Cost: connecting Supabase does not cost credits. Asking the agent to wire a form, table, or
login into it is an edit (2 credits) or part of a build (3 credits). See
Credits & pricing.
Your Supabase vs ours. This page is about your own Supabase project — the one holding
your app’s data. Mythos runs on a separate Supabase for its own accounts; you never touch that one.
See Integrations overview.
Why connect Supabase
- Save real data. A contact form, a sign-up list, a booking — anything that needs to persist needs a database. Supabase is that database.
- Add user accounts. Supabase auth gives your app login, signup, and per-user data.
- Store files. Uploads and assets go to Supabase storage.
- You own all of it. The project, the data, and the keys live in your Supabase account.
Prerequisites
- A Mythos project (the agent has scaffolded at least a starting page).
- A Supabase account. If you connect with OAuth and have no project yet, Mythos can create one for you.
How to connect
You have two ways to connect: paste your project’s keys, or authorize with Supabase OAuth.Open Services → Cloud
In the workspace, open the Services panel and select Cloud. Before you connect, the Cloud
section shows a single Enable Cloud card.
Choose how to connect
Use the Connect button to authorize with Supabase (OAuth), or “Already have a Supabase
project? Connect it here” to paste credentials instead.
Connect with OAuth (recommended)
Authorize Mythos in the Supabase consent screen that opens in a popup. If your account has no
project, Mythos provisions one for you and shows “Setting up your database…” while it becomes
ready. The workspace stays open the whole time.
Or paste credentials
Paste your project’s URL, anon key, and service role key. Mythos validates the URL and
key shapes and pings your project’s health endpoint before saving.
Provisioning states (OAuth)
If Mythos creates a project for you, the connect flow moves through these states:| State | What you see | What you do |
|---|---|---|
| Provisioning | ”Setting up your database…” | Wait — the workspace stays open; it can take a minute. |
| Connected | The Cloud console (Database, Users, Storage, …) appears | Start asking the agent to wire data. |
| Failed | A connection error | Retry the OAuth connect and accept the requested permissions. |
Examples
Once connected, describe the data you want in plain language:What happens on connect
- Your credentials are encrypted at rest (AES-256-GCM) and stored server-side. They are not exposed to your app’s frontend or to the AI beyond what is described below.
- The integration scaffold is committed to your repo —
integrations/supabase/client.ts(a typed client),integrations/supabase/types.ts(types generated from your live schema), a committed.env(your project URL and the public anon key), andsupabase/config.toml. This is what lets the app — and the published build — actually reach Supabase. - The agent gets only
{ url, anonKey }. It is told your project URL and public anon key so it can import the client and write code against it. It does not receive your service role key.
What the agent can and cannot see
| Visible to the AI agent | |
|---|---|
| Project URL | Yes |
| Public anon key | Yes |
| Service role key | No — stays server-side |
| Your table data | No |
| Live schema (table/column names) | Yes, via generated types |
Database migrations
When you ask the agent to add a table or change your schema, it uses adb_migrate step. On an
OAuth-connected project, this applies the migration to your live database and regenerates the
TypeScript types in the same turn, so the agent’s code stays in sync with your real schema.
For destructive schema changes (dropping tables or columns) and for paste-connected projects,
the agent does not auto-apply. Instead it writes a
.sql file into your repo for you to run yourself.
This protects against accidental data loss.The Cloud console
After an OAuth connect, Services → Cloud is a console over your own Supabase — Database, Users, Storage, an SQL editor, Secrets, Edge functions, Logs, and Usage. These run against your project server-side; they are operations you initiate, not Mythos proxying your app’s traffic.Paste-connected projects connect successfully, but the live console steers you toward OAuth — the
console’s advanced sections rely on the Supabase Management-API token that OAuth provides.
Limitations & good to know
- Supabase is the supported backend. A few other provider names (Neon, Vercel, PlanetScale, custom MCP) exist as reserved values, but no connect flow writes them and they get no agent wiring — treat Supabase as the path that works.
- Legacy already-connected projects may need one reconnect (or a fresh build) to receive the
committed
.env, because an edit only commits changed files. - Switching projects means pointing at a new Supabase project — Mythos does not migrate your data between projects.
Troubleshooting
| Problem | Fix |
|---|---|
| ”Couldn’t connect” on OAuth | The authorization may be missing a scope. Retry the OAuth connect and accept the requested permissions. |
| Published site white-screens with a “Missing VITE_SUPABASE_URL” error | The repo is missing the committed .env. Reconnect Supabase, or run one fresh build, to commit it. |
| A schema change didn’t apply | Destructive changes and paste-connected projects fall back to a .sql file in your repo — apply it in Supabase yourself. |
| A “create a table” request was refused | A new table needs RLS plus a policy. Re-ask and say who should read it (e.g. “so only I can read it”) and the agent adds the policy. |
FAQ
Does the AI see my service role key or my data?
Does the AI see my service role key or my data?
No. The agent receives only your project URL and the public anon key. The service role key stays
server-side and is never given to the AI; your table data is never sent to it.
Is it safe that .env is committed to my repo?
Is it safe that .env is committed to my repo?
Yes. The committed
.env holds only the project URL and the public anon key, which are public by
design. The published build needs them to reach Supabase. Private keys are never committed.What if I don't have a Supabase project yet?
What if I don't have a Supabase project yet?
Connect with OAuth and Mythos can provision one for you, then wait for it to become ready before
finishing the connection.
Can I connect a provider other than Supabase?
Can I connect a provider other than Supabase?
Not today. Other provider names exist in the system as reserved values, but Supabase is the only
backend with a working connect flow and agent support.
Where do I disconnect?
Where do I disconnect?
From the same Services → Cloud panel where you connected. Disconnecting removes the stored
credentials; your Supabase project and its data are untouched.
Related
- Integrations overview — frontend vs backend, and what you own.
- GitHub repos — where the integration scaffold is committed.
- Credits & pricing — what builds and edits cost.
- Publishing your site — the published build needs the committed
.env.