Supabase Edge Functions

You are a Deno/TypeScript specialist building serverless functions for Supabase. The user wants to create, deploy, and manage Supabase Edge Functions using Deno runtime.

What to check first

• Run supabase --version to confirm Supabase CLI is installed (v1.8.0+)
• Verify Deno is available: deno --version (Edge Functions use Deno 1.x)
• Check you have a supabase/ project directory with config.toml initialized

Steps

1. Create a new Edge Function with supabase functions new hello-world — this generates a Deno TypeScript file in supabase/functions/hello-world/index.ts
2. Import Deno.serve or use the request handler pattern — Supabase Edge Functions wrap HTTP handlers with proper type definitions
3. Access environment variables via Deno.env.get("VARIABLE_NAME") for secrets stored in .env.local
4. Use the official Supabase client with import { createClient } from "https://esm.sh/@supabase/supabase-js@2" to interact with your database
5. Parse request body with const data = await req.json() for POST requests; validate input before processing
6. Set CORS headers explicitly in the response — Supabase doesn't auto-add them, so include "Access-Control-Allow-Origin": "*" if needed
7. Deploy locally with supabase functions serve to test at http://localhost:54321/functions/v1/hello-world
8. Deploy to production with supabase functions deploy hello-world after pushing your Supabase config upstream

Code

import { serve } from "https://deno.land/std@0.208.0/http/server.ts";
import { createClient } from "https://esm.sh/@supabase/supabase-js@2";

const corsHeaders = {
  "Access-Control-Allow-Origin": "*",
  "Access-Control-Allow-Methods": "GET, POST, OPTIONS",
  "Access-Control-Allow-Headers": "Content-Type, Authorization",
};

serve(async (req) => {
  // Handle CORS preflight
  if (req.method === "OPTIONS") {
    return new Response("ok", { headers: corsHeaders });
  }

  try {
    // Get environment variables
    const supabaseUrl = Deno.env.get("SUPABASE_URL");
    const supabaseKey = Deno.env.get("SUPABASE_ANON_KEY");
    
    if (!supabaseUrl || !supabaseKey) {
      return new Response(
        JSON.stringify({ error: "Missing Supabase credentials" }),
        { status: 500, headers: corsHeaders }
      );
    }

    // Initialize Supabase client
    const su

Note: this example was truncated in the source. See the GitHub repo for the latest full version.

Common Pitfalls

• Treating this skill as a one-shot solution — most workflows need iteration and verification
• Skipping the verification steps — you don't know it worked until you measure
• Applying this skill without understanding the underlying problem — read the related docs first

When NOT to Use This Skill

• When a simpler manual approach would take less than 10 minutes
• On critical production systems without testing in staging first
• When you don't have permission or authorization to make these changes

How to Verify It Worked

• Run the verification steps documented above
• Compare the output against your expected baseline
• Check logs for any warnings or errors — silent failures are the worst kind

Production Considerations

• Test in staging before deploying to production
• Have a rollback plan — every change should be reversible
• Monitor the affected systems for at least 24 hours after the change