HackerTrans
TopNewTrendsCommentsPastAskShowJobs

gregnr

no profile record

Submissions

Show HN: Docs over SSH for Agents

github.com
9 points·by gregnr·3 bulan yang lalu·0 comments

Live Share: Connect to in-browser PGlite with any Postgres client

supabase.com
4 points·by gregnr·2 tahun yang lalu·1 comments

comments

gregnr
·4 bulan yang lalu·discuss
Hey I'm the maintainer docker-mac-net-connect. Just an update that the issues caused by the latest Docker desktop changes have been fixed in the latest version. The battle with Docker Desktop is a bit frustrating and likely ongoing, but fwiw I've made some improvements that catch these much earlier now via dependabot and integration tests.

As another commenter mentioned, Colima is a good alternative to Docker Desktop if you're looking. It doesn't expose container IPs either, but docker-mac-net-connect does support Colima ootb now.
gregnr
·tahun lalu·discuss
The limitation is that it is data-only (no DDL). A large percentage of folks use Supabase MCP for app development - they ask the LLM to help build their schema and other database objects at dev time, which is not possible through PostgREST (or designed for this use case). This is particularly true for AI app builders who connect their users to Supabase.
gregnr
·tahun lalu·discuss
We're experimenting with a PostgREST MCP server that will take full advantage of table permissions and row level security policies. This will be useful if you strictly want to give LLMs access to data (not DDL). Since it piggybacks off of our existing auth infrastructure, it will allow you to apply the exact fine grain policies that you are comfortable with down to the row level.
gregnr
·tahun lalu·discuss
Supabase engineer here working on MCP. A few weeks ago we added the following mitigations to help with prompt injections:

- Encourage folks to use read-only by default in our docs [1]

- Wrap all SQL responses with prompting that discourages the LLM from following instructions/commands injected within user data [2]

- Write E2E tests to confirm that even less capable LLMs don't fall for the attack [2]

We noticed that this significantly lowered the chances of LLMs falling for attacks - even less capable models like Haiku 3.5. The attacks mentioned in the posts stopped working after this. Despite this, it's important to call out that these are mitigations. Like Simon mentions in his previous posts, prompt injection is generally an unsolved problem, even with added guardrails, and any database or information source with private data is at risk.

Here are some more things we're working on to help:

- Fine-grain permissions at the token level. We want to give folks the ability to choose exactly which Supabase services the LLM will have access to, and at what level (read vs. write)

- More documentation. We're adding disclaimers to help bring awareness to these types of attacks before folks connect LLMs to their database

- More guardrails (e.g. model to detect prompt injection attempts). Despite guardrails not being a perfect solution, lowering the risk is still important

Sadly General Analysis did not follow our responsible disclosure processes [3] or respond to our messages to help work together on this.

[1] https://github.com/supabase-community/supabase-mcp/pull/94

[2] https://github.com/supabase-community/supabase-mcp/pull/96

[3] https://supabase.com/.well-known/security.txt
gregnr
·2 tahun yang lalu·discuss
Hi HN - this was an interesting project that involved going deep into the Postgres wire protocol. We managed to get true Postgres proxy/routing logic working by handling TLS+SNI at the PG protocol level, something that other API gateways don't give you. We bundled this logic into pg-gateway, a new MIT library we built to handle protocol messages from the server side:

https://github.com/supabase-community/pg-gateway
gregnr
·2 tahun yang lalu·discuss
libpg-query-node already supports AST types via `@pgsql/types` which is generated by `pg-proto-parser` (using the protobuf file in libpg_query): https://github.com/launchql/pg-proto-parser

(v15 exports these, I think they still need to be added to v16).

I've worked with the maintainers of libpg-query-node and they are very friendly and open to improvements. My suggestion would be to work with them to upstream useful changes vs. forking.
gregnr
·2 tahun yang lalu·discuss
Another possibility might be to export the database (or a subset of it) to be loaded in a more ephemeral environment like PGlite so that you don't have to worry about non technical users running inefficient/unindexed queries taking down the prod DB.
gregnr
·2 tahun yang lalu·discuss
1TB might be a struggle :) Yes, this is currently limit by both browser storage (IndexedDB) and memory. The reason it is also memory bound is because Emscripten's IndexedDB VFS is actually implemented as an in-memory VFS which syncs files to IndexedDB every once in awhile (due to an async limitation).

PGlite is working on an OPFS backend, which will likely increase the max data size quite a bit.
gregnr
·2 tahun yang lalu·discuss
Supabase engineer here. This was a lot of fun to build with the Electric team. There were a lot of technical hurdles to jump over - I’m happy to cover any questions. We’ll continue shipping throughout the week. I see a lot of feedback in this thread already which we’ll get started with.
gregnr
·2 tahun yang lalu·discuss
In case you just want a single Postgres function that does RRF (pgvector+fts): https://supabase.com/docs/guides/ai/hybrid-search

(disclaimer: supabase dev who went down the rabbit hole with hybrid search)