Supabase MCP Policy

Review steps

1. Treat auth and customer profile columns as sensitive by default.
2. Keep agent queries read-only unless explicitly approved.
3. Redact PII from previews.
4. Log policy decisions for support and compliance teams.