fix(mcp): resolve supabase MCP -32000 crash from missing peer deps

[teetangh]

Summary

• @supabase/mcp-utils@0.5.0 declares @modelcontextprotocol/sdk and zod as peerDependencies (not direct deps)
• npx's temp-install does not resolve peer dependencies of transitive packages, so the server always crashed at startup with ERR_MODULE_NOT_FOUND: Cannot find package '@modelcontextprotocol/sdk' → MCP error -32000
• Fix: use npx -p to install all three packages into the same temp env, satisfying the peer dep at resolution time
• Also pins to 0.8.1 instead of @latest to avoid picking up future broken releases

Test plan

• Copy .mcp.json.example → .mcp.json, fill in SUPABASE_ACCESS_TOKEN
• Restart Claude Code — Supabase MCP should connect without -32000
• Run /mcp to confirm supabase tools are listed

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated the example MCP Supabase server configuration with pinned dependency versions and explicit package parameters.

[netlify]

✅ Deploy Preview for familiarise ready!

Name	Link
🔨 Latest commit	ffdde8a
🔍 Latest deploy log	https://app.netlify.com/projects/familiarise/deploys/6a0755c6ef770700089e964d
😎 Deploy Preview	https://deploy-preview-743--familiarise.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	1 paths audited Performance: 45 (🔴 down 13 from production) Accessibility: 90 (no change from production) Best Practices: 83 (🔴 down 9 from production) SEO: 83 (no change from production) PWA: - View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[gemini-code-assist]

Code Review

This pull request updates the .mcp.json.example configuration to pin the @supabase/mcp-server-supabase package to version 0.8.1 and explicitly includes peer dependencies using the npx -p flag. Feedback suggests pinning these peer dependencies to specific versions and using the modern --package flag instead of the legacy -p flag to ensure better compatibility and reliability.

[gemini-code-assist]

To align with the goal of avoiding future broken releases (as stated in the PR description), consider pinning the peer dependencies to specific versions. Using the versions already present in the project's package.json (for zod) or the current stable major version (for the MCP SDK) ensures consistency and reliability. Additionally, the modern --package flag is preferred over the legacy -p flag for better compatibility with current npm versions.

        "--package", "@modelcontextprotocol/sdk@^1.0.0",
        "--package", "zod@^3.25.67",
        "--package", "@supabase/mcp-server-supabase@0.8.1",

[netlify]

✅ Deploy Preview for familiarise ready!

Name	Link
🔨 Latest commit	f32cad8
🔍 Latest deploy log	https://app.netlify.com/projects/familiarise/deploys/6a2a358391436f0008692de5
😎 Deploy Preview	https://deploy-preview-743--familiarise.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	1 paths audited Performance: 42 (🔴 down 16 from production) Accessibility: 90 (no change from production) Best Practices: 83 (🔴 down 9 from production) SEO: 83 (no change from production) PWA: - View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

📝 Walkthrough

Walkthrough

The .mcp.json.example file updates the Supabase MCP server configuration to replace a flexible latest-version reference with a pinned version and explicit dependency parameters, ensuring deterministic initialization.

Changes

Supabase MCP Server Configuration

Layer / File(s)	Summary
Pinned version and explicit dependency configuration .mcp.json.example	Supabase MCP server args expand from a single @supabase/mcp-server-supabase@latest argument to a multi-argument form pinning version 0.8.1 and adding explicit -p parameters for @modelcontextprotocol/sdk, zod, and server identifier.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

A little rabbit adjusts the gears so fine,
Pinned versions, dependencies align,
No surprises when Supabase takes flight,
The config stands firm and rock-solid and right! 🐰✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: fixing a Supabase MCP crash caused by missing peer dependencies, which is the primary issue addressed in the PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch worktree-fix+supabase-mcp-peer-dep

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.mcp.json.example:
- Around line 11-13: Update the peer dependency entries in .mcp.json.example to
pin specific tested versions for "`@modelcontextprotocol/sdk`" and "zod" instead
of leaving them unversioned; locate the lines with the "-p" flags (the entries
"-p", "`@modelcontextprotocol/sdk`" and "-p", "zod") and change them to include
the exact compatible versions you tested (e.g.,
"`@modelcontextprotocol/sdk`@x.y.z" and "zod@a.b.c") so they match the stability
intent of the already pinned "`@supabase/mcp-server-supabase`@0.8.1".

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: dcd41639-6ef3-460e-98cc-1a25ab8cfa13

📥 Commits

Reviewing files that changed from the base of the PR and between 30aee87 and f32cad8.

📒 Files selected for processing (1)

• .mcp.json.example

[coderabbitai]

🧹 Nitpick | 🔵 Trivial | ⚡ Quick win

Consider pinning peer dependency versions for reproducibility.

The peer dependencies @modelcontextprotocol/sdk and zod are installed without version constraints, which means npx will install the latest versions each time. This could lead to reproducibility issues if future versions introduce breaking changes or incompatibilities with @supabase/mcp-server-supabase@0.8.1.

Since the main package is pinned to 0.8.1 for stability, consider also pinning the peer dependency versions to match the versions that were tested and known to work with this release.

📌 Example with pinned peer dependency versions

If you determine the compatible versions (e.g., from testing or package documentation), you could pin them like this:

 "args": [
   "-y",
-  "-p", "`@modelcontextprotocol/sdk`",
-  "-p", "zod",
+  "-p", "`@modelcontextprotocol/sdk`@1.0.0",
+  "-p", "zod@3.22.0",
   "-p", "`@supabase/mcp-server-supabase`@0.8.1",
   "mcp-server-supabase"
 ],

Replace 1.0.0 and 3.22.0 with the actual compatible versions.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.mcp.json.example around lines 11 - 13, Update the peer dependency entries
in .mcp.json.example to pin specific tested versions for
"`@modelcontextprotocol/sdk`" and "zod" instead of leaving them unversioned;
locate the lines with the "-p" flags (the entries "-p",
"`@modelcontextprotocol/sdk`" and "-p", "zod") and change them to include the
exact compatible versions you tested (e.g., "`@modelcontextprotocol/sdk`@x.y.z"
and "zod@a.b.c") so they match the stability intent of the already pinned
"`@supabase/mcp-server-supabase`@0.8.1".