ceven

Supabase

Manages your database schema, edge functions, and authentication providers through a unified workflow layer. Use this to automate backend infrastructure and execute direct database queries.

Try Supabase in Ceven

Ask Ceven anything
Standard

Why use Ceven?

  1. AI native Supabase integration

    • Describe the outcome and Ceven picks the right Supabase calls, fills the parameters, and checks the result.
    • Structured, agent friendly tool schemas so each call runs reliably instead of by guesswork.
    • Rich coverage for reading, writing, and querying your Supabase data, across all 116 of its actions.

  2. Managed auth

    • Built in OAuth with automatic token refresh and rotation.
    • One place to manage, scope, and revoke Supabase access.
    • Per user and per environment credentials instead of shared keys.

  3. Agent optimized design

    • Actions are tuned from real success and error rates so reliability climbs over time.
    • Full execution logs so you always know what ran in Supabase, when, and on whose behalf.
    • The agent pauses and asks when Supabase is unclear instead of plowing ahead.

  4. Enterprise grade security

    • Fine grained access so you control which agents and people can reach Supabase.
    • Least privilege by default, read scopes first and only the writes a workflow needs.
    • A full audit trail of every Supabase action to support review and sign off.

Supported tools

Every action Ceven's agents can run on Supabase, and when to use it.

Execute database query
Use this to run raw SQL queries against your Postgres database for complex data operations or migrations.
Create new project
Provision a new Supabase project within a specific organization. This process runs asynchronously.
Create function
Deploy a new serverless edge function using Javascript or Typescript code and a unique slug.
Create database branch
Spin up an isolated database branch from a project for development or testing purposes.
Create API key
Generate a new publishable or secret API key for a project with a custom description.
Delete API key
Permanently revoke and remove a specific API key from a project using its ID.
Create SSO provider
Configure a new SAML 2.0 single sign on provider using metadata XML or a URL.
Update network restrictions
Modify the IPv4 or IPv6 CIDR lists to control which networks can access the database.
Retrieve network bans
Pull a list of all currently banned IPv4 addresses for a specific project reference.
List auth integrations
Pull all configured third party authentication providers for auditing or verification.
Enable database webhooks
Turn on real time notifications for insert, update, or delete events in the database.
Deploy function
Upload and activate edge function code using a multipart upload process.
Create project api key
Creates a 'publishable' or 'secret' api key for an existing supabase project, optionally with a description; 'secret' keys can have customized jwt templates.
Delete an API key from the project
Permanently deletes a specific api key (identified by `id`) from a supabase project (identified by `ref`), revoking its access.
Get a third party integration
Retrieves the detailed configuration for a specific third party authentication (tpa) provider, identified by `tpa id`, within an existing supabase project specified by `ref`.
List third party auth integrations for project
Lists all configured third party authentication provider integrations for an existing supabase project (using its `ref`), suitable for read only auditing or verifying current authentication settings.
Delete third party auth config
Removes a third party authentication provider (e.g., google, github) from a supabase project's configuration; this immediately prevents users from logging in via that method.
Update an API key for the project
Updates an existing supabase project api key's `description` and/or `secret jwt template` (which defines its `role`); does not regenerate the key string.
Beta activate custom hostname for project
Activates a previously configured custom hostname for a supabase project, assuming dns settings are verified externally.
Activate vanity subdomain for project
Activates a vanity subdomain for the specified supabase project, requiring subsequent dns configuration for the subdomain to become operational.
Authorize user through OAuth
Generates a supabase oauth 2.0 authorization url for user redirection, requiring a pre registered `client id` and a `redirect uri` that matches one of its pre registered uris.
Check vanity subdomain availability
Checks if a specific vanity subdomain is available for a supabase project; this action does not reserve or assign the subdomain.
Enable project database webhooks
Enables database webhooks for the supabase project `ref`, triggering real time notifications for insert, update, or delete events.
Get project SSL enforcement configuration
Retrieves the ssl enforcement configuration for a specified supabase project, indicating if ssl connections are mandated for its database.
Get current vanity subdomain config
Fetches the current vanity subdomain configuration, including its status and custom domain name, for a supabase project identified by its reference id.
Beta get project's custom hostname config
Retrieves a supabase project's custom hostname configuration, including its status, ssl certificate, and ownership verification, noting that availability may depend on the project's plan.
Retrieve network bans for project
Retrieves the list of banned ipv4 addresses for a supabase project using its unique project reference string; this is a read only operation.
Retrieve project network restrictions
Retrieves the current network restriction settings (e.g., ip whitelists) for a supabase project using its reference id; this is a read only operation for auditing or verifying network security.
Get project pgsodium config
Retrieves the pgsodium configuration, including the root encryption key, for an existing supabase project identified by its `ref`.
Beta remove a read replica
Irreversibly initiates the removal of a specified read replica from an existing supabase project, confirming only the start of the process, not its completion.

30 actions · scroll to see them all

Frequently asked questions

Ceven uses OAuth 2.0 to connect to your Supabase account. When you initiate the connection, you are redirected to the Supabase authorization screen where you grant specific permissions to Ceven. Once approved, Supabase issues a secure token that Ceven uses to make API calls on your behalf. We never ask for or store your master password. The token is encrypted at rest and is only used to interact with the management API endpoints you have authorized. You can revoke this access instantly through your Supabase account settings, which kills the token and stops all active workflows immediately.
Yes, the execute database query action allows for raw SQL execution. This is a powerful tool that can modify schema, delete data, or create new tables. Because of this, we recommend using restricted database roles where possible. Ceven sends the query exactly as written in the workflow to the Supabase API. We suggest adding a human in the loop approval step for any destructive queries like drop table or truncate to prevent accidental data loss during an automated workflow run.
Ceven can manage as many projects as your Supabase plan allows. However, you should be aware that Supabase imposes a limit on the number of active projects for free tier accounts. If a workflow attempts to create a new project but you have reached your plan limit, the Supabase API will return a 400 error. Ceven will capture this error and can be configured to notify you via email or Slack so you can either upgrade your plan or delete an unused project to make room.
Ceven can trigger the creation of a database branch which creates a temporary isolated copy of your schema and data. This is ideal for testing migrations. The workflow can create the branch, run a series of test SQL queries, and then delete the branch once the tests pass. This ensures that your production environment remains stable. Note that branching is a feature that may be gated by your specific Supabase pricing tier, so ensure your account has branching enabled before adding it to a workflow.
Absolutely. Ceven can handle the entire lifecycle of an edge function. You can store your function code in a repository and have Ceven deploy it to Supabase using the deploy function action. This allows you to build a full CI CD pipeline where code changes automatically trigger a deployment to your Supabase backend. You can also use Ceven to delete old functions or update their configurations without ever opening the Supabase dashboard.
Ceven interacts with the Supabase management API to update your IP whitelists. You can create a workflow that automatically adds a new developer IP to the allowed list for a set amount of time and then removes it. This provides a secure way to grant temporary access to your database. Because updating network restrictions can terminate existing connections that do not match the new rules, we recommend scheduling these updates during low traffic periods to avoid disrupting your users.
Project creation in Supabase is an asynchronous process. When Ceven requests a new project, Supabase returns a tracking ID. Ceven then polls the API to check the status of the provisioning. If the process fails due to internal Supabase errors or resource constraints, Ceven will mark the workflow step as failed. You can build error handling into your workflow to retry the operation or alert your team if a project fails to spin up within the expected timeframe.
Yes, Ceven can add, list, and remove third party authentication providers. This is useful if you need to rotate OIDC configurations or add new SSO providers for enterprise clients on the fly. For example, you can build a self service portal where a client provides their SAML metadata and Ceven automatically configures the SSO provider in Supabase. This removes the manual overhead of backend configuration for every new enterprise onboarding.

Alternatives to Supabase

Other tools that solve a similar problem. Ceven supports these too, so you can switch or run more than one at once.

Firebase logoFirebaseAppwrite logoAppwritePocketBase logoPocketBaseAWS Amplify logoAWS Amplify

Try Ceven on your stack

Plug Ceven on top of the tools you already run. Connect Supabase and the rest of your stack, describe the outcome, and its agents handle the work end to end, days of it in minutes.

Get started for free