Supabase + CHION

Text-to-SQL for Supabase PostgreSQL

Connect your Supabase project's PostgreSQL database to Chion and ask questions in plain English. Chion generates verified SQL, executes it read-only, and renders interactive charts. Use a dedicated read-only role — not the anon or service_role keys. Direct connection on port 5432 or transaction pooler on port 6543.

Example question & SQL

See what Chion generates from a plain-English question.

You ask

"How many active users signed up each month this year?"

Chion generates

SELECT
  date_trunc('month', created_at) AS month,
  COUNT(*) AS new_users
FROM auth.users
WHERE created_at >= date_trunc('year', now())
GROUP BY 1
ORDER BY 1;

Finding your Supabase credentials

Project Dashboard → Connect button (top of page)

Field	Where to Find	Default
Server (Host)	Connect → View parameters under "Direct connection"	db.<project-ref>.supabase.co
Port	Same panel — Direct: 5432, Transaction pooler: 6543	5432
Database	Same panel	postgres
Schema	Not shown in UI — default is public	public
User	Same panel	postgres
Password	Set at project creation. Reset in Settings → Database	(not displayed after creation)

Quick steps

1.Log in at supabase.com/dashboard
2.Select your project
3.Click the Connect button at the top of the page
4.Click "View parameters" under the Direct connection string
5.All fields (host, port, database, user) are displayed individually
6.Password must be the one you set at project creation (or reset it in Settings → Database)

Open Supabase console

Supabase troubleshooting

Common issues and how to fix them.

Direct vs transaction pooler — which port?

Use port 5432 for direct connections (supports all PostgreSQL features). Use port 6543 for the transaction pooler (better for high-concurrency). The host format differs: direct uses db.<ref>.supabase.co, the pooler uses aws-0-<region>.pooler.supabase.com with the project ref in the username.

Password not displayed after creation

Supabase shows the database password only at project creation. If you lost it, reset it in Settings → Database → Database password.

RLS blocking queries

If you use a role subject to RLS policies, Chion's queries will respect those policies. For full visibility, create a dedicated read-only role that bypasses RLS, or grant it the appropriate RLS exceptions.

Your credentials are encrypted

All connection credentials are encrypted with AES-256-GCM and stored in an isolated vault. Chion connects with read-only permissions — no INSERT, UPDATE, or DELETE is ever possible. Row-level security policies are honored on every query.

Read our security model

Frequently asked questions

Common questions about using Chion with Supabase.

Should I use the anon key or service_role key?

Neither. Create a dedicated read-only PostgreSQL role with CONNECT, USAGE, and SELECT grants. The anon and service_role keys are for Supabase's API layer, not direct database connections.

Does Chion honor Supabase RLS policies?

Yes. Chion connects as the PostgreSQL role you provide. If that role is subject to RLS policies, all queries respect those policies. The LLM never sees row data — only schema metadata and aggregated results.

Can I use the Supabase transaction pooler?

Yes. Use port 6543 and the pooler hostname. Chion's query pattern is compatible with Supavisor's transaction pooling mode.

Ready to connect your Supabase database?

Open Chion, enter your credentials, and start asking questions in plain English.

Start your trial