---
title: Supabase Operations
category: product
entity_type: skill
price: $15
canonical: https://forgehouse.ai/skills/supabase-operations/
lang: en
hreflang_alt: https://forgehouse.ai/tr/skiller/supabase-operations/
last_updated: 2026-06-20
---

# Supabase Operations

> Direct Supabase Postgres operations via `mcp__postgres__*` RLS policy audit, migration…

Run raw Postgres operations directly against your Supabase projects through the postgres MCP layer: RLS policy audits, migration validation, user and order spot checks, and slow-query diagnosis. Instead of guessing whether a record is lost, deleted, or just hidden, you get a verified answer in seconds with a single SELECT. It is the complement to the Supabase MCP for everything that needs raw SQL and direct evidence.

## Use cases
- Auditing whether every public table has RLS enabled with at least one policy
- Validating row counts and schema right after a migration applies
- Spot-checking a user from a Sentry error stack trace down to the DB row
- Distinguishing soft-delete from hard-delete when a customer says 'my data vanished'
- Diagnosing a slow page with EXPLAIN ANALYZE and connection-pool inspection
- Detecting schema drift between the live DB and your committed migrations

## Benefits
- Replace 'I think the data is gone' panic with a verified yes/no in seconds
- Catch a wide-open table before it becomes a data leak
- Confirm migrations actually touched the rows you expected: not zero
- Spot connection-pool saturation behind a 'site is slow' complaint

## What’s included
- Seven ready-to-run workflows: RLS audit, migration validation, user spot check, soft/hard delete, slow query, orphan records, connection pool
- Copy-paste SQL for pg_tables, pg_policies, information_schema and pg_stat_activity
- GoTrue auth.users NULL-token check that prevents the classic 500 error
- A six-trap anti-pattern catalog (RLS-enabled-but-no-policy, client-side service role, missing soft-delete filter and more)
- A schema-drift detection workflow that pairs with destructive-op safety steps
- A close-out checklist that ties every finding to verified query evidence

## Who it’s for
Teams running Supabase Postgres in production who need fast, evidence-backed operational answers instead of dashboard guesses.

## How it runs
The operational checks the skill runs directly against Supabase Postgres, every claim backed by a real query, never a dashboard guess:
1. RLS audit first: list every public table where row security is off or no policy exists. An RLS-enabled table with zero policies is a total lockout, a disabled one is a data leak; both get flagged before anything else.
2. After any migration apply, verify instead of trusting exit 0: count affected rows against the expected number, then check columns, constraints and indexes in information_schema, because a wrong WHERE clause can apply to zero rows and still report success.
3. On a user incident, spot-check auth.users directly, including the GoTrue token columns (a NULL email_change_token_new throws a 500), then cross-check the profiles row and the user's recent orders.
4. When someone reports lost data, query without the deleted_at filter first: soft delete (restorable) and hard delete (gone) are different answers, and the difference is settled by one SELECT, not by debate.
5. On slowness complaints, run EXPLAIN (ANALYZE, BUFFERS) on the suspect query and inspect pg_stat_activity for connection pool saturation and anything running past 30 seconds.
6. Detect schema drift with supabase db diff or an information_schema snapshot, and write the drift back into a migration. The live database is never accepted as the source of truth; migrations are.

## FAQ
### I already use the Supabase dashboard daily. When would I reach for this instead?
When the question needs proof, not a guess: did that migration actually touch rows or zero, is the customer's 'vanished' record soft-deleted or hard-deleted, is the connection pool saturated behind a slow-site complaint. The dashboard summarizes; these workflows answer with a verified SELECT in seconds.

### What does it concretely run against my database?
Seven ready workflows built on copy-paste SQL over pg_tables, pg_policies, information_schema, and pg_stat_activity: RLS audit, migration validation, user spot checks, soft vs hard delete, slow query, orphan records, and connection pool. There is also a GoTrue auth.users NULL-token check that prevents a classic 500 error.

### Will it design my schema or write my migrations?
No. This is operational diagnosis on a live database, reading state and producing evidence. Schema design, indexing strategy, and migration discipline live in the supabase-postgres-best-practices package; this one tells you what is true right now, not what to build.

## Price
$15, one-time, no subscription. VAT included.

Related guide: [AI for data analytics](https://forgehouse.ai/guides/ai-data-analytics/)