[pull] master from supabase:master

.github/CODEOWNERS

@@ -2,6 +2,7 @@
 /packages/shared-data/pricing.ts @supabase/billing
 /packages/shared-data/plans.ts @supabase/billing
 /packages/common/telemetry-constants.ts @supabase/growth-eng
+/packages/dev-tools/ @supabase/growth-eng
 /packages/pg-meta @supabase/postgres @avallete
 /packages/ui-patterns @supabase/design
 
@@ -22,4 +23,4 @@
 
 /apps/studio/data/sql/queries/                                      @supabase/postgres @avallete
 
-/packages/shared-data/compute-disk-limits.ts @supabase/infra
+/packages/shared-data/compute-disk-limits.ts @supabase/infra

apps/cms/package.json

@@ -20,9 +20,9 @@
     "typecheck": "tsc --noEmit"
   },
   "dependencies": {
-    "@payloadcms/admin-bar": "^3.52.0",
-    "@payloadcms/db-postgres": "^3.52.0",
-    "@payloadcms/live-preview-react": "^3.52.0",
+    "@payloadcms/admin-bar": "^3.74.0",
+    "@payloadcms/db-postgres": "^3.74.0",
+    "@payloadcms/live-preview-react": "^3.74.0",
     "@payloadcms/next": "3.52.0",
     "@payloadcms/payload-cloud": "3.60.0",
     "@payloadcms/plugin-form-builder": "3.52.0",

apps/docs/app/api/ai/docs/route.ts

@@ -1,10 +1,9 @@
 import { SupabaseClient } from '@supabase/supabase-js'
-import { ApplicationError, UserError, clippy } from 'ai-commands/edge'
+import { ApplicationError, clippy, UserError } from 'ai-commands/edge'
+import { isFeatureEnabled } from 'common/enabled-features'
 import { NextRequest, NextResponse } from 'next/server'
 import OpenAI from 'openai'
 
-import { isFeatureEnabled } from 'common/enabled-features'
-
 export const runtime = 'edge'
 /* To avoid OpenAI errors, restrict to the Vercel Edge Function regions that
   overlap with the OpenAI API regions.
@@ -57,7 +56,8 @@ export async function POST(req: NextRequest) {
     }
 
     const useAltSearchIndex = !isFeatureEnabled('search:fullIndex')
-    const response = await clippy(openai, supabaseClient, messages, {
+    // @ts-ignore: We have 6 version of openai and the types are not compatible with each other, we need to consolidate to one
+    const response = await clippy(openai as any, supabaseClient, messages, {
       useAltSearchIndex,
     })
 

apps/docs/components/Navigation/NavigationMenu/TopNavBar.tsx

@@ -8,6 +8,7 @@ import { memo, useState } from 'react'
 
 import { useIsLoggedIn, useIsUserLoading, useUser } from 'common'
 import { isFeatureEnabled } from 'common/enabled-features'
+import { DevToolbarTrigger } from 'dev-tools'
 import { Button, buttonVariants, cn } from 'ui'
 import { AuthenticatedDropdownMenu, CommandMenuTriggerInput } from 'ui-patterns'
 import { getCustomContent } from '../../../lib/custom-content/getCustomContent'
@@ -43,6 +44,7 @@ const TopNavBar: FC = () => {
             </div>
 
             <div className="flex gap-2 items-center">
+              <DevToolbarTrigger />
               <CommandMenuTriggerInput
                 placeholder={
                   <>

apps/docs/content/guides/getting-started/mcp.mdx

@@ -30,6 +30,86 @@ To verify the client has access to the MCP server tools, try asking it to query
 
 For curated, ready-to-use prompts that work well with IDEs and AI agents, see our [AI Prompts](/guides/getting-started/ai-prompts) collection.
 
+## Available tools
+
+The Supabase MCP server provides tools organized into feature groups. All groups except Storage are enabled by default. You can enable or disable specific groups using the [configuration panel above](#step-2-configure-your-ai-tool).
+
+### Database
+
+- `list_tables` - List all tables in the database
+- `list_extensions` - List available/installed Postgres extensions
+- `list_migrations` - List database migrations
+- `apply_migration` - Apply a database migration
+- `execute_sql` - Execute SQL queries
+
+### Debugging
+
+- `get_logs` - Retrieve service logs (API, Postgres, Edge Functions, Auth, Storage, Realtime)
+- `get_advisors` - Get security and performance advisors
+
+### Development
+
+- `get_project_url` - Get the API URL for a project
+- `get_publishable_keys` - Get anon/public keys
+- `generate_typescript_types` - Generate TypeScript types from schema
+
+### Edge Functions
+
+- `list_edge_functions` - List all Edge Functions
+- `get_edge_function` - Get a specific Edge Function
+- `deploy_edge_function` - Deploy an Edge Function
+
+### Account management
+
+<Admonition type="note">
+
+Disabled when using project-scoped mode (`project_ref` parameter).
+
+</Admonition>
+
+- `list_projects` / `get_project` - List or get project details
+- `create_project` / `pause_project` / `restore_project` - Manage projects
+- `list_organizations` / `get_organization` - Organization management
+- `get_cost` / `confirm_cost` - Cost information
+
+### Docs
+
+- `search_docs` - Search Supabase documentation
+
+### Branching (experimental)
+
+<Admonition type="note">
+
+Requires a paid plan.
+
+</Admonition>
+
+- `create_branch` / `list_branches` / `delete_branch` - Branch management
+- `merge_branch` / `reset_branch` / `rebase_branch` - Branch operations
+
+### Storage (disabled by default)
+
+- `list_storage_buckets` - List storage buckets
+- `get_storage_config` / `update_storage_config` - Storage configuration
+
+## Configuration options
+
+The [configuration panel above](#step-2-configure-your-ai-tool) can set these options for you. If you prefer to configure manually, the following URL query parameters are available:
+
+| Parameter           | Description                                          | Example                   |
+| ------------------- | ---------------------------------------------------- | ------------------------- |
+| `read_only=true`    | Execute all queries as a read-only Postgres user     | `?read_only=true`         |
+| `project_ref=<id>`  | Scope to a specific project (disables account tools) | `?project_ref=abc123`     |
+| `features=<groups>` | Enable only specific tool groups (comma-separated)   | `?features=database,docs` |
+
+Parameters can be combined: `https://mcp.supabase.com/mcp?project_ref=abc123&read_only=true`
+
+<Admonition type="tip">
+
+When using [Supabase CLI](/docs/guides/cli) for local development, the MCP server is available at `http://localhost:54321/mcp`.
+
+</Admonition>
+
 ## Manual authentication
 
 By default the hosted Supabase MCP server uses [dynamic client registration](https://modelcontextprotocol.io/specification/2025-06-18/basic/authorization#dynamic-client-registration) to authenticate with your Supabase org. This means that you don't need to manually create a personal access token (PAT) or OAuth app to use the server.
@@ -108,10 +188,10 @@ We recommend the following best practices to mitigate security risks when using
 
 - **Don't connect to production**: Use the MCP server with a development project, not production. LLMs are great at helping design and test applications, so leverage them in a safe environment without exposing real data. Be sure that your development environment contains non-production data (or obfuscated data).
 - **Don't give to your customers**: The MCP server operates under the context of your developer permissions, so you should not give it to your customers or end users. Instead, use it internally as a developer tool to help you build and test your applications.
-- **Read-only mode**: If you must connect to real data, set the server to [read-only](https://github.com/supabase-community/supabase-mcp#read-only-mode) mode, which executes all queries as a read-only Postgres user.
-- **Project scoping**: Scope your MCP server to a [specific project](https://github.com/supabase-community/supabase-mcp#project-scoped-mode), limiting access to only that project's resources. This prevents LLMs from accessing data from other projects in your Supabase account.
+- **Read-only mode**: If you must connect to real data, set the server to [read-only](#configuration-options) mode, which executes all queries as a read-only Postgres user.
+- **Project scoping**: Scope your MCP server to a [specific project](#configuration-options), limiting access to only that project's resources. This prevents LLMs from accessing data from other projects in your Supabase account.
 - **Branching**: Use Supabase's [branching feature](/docs/guides/deployment/branching) to create a development branch for your database. This allows you to test changes in a safe environment before merging them to production.
-- **Feature groups**: The server allows you to enable or disable specific [tool groups](https://github.com/supabase-community/supabase-mcp#feature-groups), so you can control which tools are available to the LLM. This helps reduce the attack surface and limits the actions that LLMs can perform to only those that you need.
+- **Feature groups**: Restrict which [tool groups](#available-tools) are available using the `features` [configuration option](#configuration-options). This helps reduce the attack surface and limits the actions that LLMs can perform to only those that you need.
 
 ## On GitHub
 

apps/docs/features/app.providers.tsx

@@ -1,6 +1,7 @@
 import type { PropsWithChildren } from 'react'
 
 import { FeatureFlagProvider, IS_PLATFORM, ThemeProvider } from 'common'
+import { DevToolbar, DevToolbarProvider } from 'dev-tools'
 import { SonnerToaster, TooltipProvider } from 'ui'
 import SiteLayout from '~/layouts/SiteLayout'
 import { API_URL } from '~/lib/constants'
@@ -19,22 +20,25 @@ function GlobalProviders({ children }: PropsWithChildren) {
     <QueryClientProvider>
       <AuthContainer>
         <FeatureFlagProvider API_URL={API_URL} enabled={IS_PLATFORM}>
-          <PageTelemetry />
-          <ScrollRestoration />
-          <ThemeProvider defaultTheme="system" enableSystem disableTransitionOnChange>
-            <TooltipProvider delayDuration={0}>
-              <DocsCommandProvider>
-                <div className="flex flex-col">
-                  <SiteLayout>
-                    {children}
-                    <DocsCommandMenu />
-                  </SiteLayout>
-                  <ThemeSandbox />
-                </div>
-              </DocsCommandProvider>
-              <SonnerToaster position="top-right" />
-            </TooltipProvider>
-          </ThemeProvider>
+          <DevToolbarProvider apiUrl={API_URL}>
+            <PageTelemetry />
+            <ScrollRestoration />
+            <ThemeProvider defaultTheme="system" enableSystem disableTransitionOnChange>
+              <TooltipProvider delayDuration={0}>
+                <DocsCommandProvider>
+                  <div className="flex flex-col">
+                    <SiteLayout>
+                      {children}
+                      <DocsCommandMenu />
+                    </SiteLayout>
+                    <ThemeSandbox />
+                  </div>
+                </DocsCommandProvider>
+                <SonnerToaster position="top-right" />
+                <DevToolbar />
+              </TooltipProvider>
+            </ThemeProvider>
+          </DevToolbarProvider>
         </FeatureFlagProvider>
       </AuthContainer>
     </QueryClientProvider>

apps/docs/package.json

@@ -63,6 +63,7 @@
     "common": "workspace:*",
     "common-tags": "^1.8.2",
     "config": "workspace:*",
+    "dev-tools": "workspace:*",
     "eslint-config-supabase": "workspace:*",
     "framer-motion": "^11.0.3",
     "github-slugger": "^2.0.0",

apps/studio/components/layouts/EdgeFunctionsLayout/EdgeFunctionDetailsLayout.tsx

@@ -119,16 +119,16 @@ const EdgeFunctionDetailsLayout = ({
                 label: 'Logs',
                 href: `/project/${ref}/functions/${functionSlug}/logs`,
               },
-              {
-                label: 'Code',
-                href: `/project/${ref}/functions/${functionSlug}/code`,
-              },
             ]
           : []),
         {
           label: 'Details',
           href: `/project/${ref}/functions/${functionSlug}/details`,
         },
+        {
+          label: 'Code',
+          href: `/project/${ref}/functions/${functionSlug}/code`,
+        },
       ]
     : []
 
@@ -264,15 +264,15 @@ const EdgeFunctionDetailsLayout = ({
                   />
                 )}
                 <DocsButton href={`${DOCS_URL}/guides/functions`} />
-                {IS_PLATFORM && (
-                  <>
-                    <Popover_Shadcn_>
-                      <PopoverTrigger_Shadcn_ asChild>
-                        <Button type="default" icon={<Download />}>
-                          Download
-                        </Button>
-                      </PopoverTrigger_Shadcn_>
-                      <PopoverContent_Shadcn_ align="end" className="p-0">
+                <Popover_Shadcn_>
+                  <PopoverTrigger_Shadcn_ asChild>
+                    <Button type="default" icon={<Download />}>
+                      Download
+                    </Button>
+                  </PopoverTrigger_Shadcn_>
+                  <PopoverContent_Shadcn_ align="end" className="p-0">
+                    {IS_PLATFORM && (
+                      <>
                         <div className="p-3 flex flex-col gap-y-2">
                           <p className="text-xs text-foreground-light">Download via CLI</p>
                           <Input
@@ -285,18 +285,22 @@ const EdgeFunctionDetailsLayout = ({
                           />
                         </div>
                         <Separator className="!bg-border-overlay" />
-                        <div className="py-2 px-1">
-                          <Button
-                            type="text"
-                            className="w-min hover:bg-transparent"
-                            icon={<FileArchive />}
-                            onClick={downloadFunction}
-                          >
-                            Download as ZIP
-                          </Button>
-                        </div>
-                      </PopoverContent_Shadcn_>
-                    </Popover_Shadcn_>
+                      </>
+                    )}
+                    <div className="py-2 px-1">
+                      <Button
+                        type="text"
+                        className="w-min hover:bg-transparent"
+                        icon={<FileArchive />}
+                        onClick={downloadFunction}
+                      >
+                        Download as ZIP
+                      </Button>
+                    </div>
+                  </PopoverContent_Shadcn_>
+                </Popover_Shadcn_>
+                {IS_PLATFORM && (
+                  <>
                     {!!functionSlug && (
                       <Button
                         type="default"

apps/studio/components/layouts/ProjectLayout/LayoutHeader/LayoutHeader.tsx

@@ -22,7 +22,7 @@ import { ReactNode, useMemo } from 'react'
 import { useAppStateSnapshot } from 'state/app-state'
 import { Badge, cn } from 'ui'
 import { CommandMenuTriggerInput } from 'ui-patterns'
-
+import { DevToolbarTrigger } from 'dev-tools'
 import { BreadcrumbsView } from './BreadcrumbsView'
 import { FeedbackDropdown } from './FeedbackDropdown/FeedbackDropdown'
 import { HelpPopover } from './HelpPopover'
@@ -215,6 +215,7 @@ export const LayoutHeader = ({
             {customHeaderComponents && customHeaderComponents}
             {IS_PLATFORM ? (
               <>
+                <DevToolbarTrigger />
                 <FeedbackDropdown />
 
                 <div className="flex items-center gap-2">