Tools · Database

Database tools (Postgres / Supabase)

Live schema, RLS, and RPC introspection. Read-only by default — mutations write only to Mako's local store unless explicitly stated. Connect with agentmako connect .; secrets live in your OS keychain.

db_ping read

Verify database connectivity. Quick sanity check after wiring up a new connection.

db_table_schema read

Columns, indexes, constraints, foreign keys, RLS state, triggers — for one table.

Input

{ "schema": "public", "table": "organizations" }

The first call before editing or migrating a table.

db_columns read

Columns and primary-key details for one table. Lighter than db_table_schema when you don't need triggers/FKs.

db_fk read

Inbound and outbound foreign keys for a table. Useful for "what depends on this table?" questions.

db_rls read

Inspect RLS state and policies for one table. Returns policy bodies — read these before changing auth-sensitive code.

Input

{ "schema": "public", "table": "manager_district" }

db_rpc read

Function signature, return shape, security mode, and source body for a Postgres function or Supabase RPC.

When to use it

Before calling a SECURITY DEFINER RPC from new code — RPC behavior is not always obvious from the call site.

schema_usage read

Find exact schema-object definitions and direct app-code references such as Supabase .from() calls and raw SQL strings.

Input

{ "schema": "public", "object": "organizations" }

Use before migrating a table to find direct code sites that need updating. RPC-mediated or transitive usage is intentionally handled by trace_rpc, route_context, table_neighborhood, and flow_map.

tenant_leak_audit read

Audit tenant-keyed tables, RLS posture, RPC touch points, and route handlers for cross-tenant leakage risks.

When to use it

After adding a new tenant-scoped table, after migrations that change RLS, or as a periodic security pass.

db_reef_refresh write

Persist database schema objects, columns, indexes, policies, triggers, function table refs, and optional app usage into Reef. Mutates only Mako's local store.

When to use it

After schema migrations, Supabase type regeneration, or any DDL change. If a live database binding exists, schema freshness still depends on a live snapshot; repo-only refreshes update persisted facts but do not prove the live database has the same shape.