.
Create new projectCreates a new supabase project, requiring a unique name (no dots) within the organization; project creation is asynchronous.
Create SSO provider configurationCreates a new saml 2.
Create a new third-party auth integrationCall this to add a new third-party authentication method (oidc or jwks) to a supabase project for integrating external identity providers (e.
Reverify custom hostnameRe-verifies dns and ssl configurations for an existing custom hostname associated with a supabase project.
Delete branch by idPermanently and irreversibly deletes a specific, non-default database branch by its `branch id`, without affecting other branches.
Delete an edge function by slugPermanently deletes a specific edge function (by `function slug`) from a supabase project (by `ref`); this action is irreversible and requires prior existence of both project and function.
Delete custom hostname configDeletes an active custom hostname configuration for the project identified by `ref`, reverting to the default supabase-provided hostname; this action immediately makes the project inaccessible via the custom domain and requires subsequent updates to client, oauth, and dns settings.
Delete vanity subdomain for projectPermanently and irreversibly deletes an active vanity subdomain configuration for the specified supabase project, reverting it to its default supabase url.
Delete project by refPermanently and irreversibly deletes a supabase project, identified by its unique `ref` id, resulting in complete data loss.
Deploy functionDeploys edge functions to a supabase project using multipart upload.
Disable project readonly modeTemporarily disables a supabase project's read-only mode for 15 minutes to allow write operations (e.
Disable preview branchingDisables the preview branching feature for an existing supabase project, identified by its unique reference id (`ref`).
Exchange auth code for access and refresh token(beta) implements the oauth 2.
Generate TypeScript typesGenerates and retrieves typescript types from a supabase project's database; any schemas specified in `included schemas` must exist in the project.
Get database branch configRetrieves the read-only configuration and status for a supabase database branch, typically for monitoring or verifying its settings.
Get project API keysRetrieves all api keys for an existing supabase project, specified by its unique reference id (`ref`); this is a read-only operation.
Get project PgBouncer configRetrieves the active pgbouncer configuration (postgresql connection pooler) for a supabase project, used for performance tuning, auditing, or getting the connection string.
Get Project Upgrade EligibilityChecks a supabase project's eligibility for an upgrade, verifying compatibility and identifying potential issues; this action does not perform the actual upgrade.
Get project upgrade statusRetrieves the latest status of a supabase project's database upgrade for monitoring purposes; does not initiate or modify upgrades.
Get a specific SQL snippetRetrieves a specific sql snippet by its unique identifier.
Get a SSO provider by its UUIDRetrieves the configuration details for a specific single sign-on (sso) provider (e.
Get information about an organizationFetches comprehensive details for a specific supabase organization using its unique slug.
Get project's auth configRetrieves the project's complete read-only authentication configuration, detailing all settings (e.
Get project postgres configRetrieves the current read-only postgresql database configuration for a specified supabase project's `ref`, noting that some advanced or security-sensitive details might be omitted from the response.
Get project's PostgREST configRetrieves the postgrest configuration for a specific supabase project.
Get project's service health statusRetrieves the current health status for a supabase project, for specified services or all services if the 'services' list is omitted.
Get project Supavisor configurationRetrieves the supavisor (connection pooler) configuration for a specified supabase project, identified by its reference id.
Get Table SchemasRetrieves column details, types, and constraints for multiple database tables to help debug schema issues and write accurate sql queries.
List all database branchesLists all database branches for a specified supabase project, used for isolated development and testing of schema changes; ensure the project reference id is valid.
List all functionsLists metadata for all edge functions in a supabase project (specified by 'ref'), excluding function code or logs; the project must exist.
List all organizationsLists all organizations (id and name only) associated with the supabase account, excluding project details within these organizations.
List all projectsRetrieves a list of all supabase projects, including their id, name, region, and status, for the authenticated user.
List all secretsRetrieves all secrets for a supabase project using its reference id; secret values in the response may be masked.
List members of an organizationRetrieves all members of a supabase organization, identified by its unique slug, including their user id, username, email, role, and mfa status.
List project database backupsLists all database backups for a supabase project, providing details on existing backups but not creating new ones or performing restores; availability may depend on plan and configuration.
List all bucketsRetrieves a list of all storage buckets for a supabase project, without returning bucket contents or access policies.
List all SSO providersLists all configured single sign-on (sso) providers for a supabase project, requiring the project reference id (`ref`) of an existing project.
List SQL snippets for the logged in userRetrieves a list of sql snippets for the logged-in user, optionally filtered by a specific supabase project if `project ref` is provided.
Remove an SSO providerDeletes a specific sso provider by its id (`provider id`) from a supabase project (`ref`), which disables it and returns its details; ensure this action will not inadvertently lock out users.
Reset a database branchResets an existing supabase database branch, identified by `branch id`, to its initial clean state, irreversibly deleting all its current data and schema changes.
Restore database PITR backupRestores a supabase project's database to a specific unix timestamp using point-in-time recovery (pitr), overwriting the current state; requires a paid plan with pitr and physical backups enabled.
Retrieve a functionRetrieves detailed information, metadata, configuration, and status for a specific edge function using its project reference id and function slug.
Retrieve a function bodyRetrieves the source code (body) for a specified serverless edge function using its project reference and function slug; this is a read-only operation that does not execute the function or return runtime logs.
Get project's read-only mode statusRetrieves the read-only mode status for a specified supabase project to check its operational state; this action does not change the read-only state.
Update a functionUpdates an existing supabase edge function's properties (like name, slug, source code, jwt settings, import map) identified by project `ref` and `function slug`, supporting plain text code or eszip for the body.
Update database branch configUpdates the configuration of a supabase database branch, allowing modification of its name, associated git branch, reset-on-push behavior, persistence, and status.
Update project's custom hostname configurationUpdates the custom hostname for a supabase project, requiring subsequent dns changes to a user-controlled domain for ssl certificate issuance and domain ownership.
Update an SSO provider by its UUIDUpdates an existing sso provider's saml metadata, associated email domains, or attribute mappings for a supabase project, identified by `ref` and `provider id`.
Update project's postgres configUpdates specified postgresql configuration parameters for an existing supabase project (`ref`) to optimize database performance; note that unspecified parameters remain unchanged, and caution is advised as incorrect settings can impact stability or require a restart.
Update project's PostgREST configUpdates postgrest configuration settings (e.
Update database pooler configUpdates the supavisor (database pooler) configuration, such as `default pool size`, for an existing supabase project identified by `ref`; the `pool mode` parameter in the request is deprecated and ignored.
Update SSL enforcement configUpdates the ssl enforcement configuration (enable/disable) for a specified supabase project's database.

What is the Composio tool router, and how does it fit here?

What is Tool Router?

Composio's Tool Router helps agents find the right tools for a task at runtime. You can plug in multiple toolkits (like Gmail, HubSpot, and GitHub), and the agent will identify the relevant app and action to complete multi-step workflows. This can reduce token usage and improve the reliability of tool calls. Read more here: Getting started with Tool Router

The tool router generates a secure MCP URL that your agents can access to perform actions.

How the Tool Router works

The Tool Router follows a three-phase workflow:

  1. Discovery: Searches for tools matching your task and returns relevant toolkits with their details.
  2. Authentication: Checks for active connections. If missing, creates an auth config and returns a connection URL via Auth Link.
  3. Execution: Executes the action using the authenticated connection.

Step-by-step Guide

Prerequisites

You will need:

  • A Composio API key
  • An OpenAI API key (used by Autogen's OpenAIChatCompletionClient)
  • A Supabase account you can connect to Composio
  • Some basic familiarity with Autogen and Python async

Getting API Keys for OpenAI and Composio

OpenAI API Key
  • Go to the OpenAI dashboard and create an API key. You'll need credits to use the models, or you can connect to another model provider.
  • Keep the API key safe.
Composio API Key
  • Log in to the Composio dashboard.
  • Navigate to your API settings and generate a new API key.
  • Store this key securely as you'll need it for authentication.

Install dependencies

bash
pip install composio python-dotenv
pip install autogen-agentchat autogen-ext-openai autogen-ext-tools

Install Composio, Autogen extensions, and dotenv.

What's happening:

  • composio connects your agent to Supabase via MCP
  • autogen-agentchat provides the AssistantAgent class
  • autogen-ext-openai provides the OpenAI model client
  • autogen-ext-tools provides MCP workbench support

Set up environment variables

bash
COMPOSIO_API_KEY=your-composio-api-key
OPENAI_API_KEY=your-openai-api-key
USER_ID=your-user-identifier@example.com

Create a .env file in your project folder.

What's happening:

  • COMPOSIO_API_KEY is required to talk to Composio
  • OPENAI_API_KEY is used by Autogen's OpenAI client
  • USER_ID is how Composio identifies which user's Supabase connections to use

Import dependencies and create Tool Router session

python
import asyncio
import os
from dotenv import load_dotenv
from composio import Composio

from autogen_agentchat.agents import AssistantAgent
from autogen_ext.models.openai import OpenAIChatCompletionClient
from autogen_ext.tools.mcp import McpWorkbench, StreamableHttpServerParams

load_dotenv()

async def main():
    # Initialize Composio and create a Supabase session
    composio = Composio(api_key=os.getenv("COMPOSIO_API_KEY"))
    session = composio.create(
        user_id=os.getenv("USER_ID"),
        toolkits=["supabase"]
    )
    url = session.mcp.url
What's happening:
  • load_dotenv() reads your .env file
  • Composio(api_key=...) initializes the SDK
  • create(...) creates a Tool Router session that exposes Supabase tools
  • session.mcp.url is the MCP endpoint that Autogen will connect to

Configure MCP parameters for Autogen

python
# Configure MCP server parameters for Streamable HTTP
server_params = StreamableHttpServerParams(
    url=url,
    timeout=30.0,
    sse_read_timeout=300.0,
    terminate_on_close=True,
    headers={"x-api-key": os.getenv("COMPOSIO_API_KEY")}
)

Autogen expects parameters describing how to talk to the MCP server. That is what StreamableHttpServerParams is for.

What's happening:

  • url points to the Tool Router MCP endpoint from Composio
  • timeout is the HTTP timeout for requests
  • sse_read_timeout controls how long to wait when streaming responses
  • terminate_on_close=True cleans up the MCP server process when the workbench is closed

Create the model client and agent

python
# Create model client
model_client = OpenAIChatCompletionClient(
    model="gpt-5",
    api_key=os.getenv("OPENAI_API_KEY")
)

# Use McpWorkbench as context manager
async with McpWorkbench(server_params) as workbench:
    # Create Supabase assistant agent with MCP tools
    agent = AssistantAgent(
        name="supabase_assistant",
        description="An AI assistant that helps with Supabase operations.",
        model_client=model_client,
        workbench=workbench,
        model_client_stream=True,
        max_tool_iterations=10
    )

What's happening:

  • OpenAIChatCompletionClient wraps the OpenAI model for Autogen
  • McpWorkbench connects the agent to the MCP tools
  • AssistantAgent is configured with the Supabase tools from the workbench

Run the interactive chat loop

python
print("Chat started! Type 'exit' or 'quit' to end the conversation.\n")
print("Ask any Supabase related question or task to the agent.\n")

# Conversation loop
while True:
    user_input = input("You: ").strip()

    if user_input.lower() in ["exit", "quit", "bye"]:
        print("\nGoodbye!")
        break

    if not user_input:
        continue

    print("\nAgent is thinking...\n")

    # Run the agent with streaming
    try:
        response_text = ""
        async for message in agent.run_stream(task=user_input):
            if hasattr(message, "content") and message.content:
                response_text = message.content

        # Print the final response
        if response_text:
            print(f"Agent: {response_text}\n")
        else:
            print("Agent: I encountered an issue processing your request.\n")

    except Exception as e:
        print(f"Agent: Sorry, I encountered an error: {str(e)}\n")
What's happening:
  • The script prompts you in a loop with You:
  • Autogen passes your input to the model, which decides which Supabase tools to call via MCP
  • agent.run_stream(...) yields streaming messages as the agent thinks and calls tools
  • Typing exit, quit, or bye ends the loop

Complete Code

Here's the complete code to get you started with Supabase and AutoGen:

python
import asyncio
import os
from dotenv import load_dotenv
from composio import Composio

from autogen_agentchat.agents import AssistantAgent
from autogen_ext.models.openai import OpenAIChatCompletionClient
from autogen_ext.tools.mcp import McpWorkbench, StreamableHttpServerParams

load_dotenv()

async def main():
    # Initialize Composio and create a Supabase session
    composio = Composio(api_key=os.getenv("COMPOSIO_API_KEY"))
    session = composio.create(
        user_id=os.getenv("USER_ID"),
        toolkits=["supabase"]
    )
    url = session.mcp.url

    # Configure MCP server parameters for Streamable HTTP
    server_params = StreamableHttpServerParams(
        url=url,
        timeout=30.0,
        sse_read_timeout=300.0,
        terminate_on_close=True,
        headers={"x-api-key": os.getenv("COMPOSIO_API_KEY")}
    )

    # Create model client
    model_client = OpenAIChatCompletionClient(
        model="gpt-5",
        api_key=os.getenv("OPENAI_API_KEY")
    )

    # Use McpWorkbench as context manager
    async with McpWorkbench(server_params) as workbench:
        # Create Supabase assistant agent with MCP tools
        agent = AssistantAgent(
            name="supabase_assistant",
            description="An AI assistant that helps with Supabase operations.",
            model_client=model_client,
            workbench=workbench,
            model_client_stream=True,
            max_tool_iterations=10
        )

        print("Chat started! Type 'exit' or 'quit' to end the conversation.\n")
        print("Ask any Supabase related question or task to the agent.\n")

        # Conversation loop
        while True:
            user_input = input("You: ").strip()

            if user_input.lower() in ['exit', 'quit', 'bye']:
                print("\nGoodbye!")
                break

            if not user_input:
                continue

            print("\nAgent is thinking...\n")

            # Run the agent with streaming
            try:
                response_text = ""
                async for message in agent.run_stream(task=user_input):
                    if hasattr(message, 'content') and message.content:
                        response_text = message.content

                # Print the final response
                if response_text:
                    print(f"Agent: {response_text}\n")
                else:
                    print("Agent: I encountered an issue processing your request.\n")

            except Exception as e:
                print(f"Agent: Sorry, I encountered an error: {str(e)}\n")

if __name__ == "__main__":
    asyncio.run(main())

Conclusion

You now have an Autogen assistant wired into Supabase through Composio's Tool Router and MCP. From here you can:
  • Add more toolkits to the toolkits list, for example notion or hubspot
  • Refine the agent description to point it at specific workflows
  • Wrap this script behind a UI, Slack bot, or internal tool
Once the pattern is clear for Supabase, you can reuse the same structure for other MCP-enabled apps with minimal code changes.

How to build Supabase MCP Agent with another framework

OpenAI Agents SDK

OpenAI Agents SDK

Use Supabase MCP with OpenAI Agents SDK

Claude Agent SDK

Claude Agent SDK

Use Supabase MCP with Claude Agent SDK

Google ADK

Google ADK

Use Supabase MCP with Google ADK

LangChain

LangChain

Use Supabase MCP with LangChain

Vercel AI SDK

Vercel AI SDK

Use Supabase MCP with Vercel AI SDK

Mastra AI

Mastra AI

Use Supabase MCP with Mastra AI

LlamaIndex

LlamaIndex

Use Supabase MCP with LlamaIndex

CrewAI

CrewAI

Use Supabase MCP with CrewAI

FAQ

What are the differences in Tool Router MCP and Supabase MCP?

With a standalone Supabase MCP server, the agents and LLMs can only access a fixed set of Supabase tools tied to that server. However, with the Composio Tool Router, agents can dynamically load tools from Supabase and many other apps based on the task at hand, all through a single MCP endpoint.

Can I use Tool Router MCP with Autogen?

Yes, you can. Autogen fully supports MCP integration. You get structured tool calling, message history handling, and model orchestration while Tool Router takes care of discovering and serving the right Supabase tools.

Can I manage the permissions and scopes for Supabase while using Tool Router?

Yes, absolutely. You can configure which Supabase scopes and actions are allowed when connecting your account to Composio. You can also bring your own OAuth credentials or API configuration so you keep full control over what the agent can do.

How safe is my data with Composio Tool Router?

All sensitive data such as tokens, keys, and configuration is fully encrypted at rest and in transit. Composio is SOC 2 Type 2 compliant and follows strict security practices so your Supabase data and credentials are handled as safely as possible.

Used by agents from

Context
ASU
Letta
glean
HubSpot
Agent.ai
Altera
DataStax
Entelligence
Rolai
Context
ASU
Letta
glean
HubSpot
Agent.ai
Altera
DataStax
Entelligence
Rolai
Context
ASU
Letta
glean
HubSpot
Agent.ai
Altera
DataStax
Entelligence
Rolai

Never worry about agent reliability

We handle tool reliability, observability, and security so you never have to second-guess an agent action.

Book a call↗Get started for free