Show HN: Runtime Defense Against Prompt Injection in Supabase MCP

[anand-tan]

I wrote this after studying the Supabase MCP prompt injection issue. The blog shows how I built a working defense using an open-source AI agent runtime I’ve been building called Tansive ( https://github.com/tansive/tansive )

Instead of just filtering malicious prompts, I implemented role-based policies with runtime input validation that can scale across combinations of different AI tools (GitHub, Stripe, Linear, etc.).

All the code referenced in the blog is in the examples/supabase_demo folder.

I welcome your feedback — especially from folks working with AI toolchains or security.

[anand-tan]

For reference, this was the thread that led me to work on this.

https://news.ycombinator.com/item?id=44502318

[vijivishali]

Since it's postgres behind the scenes, can't you just use pg roles?

[anand-tan]

Absolutely. If the tools were only from Supabase, then yes, you could use Postgres roles. However, most people use a combination of tools (GitHub, Stripe, Linear, etc.), and each has different permission models. I wanted to implement a solution that works generically across tools rather than requiring separate security configurations for each service. This doesn't preclude one from limiting the access scope at the database, though.