Edge Function Creator
Overview
Structured workflow for creating, testing, and deploying Supabase Edge Functions with consistent patterns.
When to Use
- •Creating a new edge function
- •Modifying an existing one
- •Deploying functions
- •Adding AI integration to functions
Workflow
Phase 1: Plan
- •Define purpose and actions
- •Identify env vars needed
- •Determine auth (JWT on/off)
- •List Supabase tables accessed
- •Choose AI provider if needed (Gemini Flash = speed, Claude Sonnet = reasoning)
Phase 2: Create
Structure: supabase/functions/<name>/index.ts
typescript
import "jsr:@supabase/functions-js/edge-runtime.d.ts";
import { createClient } from "jsr:@supabase/supabase-js@2";
const corsHeaders = {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Headers": "authorization, x-client-info, apikey, content-type",
};
Deno.serve(async (req: Request) => {
if (req.method === "OPTIONS") {
return new Response("ok", { headers: corsHeaders });
}
try {
const authHeader = req.headers.get("Authorization");
if (!authHeader) {
return new Response(JSON.stringify({ error: "No authorization header" }), {
status: 401, headers: { ...corsHeaders, "Content-Type": "application/json" },
});
}
const supabase = createClient(
Deno.env.get("SUPABASE_URL")!,
Deno.env.get("SUPABASE_ANON_KEY")!,
{ global: { headers: { Authorization: authHeader } } }
);
const { action, ...params } = await req.json();
switch (action) {
case "action_name":
return handleAction(supabase, params, corsHeaders);
default:
return new Response(JSON.stringify({ error: `Unknown action: ${action}` }), {
status: 400, headers: { ...corsHeaders, "Content-Type": "application/json" },
});
}
} catch (error) {
return new Response(JSON.stringify({ error: error.message }), {
status: 500, headers: { ...corsHeaders, "Content-Type": "application/json" },
});
}
});
Phase 3: Test
- •Local:
supabase functions serve <name> --env-file .env.local - •Curl test with JWT
- •Verify CORS preflight
- •Test error cases (missing auth, invalid action)
Phase 4: Deploy
- •
supabase functions deploy <name> - •Set secrets:
supabase secrets set KEY=value - •Verify in Supabase dashboard logs
Checklist
- • CORS headers on all responses
- • JWT verification enabled by default
- • Action routing via switch
- • Supabase client with user JWT
- • Error handling returns JSON with status codes
- • Env vars via
Deno.env.get(), never hardcoded - • Tested locally, deployed and verified
References
- •
.claude/edge-functions/references/ARCHITECTURE.md - •
.claude/edge-functions/references/AI-INTEGRATION.md - •
.claude/edge-functions/references/SECURITY.md - •
.claude/edge-functions/references/ERROR-HANDLING.md - •
.claude/edge-functions/references/DATABASE.md