Skip to main content

Overview

OneCLI connects AI agents to Supabase through OAuth. Agents can manage projects, run database queries, view edge functions, manage storage buckets, and access auth configuration. The gateway injects OAuth credentials into requests to the Supabase Management API automatically.

Setup

1

Go to Connections

Open the OneCLI dashboard and navigate to Connections > Supabase.
2

Authorize

Click Connect Supabase. You’ll be redirected to Supabase to authorize OneCLI. Review the permissions and click Authorize.
3

Verify

After authorization, you’ll be redirected back to the dashboard. The connection will show as Connected with your Supabase organization name.

What agents can do

AreaDescription
ProjectsView projects, settings, and network configuration
Database (read)Read database config, connection pooler, and SSL settings
Database (write)Run SQL queries, manage webhooks, and backups
AuthView auth configuration and SSO providers
OrganizationsView organization metadata and members
StorageList and view storage buckets
Edge FunctionsList and view edge functions
SecretsView API keys and project secrets

Use cases

  • Database management agents that run SQL queries and manage schemas
  • Infrastructure agents that provision and configure Supabase projects
  • Monitoring agents that check database health and connection pool status
  • Agents that manage storage buckets and edge function deployments

Self-hosted setup

For self-hosted deployments, configure your own Supabase OAuth app:
  1. Create an OAuth app in your Supabase organization settings
  2. Set the environment variables SUPABASE_CLIENT_ID and SUPABASE_CLIENT_SECRET

Controlling access with rules

Use OneCLI’s rules engine to restrict what agents can do. For example, allow read-only access to projects without granting database write or allow SQL reads but block destructive queries. Rules are evaluated before credential injection.