Show HN: Runtime Defense Against Prompt Injection in Supabase MCP
docs.tansive.ioI wrote this after studying the Supabase MCP prompt injection issue. The blog shows how I built a working defense using an open-source AI agent runtime I’ve been building called Tansive ( https://github.com/tansive/tansive )
Instead of just filtering malicious prompts, I implemented role-based policies with runtime input validation that can scale across combinations of different AI tools (GitHub, Stripe, Linear, etc.).
All the code referenced in the blog is in the examples/supabase_demo folder.
I welcome your feedback — especially from folks working with AI toolchains or security.
For reference, this was the thread that led me to work on this.
https://news.ycombinator.com/item?id=44502318
Since it's postgres behind the scenes, can't you just use pg roles?
Absolutely. If the tools were only from Supabase, then yes, you could use Postgres roles. However, most people use a combination of tools (GitHub, Stripe, Linear, etc.), and each has different permission models. I wanted to implement a solution that works generically across tools rather than requiring separate security configurations for each service. This doesn't preclude one from limiting the access scope at the database, though.