The built-in get_logs function uses a query with a wildcard () which is rejected due to Column Level Security restrictions

[gbdoin]

Bug report

Describe the bug

The Supabase MCP's get_logs tool fails when requesting edge function logs due to a Column Level Security restriction. The tool uses a wildcard query (SELECT * FROM function_logs) which triggers a "restricted wildcard (*) in a result column" error.

To Reproduce

1. Initialize a Supabase MCP client
2. Attempt to fetch edge function logs using:

   mcp_Supa_Global_[username]_get_logs({
     project_id: "your-project-id",
     service: "edge-function"
   })

3. Observe the query fails with "restricted wildcard (*) in a result column" error

Expected behavior

The get_logs tool should successfully retrieve edge function logs by using explicit column names instead of the wildcard selector.

System information

• OS: macOS
• Version of supabase-js: Latest
• Version of Node.js: Latest

Additional context

The issue is in the getLogQuery function (from logs.js) which generates SQL for different service types. For edge functions, it uses:

case 'edge-function':
  return stripIndent`
    select * from function_logs
    order by timestamp desc
    limit ${limit}
  `;

This violates Column Level Security restrictions as documented at https://supabase.com/docs/guides/database/postgres/column-level-security:

"Restricted roles cannot use the wildcard operator (*) on the affected table. Instead of using SELECT * FROM <restricted_table>; or its API equivalent, you must specify the column names explicitly."

The query should be modified to explicitly list columns:

case 'edge-function':
  return stripIndent`
    select id, function_logs.timestamp, event_message, metadata.event_type, metadata.function_id, metadata.level
    from function_logs
    cross join unnest(metadata) as metadata
    order by timestamp desc
    limit ${limit}
  `;

This would allow users to access edge function logs through the MCP server without encountering Column Level Security restrictions.