db_ping read
Verify database connectivity. Quick sanity check after wiring up a new connection.
db_table_schema read
Columns, indexes, constraints, foreign keys, RLS state, triggers — for one table.
Input
{ "schema": "public", "table": "organizations" }The first call before editing or migrating a table.
db_columns read
Columns and primary-key details for one table. Lighter than db_table_schema when you don't need triggers/FKs.
db_fk read
Inbound and outbound foreign keys for a table. Useful for "what depends on this table?" questions.
db_rls read
Inspect RLS state and policies for one table. Returns policy bodies — read these before changing auth-sensitive code.
Input
{ "schema": "public", "table": "manager_district" }db_rpc read
Function signature, return shape, security mode, and source body for a Postgres function or Supabase RPC.
When to use it
Before calling a SECURITY DEFINER RPC from new code — RPC behavior is not always obvious from the call site.
schema_usage read
Find where a schema object is defined and referenced in app code (Supabase .from(), raw SQL strings, RPC calls).
Input
{ "schema": "public", "object": "organizations" }Use before migrating a table to find every code site that needs updating.
tenant_leak_audit read
Audit tenant-keyed tables, RLS posture, RPC touch points, and route handlers for cross-tenant leakage risks.
When to use it
After adding a new tenant-scoped table, after migrations that change RLS, or as a periodic security pass.
db_reef_refresh write
Replace Reef DB facts from the current schema snapshot. Mutates only Mako's local store.
When to use it
After schema migrations, Supabase type regeneration, or any DDL change.