Back to Details

alibabacloud-analyticdb-postgresql-supabase-ops

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

ADBPG Supabase Project Management

ADBPG Supabase项目管理

Manage the full lifecycle of Supabase projects based on AnalyticDB PostgreSQL (ADBPG).
Architecture: 
ADBPG (AnalyticDB PostgreSQL) + Supabase + VPC + VSwitch
管理基于AnalyticDB PostgreSQL(ADBPG)的Supabase项目全生命周期。
架构: 
ADBPG (AnalyticDB PostgreSQL) + Supabase + VPC + VSwitch

Scope — Alibaba Cloud ADBPG only (not Supabase CLI)

适用范围 — 仅支持阿里云ADBPG(不包含Supabase CLI)

  • This skill controls projects provisioned on Alibaba Cloud via GPDB / 
    aliyun gpdb
     APIs.
  • Do not use the standalone 
    supabase
     CLI (
    supabase login
    , 
    supabase projects list
    , etc.) for create/list/pause/resume here — that targets Supabase Cloud or self-hosted stacks, not ADBPG-managed Supabase instances.
  • All lifecycle and query operations in this skill are 
    aliyun gpdb …
     with 
    --user-agent AlibabaCloud-Agent-Skills
    .
  • 本工具通过 GPDB / 
    aliyun gpdb
     API 管控部署在阿里云上的项目。
  • 禁止在此处使用独立的 
    supabase
     CLI(如
    supabase login
    supabase projects list
    等)执行创建/列表/暂停/恢复操作 — 该CLI面向Supabase Cloud或自托管部署栈,不适用于ADBPG托管的Supabase实例。
  • 本工具中所有生命周期和查询操作均使用 
    aliyun gpdb …
     命令,并携带 
    --user-agent AlibabaCloud-Agent-Skills
     参数。

ProjectId format (
spb-
)

ProjectId格式(
spb-
前缀)

  • ProjectId
     from create/list/get APIs uses the prefix 
    spb-
     plus an alphanumeric suffix (e.g. 
    spb-2zen7c8752x12328
    ). Use this exact value in 
    --project-id
    .
  • If the user’s string does not match any instance, run 
    list-supabase-projects
     in the right 
    --biz-region-id
     and match 
    ProjectName
     or the returned 
    ProjectId
    .
  • 创建/列表/查询接口返回的 
    ProjectId
     使用前缀 
    spb-
     加字母数字后缀(例如
    spb-2zen7c8752x12328
    )。请在 
    --project-id
     参数中使用该完整值。
  • 如果用户提供的字符串无法匹配任何实例,请在正确的 
    --biz-region-id
     下执行 
    list-supabase-projects
    ,匹配 
    ProjectName
     或返回的 
    ProjectId

Prerequisites

前置条件

Pre-check: Aliyun CLI >= 3.3.1 required Run 
aliyun version
to verify >= 3.3.1. If not installed or version too low, see references/cli-installation-guide.md for installation instructions. Then [MUST] run 
aliyun configure set --auto-plugin-install true
to enable automatic plugin installation.
预检查:要求Aliyun CLI版本 >= 3.3.1 运行
aliyun version
确认版本不低于3.3.1。如果未安装或版本过低,请参考references/cli-installation-guide.md的安装说明。 之后必须运行
aliyun configure set --auto-plugin-install true
开启自动插件安装功能。

Credential Verification

凭证校验

Pre-check: Alibaba Cloud Credentials Required
Security Rules:
  • NEVER read, echo, or print AK/SK values (e.g., 
    echo $ALIBABA_CLOUD_ACCESS_KEY_ID
    is FORBIDDEN)
  • NEVER ask the user to input AK/SK directly in the conversation or command line
  • NEVER use 
    aliyun configure set
    with literal credential values
  • ONLY use 
    aliyun configure list
    to check credential status
bash
aliyun configure list
Check the output for a valid profile (AK, STS, or OAuth identity).
If no valid profile exists, STOP here.
  1. Obtain credentials from Alibaba Cloud Console
  2. Configure credentials outside of this session (via 
    aliyun configure
    in terminal or environment variables in shell profile)
  3. Return and re-run after 
    aliyun configure list
    shows a valid profile
预检查:需要阿里云凭证
安全规则:
  • 严禁读取、回显或打印AK/SK值(例如禁止执行
    echo $ALIBABA_CLOUD_ACCESS_KEY_ID
  • 严禁要求用户在对话或命令行中直接输入AK/SK
  • 严禁使用
    aliyun configure set
    搭配明文凭证值
  • 仅可使用
    aliyun configure list
    检查凭证状态
bash
aliyun configure list
检查输出中是否存在有效配置文件(AK、STS或OAuth身份)。
如果不存在有效配置文件,请在此处停止操作。
  1. 阿里云控制台获取凭证
  2. 在本次会话外配置凭证(通过终端的
    aliyun configure
    命令或shell配置文件中的环境变量)
  3. aliyun configure list
    显示有效配置文件后,返回并重新执行操作

RAM Permissions

RAM权限

Ensure the current account has the required permissions before executing operations. See references/ram-policies.md for details.
Permission Pre-check: Use 
ram-permission-diagnose
skill to check current user permissions, compare against 
references/ram-policies.md
, and abort with prompt if any permission is missing.
执行操作前请确保当前账号具备所需权限。详情请参考references/ram-policies.md
权限预检查:使用
ram-permission-diagnose
工具检查当前用户权限,与
references/ram-policies.md
对比,如果缺少任何权限则终止操作并提示用户。

Parameter Confirmation

参数确认

IMPORTANT: Parameter Confirmation — Before executing any command or API call, ALL user-customizable parameters (e.g., RegionId, ProjectId, instance names, CIDR blocks, passwords, VPC/VSwitch IDs, etc.) MUST be confirmed with the user. For create, the skill supplies recommended defaults (and optional auto-discovery). You must present that full plan and obtain explicit user approval (or replaced values) before running 
create-supabase-project
.
重要提示:参数确认 — 执行任何命令或API调用前,所有用户可自定义参数(例如RegionId、ProjectId、实例名称、CIDR块、密码、VPC/VSwitch ID等)必须与用户确认。 对于创建操作,工具会提供推荐默认值(以及可选的自动发现功能)。你必须向用户展示完整方案,并在运行
create-supabase-project
前获得用户明确批准(或用户替换后的参数值)。

Final execution confirmation (read-only vs mutating)

最终执行确认(只读 vs 变更操作)

  • No separate final “execute” step — only for read-only information retrieval: 
    aliyun gpdb list-supabase-projects
    , 
    aliyun gpdb get-supabase-project
    , 
    get-supabase-project-api-keys
    , 
    get-supabase-project-dashboard-account
    , and discovery-only calls such as 
    aliyun vpc describe-vpcs
    , 
    aliyun vpc describe-vswitches
    , 
    aliyun gpdb describe-regions
     (same class as list / describe: no resource state change).
  • Final user confirmation [MUST] — before the CLI runs, for every mutating operation: create, pause, resume, reset password, modify security IPs. Show what will execute and key parameters (e.g. 
    project-id
    , new password hint without logging secret, new whitelist). Obtain explicit approval.
  • After create, provisioning poll via 
    get-supabase-project
     does not need a new confirmation — the user already approved create; polling is verification only.
CreateSupabaseProject is defined in the official API reference. Full CLI mapping, VPC/VSwitch discovery, name/password rules: references/create-supabase-project-parameters.md.
ParameterRequired/OptionalDescriptionDefault / recommendation
ProjectIdRequired (non-create)Instance ID from API/list (
spb-
+ suffix)
BizRegionIdOptional (create)Region ID (
RegionId
in API)
cn-beijing
ProjectNameRequired (create)Project nameDerive from user scenario; user may replace
ZoneIdRequired (create)Availability zone ID
cn-beijing-i
VpcIdRequired (create)VPC IDUser input or from discovery (see Create Project)
VSwitchIdRequired (create)VSwitch ID (must match 
ZoneId
)		User input or recommend max 
AvailableIpAddressCount
 in zone
AccountPasswordRequired (create) / resetDatabase passwordUser input or generate per API rules; user may replace
SecurityIPListRequired (create) / modifyIP whitelist
127.0.0.1
; user may supply IPs/CIDRs
ProjectSpecRequired (create)Instance spec
2C2G
 (skill default recommendation; user may choose e.g. 
1C1G
)
StorageSizeOptional (create)Storage (GB)
20
 (skill default recommendation)
DiskPerformanceLevelOptional (create)PL0 / PL1
PL0
PayType / UsedTime / PeriodOptional (create)Billing
POSTPAY
 (后付费) by default; set 
--period
/ 
--used-time
only for prepaid/subscription
ClientTokenOptional (create)IdempotencyOmit unless user retries same create
  • 无需单独的最终“执行”步骤 — 仅适用于只读信息查询
    aliyun gpdb list-supabase-projects
    aliyun gpdb get-supabase-project
    get-supabase-project-api-keys
    get-supabase-project-dashboard-account
    ,以及仅用于发现的调用,例如**
    aliyun vpc describe-vpcs
    aliyun vpc describe-vswitches
    aliyun gpdb describe-regions
    **(与list/describe属于同一类别:不会改变资源状态)。
  • 必须获得用户最终确认 — 对于所有变更操作,在CLI运行前:创建、暂停、恢复、重置密码、修改安全IP。向用户展示将要执行的内容关键参数(例如
    project-id
    、不泄露明文的新密码提示、新的白名单),获得明确批准
  • 创建完成后,通过**
    get-supabase-project
    进行资源 provisioning 轮询**不需要新的确认 — 用户已经批准创建操作,轮询仅用于校验。
CreateSupabaseProject 定义在官方API参考中。完整CLI映射、VPC/VSwitch发现、名称/密码规则请参考:references/create-supabase-project-parameters.md
参数必填/可选描述默认值/推荐值
ProjectId非创建操作必填来自API/列表的实例ID(
spb-
+ 后缀)
BizRegionId创建时可选区域ID(API中的
RegionId
cn-beijing
ProjectName创建时必填项目名称根据用户场景生成,用户可替换
ZoneId创建时必填可用区ID
cn-beijing-i
VpcId创建时必填VPC ID用户输入自动发现(参见创建项目章节)
VSwitchId创建时必填VSwitch ID(必须与
ZoneId
匹配)		用户输入推荐可用区中
AvailableIpAddressCount
最大的实例
AccountPassword创建/重置时必填数据库密码用户输入按照API规则生成,用户可替换
SecurityIPList创建/修改时必填IP白名单
127.0.0.1
;用户可提供IP/CIDR
ProjectSpec创建时必填实例规格
2C2G
(工具默认推荐值;用户可选择例如
1C1G
StorageSize创建时可选存储容量(GB)
20
(工具默认推荐值)
DiskPerformanceLevel创建时可选PL0 / PL1
PL0
PayType / UsedTime / Period创建时可选计费方式默认**
POSTPAY
**(后付费);仅包年包月/预付费场景需要设置
--period
/ 
--used-time
ClientToken创建时可选幂等校验除非用户重试相同创建操作,否则可省略

Timeout Configuration

超时配置

Timeout Settings
  • Default CLI read timeout is often ~60 seconds per HTTP read — usually enough for 
    create-supabase-project
    , because creation is asynchronous: the API accepts the request and returns 
    ProjectId
     quickly; it does not block until the instance is ready.
  • 3–5 minutes is the typical time for background provisioning to finish — not the duration of the create HTTP response. Use Success Verification (poll 
    get-supabase-project
    until 
    Status
    is 
    running
    ) to wait for that phase.
  • Create success criterion: after 
    create-supabase-project
    returns 
    ProjectId
    , the instance is not ready until 
    get-supabase-project
     reports 
    Status
    = 
    running
     (API uses lowercase) — that state means provisioning succeeded and the project is usable.
  • If any command hits read timeouts in practice, raise 
    --read-timeout
    for that call (e.g. 
    --read-timeout 120
    ).
超时设置
  • 默认CLI读取超时通常为每次HTTP请求约60秒 — 通常足够支撑**
    create-supabase-project
    调用,因为创建是异步的:API接收请求后会快速返回
    ProjectId
    **,不会阻塞直到实例就绪。
  • 3-5分钟后台资源部署的典型耗时 — 这不是创建HTTP响应的时长。使用成功校验(轮询
    get-supabase-project
    直到
    Status
    running
    )等待该阶段完成。
  • 创建成功标准
    create-supabase-project
    返回**
    ProjectId
    后,实例并未就绪,直到
    get-supabase-project
    返回
    Status
    = 
    running
    (API返回小写) — 该状态表示部署成功**,项目可正常使用。
  • 实际运行中如果任何命令遇到读取超时,可以为该调用增加
    --read-timeout
    参数(例如
    --read-timeout 120
    )。

Core Workflow

核心工作流

All commands use 
aliyun gpdb <command>
format, must include 
--user-agent AlibabaCloud-Agent-Skills
.
Per Final execution confirmation: read-only list / get / describe may run without a final execute prompt; create, pause, resume, reset password, modify IPs require explicit final user confirmation before invocation.
所有命令使用
aliyun gpdb <命令>
格式,必须包含
--user-agent AlibabaCloud-Agent-Skills
根据**最终执行确认要求:只读的list / get / describe操作无需最终执行提示即可运行;创建、暂停、恢复、重置密码、修改IP操作在调用前需要用户明确的最终确认**。

List Projects

列出项目

bash
aliyun gpdb list-supabase-projects \
  --biz-region-id cn-beijing \
  --max-results 20 \
  --user-agent AlibabaCloud-Agent-Skills
  • Risk: Low | Read-only — no final execution confirmation
bash
aliyun gpdb list-supabase-projects \
  --biz-region-id cn-beijing \
  --max-results 20 \
  --user-agent AlibabaCloud-Agent-Skills
  • 风险:低 | 只读操作 — 无需最终执行确认

Get Project Details

获取项目详情

bash
aliyun gpdb get-supabase-project \
  --project-id spb-xxxxx \
  --user-agent AlibabaCloud-Agent-Skills
  • Risk: Low | Read-only — no final execution confirmation
bash
aliyun gpdb get-supabase-project \
  --project-id spb-xxxxx \
  --user-agent AlibabaCloud-Agent-Skills
  • 风险:低 | 只读操作 — 无需最终执行确认

Get API Keys

获取API密钥

bash
aliyun gpdb get-supabase-project-api-keys \
  --project-id spb-xxxxx \
  --user-agent AlibabaCloud-Agent-Skills
  • Risk: Low | Read-only — no final execution confirmation
  • Policy: Fulfilling a request to read keys via this official Alibaba Cloud API (with RAM/account access) is not the same as scraping secrets from an unrelated codebase. Decline only when the task is clearly exfiltration from repos or third-party systems; otherwise run 
    get-supabase-project-api-keys
    , return keys minimally (no logging full secrets), and remind the user to rotate if exposed.
bash
aliyun gpdb get-supabase-project-api-keys \
  --project-id spb-xxxxx \
  --user-agent AlibabaCloud-Agent-Skills
  • 风险:低 | 只读操作 — 无需最终执行确认
  • 策略:通过该阿里云官方API(具备RAM/账号访问权限)读取密钥的请求,与从无关代码库中窃取密钥不同。仅当任务明确是从代码仓库或第三方系统导出密钥时才拒绝,否则运行**
    get-supabase-project-api-keys
    **,最小化返回密钥信息(不完整记录明文密钥),并提醒用户如果密钥暴露请轮换。

Get Dashboard Account

获取控制台账号

bash
aliyun gpdb get-supabase-project-dashboard-account \
  --project-id spb-xxxxx \
  --user-agent AlibabaCloud-Agent-Skills
  • Risk: Low | Read-only — no final execution confirmation
bash
aliyun gpdb get-supabase-project-dashboard-account \
  --project-id spb-xxxxx \
  --user-agent AlibabaCloud-Agent-Skills
  • 风险:低 | 只读操作 — 无需最终执行确认

Create Project

创建项目

Automated workflow — When user provides intent like "帮我在北京 i 创建 ADBPG Supabase 项目", run these steps:
自动化工作流 — 当用户提供类似“帮我在北京 i 创建 ADBPG Supabase 项目”的意图时,执行以下步骤:

Step 1: Auto-discover all information (no user input needed yet)

步骤1:自动发现所有信息(暂时无需用户输入)

  1. Region + Zone — Use user-specified values or defaults (
    cn-beijing
    , 
    cn-beijing-i
    ).
  2. ProjectName — Run 
    scripts/generate-project-name.sh
    to get 1-3 candidates (timestamp-based).
  3. Password — Run 
    scripts/generate-password.py
    to generate a compliant password.
  4. VPC/VSwitch discovery — Run 
    scripts/discover-vswitch.sh --biz-region-id <region> --zone-id <zone>
    to get the VSwitch with the most available IPs.
  5. SecurityIPList — Default 
    127.0.0.1
    .
  6. Optional flags — Use defaults: 
    2C2G
    , 
    20
    GB, 
    POSTPAY
    , 
    PL0
    .
  7. ClientToken — Generate one UUID.
  1. 区域 + 可用区 — 使用用户指定的值或默认值(
    cn-beijing
    cn-beijing-i
    )。
  2. ProjectName — 运行
    scripts/generate-project-name.sh
    获取1-3个候选名称(基于时间戳)。
  3. 密码 — 运行
    scripts/generate-password.py
    生成符合规则的密码。
  4. VPC/VSwitch发现 — 运行
    scripts/discover-vswitch.sh --biz-region-id <区域> --zone-id <可用区>
    获取可用IP最多的VSwitch。
  5. SecurityIPList — 默认
    127.0.0.1
  6. 可选参数 — 使用默认值:
    2C2G
    20
    GB、
    POSTPAY
    PL0
  7. ClientToken — 生成一个UUID。

Step 2: Present creation plan (single confirmation)

步骤2:展示创建方案(单次确认)

Display the full parameter table to the user with options:
=== Create Supabase Project Plan ===
Project Name:   <generated-or-user-confirmed>
Region:         <biz-region-id>
Zone:           <zone-id>
VPC:            <vpc-id from discovery>
VSwitch:        <vswitch-id from discovery> (Available IPs: <count>)
Instance Spec:  2C2G
Storage:        20 GB
Pay Type:       POSTPAY
Security IP:    127.0.0.1
Password:       <generated, shown once or masked>
=================================

Select an option:
1. Confirm and create (default)
2. Modify parameters
3. Cancel

Press Enter for [1], or type option number:
向用户展示完整参数表和选项:
=== 创建Supabase项目方案 ===
项目名称:   <生成或用户确认的名称>
区域:         <biz-region-id>
可用区:           <zone-id>
VPC:            <自动发现的vpc-id>
VSwitch:        <自动发现的vswitch-id> (可用IP: <数量>)
实例规格:  2C2G
存储:        20 GB
计费方式:       POSTPAY
安全IP:    127.0.0.1
密码:       <生成的密码,仅展示一次或掩码处理>
=================================

选择选项:
1. 确认并创建(默认)
2. 修改参数
3. 取消

按回车键选择[1],或输入选项编号:

Step 3: Execute after confirmation

步骤3:确认后执行

If user selects "1" or presses Enter (confirm), run:
bash
aliyun gpdb create-supabase-project \
  --biz-region-id <BizRegionId> \
  --zone-id <ZoneId> \
  --project-name <ProjectName> \
  --account-password ‘<Password>\
  --security-ip-list "127.0.0.1" \
  --vpc-id <VpcId> \
  --vswitch-id <VSwitchId> \
  --project-spec 2C2G \
  --storage-size 20 \
  --disk-performance-level PL0 \
  --pay-type POSTPAY \
  --client-token "<ClientToken>" \
  --user-agent AlibabaCloud-Agent-Skills
Then proceed to Success Verification (polling) as described below.
Async create — HTTP retries (before you have 
ProjectId
)
  • Goal: absorb transient CLI/network/API errors without double-creating a different resource.
  • Reuse the same 
    --client-token
     on every create attempt in this session for this intended project.
  • Retry create (max 3 attempts total, including the first) only if the response has no 
    ProjectId
    and the error looks transient: e.g. throttling, connection reset, read timeout, 
    ServiceUnavailable
    . Backoff: 5s → 15s → 45s between attempts.
  • Do not blindly retry create for business errors (e.g. 
    VSwitchIp.NotEnough
    , invalid parameter) — stop, explain, fix with the user.
  • If any attempt returns 
    ProjectId
    stop calling create; switch to provisioning poll (Success Verification).
  • If create times out but might have succeeded server-side → poll 
    get-supabase-project
     by name/region (e.g. 
    list-supabase-projects
    filtered by 
    ProjectName
    ) before issuing another create with the same token/name.
bash
undefined
如果用户选择“1”或按回车键确认,运行:
bash
aliyun gpdb create-supabase-project \
  --biz-region-id <BizRegionId> \
  --zone-id <ZoneId> \
  --project-name <ProjectName> \
  --account-password ‘<Password>\
  --security-ip-list "127.0.0.1" \
  --vpc-id <VpcId> \
  --vswitch-id <VSwitchId> \
  --project-spec 2C2G \
  --storage-size 20 \
  --disk-performance-level PL0 \
  --pay-type POSTPAY \
  --client-token "<ClientToken>" \
  --user-agent AlibabaCloud-Agent-Skills
然后执行下文所述的成功校验(轮询)。
异步创建 — HTTP重试(未获取到
ProjectId
前)
  • 目标:处理临时的CLI/网络/API错误,避免重复创建不同资源。
本次会话中针对该目标项目的所有创建尝试复用相同的**
--client-token
。 仅当响应中没有**
ProjectId
错误属于临时错误时,重试创建(总共最多3次,包含首次尝试):例如限流、连接重置、读取超时、
ServiceUnavailable
。重试间隔:5秒 → 15秒 → 45秒。 不要盲目为业务错误重试创建(例如
VSwitchIp.NotEnough
、无效参数) — 停止操作、解释错误、与用户一起修复问题。 如果任何尝试返回**
ProjectId
** → 停止调用创建接口;切换到部署轮询(成功校验)。 如果创建超时但服务端可能已执行成功 → 下次创建相同token/名称的项目前,按名称/区域轮询
get-supabase-project
(例如按
ProjectName
过滤
list-supabase-projects
结果)。
bash
undefined

CLIENT_TOKEN: generate once (e.g. uuidgen) before first attempt; reuse on safe create retries.

CLIENT_TOKEN: 首次尝试前生成一次(例如uuidgen);安全重试创建时复用该值。

aliyun gpdb create-supabase-project
--biz-region-id cn-beijing
--zone-id cn-beijing-i
--project-name my_supabase
--account-password '<user-or-generated>'
--security-ip-list "127.0.0.1"
--vpc-id vpc-xxxxx
--vswitch-id vsw-xxxxx
--project-spec 2C2G
--storage-size 20
--disk-performance-level PL0
--pay-type POSTPAY
--client-token "$CLIENT_TOKEN"
--user-agent AlibabaCloud-Agent-Skills

- **Risk**: High | **Final user confirmation** — full parameter plan approved before execution
- Password: at least 3 of uppercase, lowercase, digits, specials from `!@#$%^&*()_+-=`; length 8–32 (per API)
- Project name: letters/numbers/hyphens/underscores; must start with letter or `_`; length 1–128
aliyun gpdb create-supabase-project
--biz-region-id cn-beijing
--zone-id cn-beijing-i
--project-name my_supabase
--account-password '<用户提供或生成的密码>'
--security-ip-list "127.0.0.1"
--vpc-id vpc-xxxxx
--vswitch-id vsw-xxxxx
--project-spec 2C2G
--storage-size 20
--disk-performance-level PL0
--pay-type POSTPAY
--client-token "$CLIENT_TOKEN"
--user-agent AlibabaCloud-Agent-Skills

- **风险**:高 | **需要用户最终确认** — 执行前已批准完整参数方案
- 密码要求:至少包含大写、小写、数字、`!@#$%^&*()_+-=`特殊字符中的3种;长度8-32位(符合API要求)
- 项目名称:支持字母、数字、连字符、下划线;必须以字母或`_`开头;长度1-128位

Pause Project

暂停项目

bash
aliyun gpdb pause-supabase-project \
  --project-id spb-xxxxx \
  --user-agent AlibabaCloud-Agent-Skills
  • Risk: Medium | Final user confirmation required before execution
  • Service unavailable after pause, but data is retained
bash
aliyun gpdb pause-supabase-project \
  --project-id spb-xxxxx \
  --user-agent AlibabaCloud-Agent-Skills
  • 风险:中 | 执行前需要用户最终确认
  • 暂停后服务不可用,但数据会保留

Resume Project

恢复项目

bash
aliyun gpdb resume-supabase-project \
  --project-id spb-xxxxx \
  --user-agent AlibabaCloud-Agent-Skills
  • Risk: Medium | Final user confirmation required before execution (mutating)
bash
aliyun gpdb resume-supabase-project \
  --project-id spb-xxxxx \
  --user-agent AlibabaCloud-Agent-Skills
  • 风险:中 | 执行前需要用户最终确认(变更操作)

Reset Database Password

重置数据库密码

bash
aliyun gpdb reset-supabase-project-password \
  --project-id spb-xxxxx \
  --account-password 'NewPass456!' \
  --user-agent AlibabaCloud-Agent-Skills
  • Risk: Medium | Final user confirmation required before execution
  • Existing connections using old password will be disconnected
bash
aliyun gpdb reset-supabase-project-password \
  --project-id spb-xxxxx \
  --account-password 'NewPass456!' \
  --user-agent AlibabaCloud-Agent-Skills
  • 风险:中 | 执行前需要用户最终确认
  • 使用旧密码的现有连接会被断开

Modify Security IPs

修改安全IP

bash
aliyun gpdb modify-supabase-project-security-ips \
  --project-id spb-xxxxx \
  --security-ip-list "10.0.0.1,10.0.0.2/24" \
  --user-agent AlibabaCloud-Agent-Skills
  • Risk: Medium | Final user confirmation required before execution
  • Multiple IPs separated by commas, CIDR format supported
bash
aliyun gpdb modify-supabase-project-security-ips \
  --project-id spb-xxxxx \
  --security-ip-list "10.0.0.1,10.0.0.2/24" \
  --user-agent AlibabaCloud-Agent-Skills
  • 风险:中 | 执行前需要用户最终确认
  • 多个IP用逗号分隔,支持CIDR格式

Success Verification

成功校验

Use the steps below first; extended tables and edge cases are in references/verification-method.md.
优先使用以下步骤;扩展表格和边缘场景请参考references/verification-method.md

After create (
create-supabase-project
)

创建完成后(
create-supabase-project

  1. Capture 
    ProjectId
     from the create response (format 
    spb-
    + suffix    ). The create call returns after the request is accepted, not when provisioning finishes. If create fails or times out, list or get to see if the project already exists before another create (same 
    --client-token
     if retrying create per Create Project).
  2. Provisioning poll until 
    running
    or terminal failure     — async work often finishes in 3–5 minutes but can run longer under load. Use a two-tier wait:
    • Tier A — primary: every 30 seconds, call 
      get-supabase-project
      , up to 20 attempts (~10 minutes).
    • Tier B — extension (optional): if 
      Status
      is still a non-terminal provisioning state (e.g. creating / pending — exact strings depend on API), inform the user and add up to 10 more attempts (~5 minutes) before giving up.
  3. Per-poll retry (transient): For each scheduled poll, if get fails with network/read timeout or throttling, retry the same get up to 3 times with 5 seconds between tries, then continue the outer loop (still count as one poll cycle).
  4. Interpret 
    Status
    :
    • running
      create / provisioning succeeded; instance is ready — report success to the user.
    • Terminal failure (if API returns explicit failure/cancelled states) → stop polling; report error code/message; do not assume success.
    • Empty / unknown / in-progress → keep polling within Tier A/B limits.
bash
PROJECT_ID="spb-xxxxx"
STATUS=""
MAX_PRIMARY=20
SLEEP=30
for attempt in $(seq 1 "$MAX_PRIMARY"); do
  RAW=""
  for inner in 1 2 3; do
    RAW=$(aliyun gpdb get-supabase-project \
      --project-id "$PROJECT_ID" \
      --read-timeout 90 \
      --user-agent AlibabaCloud-Agent-Skills \
      2>/dev/null) && break
    sleep 5
  done
  STATUS=$(echo "$RAW" | jq -r '.Status // empty')
  [ "$STATUS" = "running" ] && break
  sleep "$SLEEP"
done
  1. 从创建响应中捕获
    ProjectId
    (格式为**
    spb-
    + 后缀**)。创建调用在请求被接收后就会返回,而非部署完成时。如果创建失败或超时,再次创建前请先执行列表或查询操作确认项目是否已存在(如果按照创建项目章节重试创建,请使用相同的**
    --client-token
    **)。
  2. 部署轮询直到状态为
    running
    或最终失败     — 异步操作通常在3-5分钟内完成,但负载高时可能耗时更长。使用两级等待机制:
    • 第一级 — 主轮询:每30秒调用一次**
      get-supabase-project
      ,最多20次**(约10分钟)。
    • 第二级 — 扩展轮询(可选):如果
      Status
      仍为非最终部署状态(例如creating / pending — 具体字符串取决于API),告知用户并最多追加10次尝试(约5分钟),仍未完成则放弃。
  3. 单轮询重试(临时错误):对于每次计划的轮询,如果get调用因网络/读取超时或限流失败,最多重试3次相同的get调用,间隔5秒,之后继续外层循环(仍计为一次轮询周期)。
  4. 解读
    Status
    • running
      创建/部署成功;实例就绪 — 向用户报告成功。
    • 最终失败(如果API返回明确的失败/取消状态) → 停止轮询;报告错误代码/消息;不要默认操作成功。
    • 空 / 未知 / 进行中 → 在第一/二级轮询限制内继续轮询。
bash
PROJECT_ID="spb-xxxxx"
STATUS=""
MAX_PRIMARY=20
SLEEP=30
for attempt in $(seq 1 "$MAX_PRIMARY"); do
  RAW=""
  for inner in 1 2 3; do
    RAW=$(aliyun gpdb get-supabase-project \
      --project-id "$PROJECT_ID" \
      --read-timeout 90 \
      --user-agent AlibabaCloud-Agent-Skills \
      2>/dev/null) && break
    sleep 5
  done
  STATUS=$(echo "$RAW" | jq -r '.Status // empty')
  [ "$STATUS" = "running" ] && break
  sleep "$SLEEP"
done

Optional: extend with user consent +10 polls if still provisioning

可选:如果仍在部署中,经用户同意后追加10次轮询

[ "$STATUS" = "running" ] || exit 1

If `jq` is unavailable, inspect the **get** output for `Status` each time; same retry and tier rules apply.
[ "$STATUS" = "running" ] || exit 1

如果无法使用`jq`,每次检查**get**输出中的`Status`即可;重试和分级规则相同。

After other operations

其他操作完成后

OperationVerify withSuccess hint
List
list-supabase-projects
Projects
present in JSON, 
RequestId
present
Get / API keys / dashboardmatching 
get-*
command		Expected fields in JSON, no error code
Pause / resume
get-supabase-project
Status
matches paused / running per API
Reset password / modify IPs
get-supabase-project
Whitelist or success response as applicable; password change is also validated by reconnecting (see reference doc)
操作校验方式成功提示
列表
list-supabase-projects
JSON中存在
Projects
、存在
RequestId
查询 / API密钥 / 控制台账号对应的
get-*
命令		JSON中存在预期字段,无错误代码
暂停 / 恢复
get-supabase-project
Status
与API返回的paused / running匹配
重置密码 / 修改IP
get-supabase-project
白名单符合预期或返回成功响应;密码变更也可通过重连验证(参见参考文档)

Best Practices

最佳实践

  1. Read-only list/get/describe (see Final execution confirmation) may run without a final execute prompt; never run create/pause/resume/reset-password/modify-IPs without explicit final user confirmation
  2. If users lack VPC/VSwitch IDs, discover with 
    vpc describe-vswitches
    (and optionally 
    vpc describe-vpcs
    ) before create
  3. Must issue warning before pausing projects (service will become unavailable)
  4. Do not recommend setting whitelist to 0.0.0.0/0 due to security risks
  5. ProjectId
     is always 
    spb-…
     — if the user’s id is wrong or unknown, use 
    list-supabase-projects
     to resolve by name or id
  6. Never substitute 
    supabase
    CLI     for 
    aliyun gpdb
     on this product
  7. Pausing projects saves costs while data is preserved
  8. All commands must include 
    --user-agent AlibabaCloud-Agent-Skills
  9. After create, always run provisioning poll (or confirm terminal failure) — do not treat “create returned ProjectId” as “instance ready”
  1. 只读的list/get/describe操作(参见最终执行确认)无需最终执行提示即可运行;严禁在未获得用户明确最终确认的情况下运行创建/暂停/恢复/重置密码/修改IP操作
  2. 如果用户没有VPC/VSwitch ID,创建前通过
    vpc describe-vswitches
    (可选搭配
    vpc describe-vpcs
    )自动发现
  3. 暂停项目前必须发出警告(服务将不可用)
  4. 出于安全风险考虑,不推荐将白名单设置为0.0.0.0/0
  5. ProjectId
     始终为**
    spb-…
    格式 — 如果用户提供的ID错误或未知,使用
    list-supabase-projects
    **按名称或ID匹配
  6. 针对该产品,严禁用**
    supabase
    CLI替代
    aliyun gpdb
    **命令
  7. 暂停项目可节省成本,同时保留数据
  8. 所有命令必须包含
    --user-agent AlibabaCloud-Agent-Skills
  9. 创建完成后,必须执行部署轮询(或确认最终失败) — 不要将“创建返回ProjectId”等同于“实例就绪”

Reference Documents

参考文档

DocumentDescription
references/cli-installation-guide.mdCLI Installation Guide
references/ram-policies.mdRAM Permission Requirements
references/related-apis.mdRelated API List
references/verification-method.mdOperation Verification Methods
references/acceptance-criteria.mdAcceptance Criteria
references/create-supabase-project-parameters.mdCreate API parameters, defaults, VPC/VSwitch discovery
文档描述
references/cli-installation-guide.mdCLI安装指南
references/ram-policies.mdRAM权限要求
references/related-apis.md相关API列表
references/verification-method.md操作校验方法
references/acceptance-criteria.md验收标准
references/create-supabase-project-parameters.md创建API参数、默认值、VPC/VSwitch发现规则