From 2d409159f9c88893e9f90c479983ccefc5b8e92c Mon Sep 17 00:00:00 2001
From: FailSafe Research Team
 <190101117+failsafesecurity@users.noreply.github.com>
Date: Sat, 18 Apr 2026 12:05:37 +0800
Subject: [PATCH] fix(security): missing maximum operation limits: unbounded
 file array and content size in deployedgefunction [MEDIUM]

---
 packages/mcp-server-supabase/src/platform/types.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/packages/mcp-server-supabase/src/platform/types.ts b/packages/mcp-server-supabase/src/platform/types.ts
index 70ad8b6..6ba0898 100644
--- a/packages/mcp-server-supabase/src/platform/types.ts
+++ b/packages/mcp-server-supabase/src/platform/types.ts
@@ -109,10 +109,10 @@ export const deployEdgeFunctionOptionsSchema = z.object({
   verify_jwt: z.boolean().optional(),
   files: z.array(
     z.object({
-      name: z.string(),
-      content: z.string(),
+      name: z.string().max(255),
+      content: z.string().max(5 * 1024 * 1024),
     })
-  ),
+  ).max(50),
 });
 
 export const executeSqlOptionsSchema = z.object({