Back to blog
EngineeringMar 15, 2026· min read

Shipping Cycle 7: Getting MCP Integration Over the Line

We completed Cycle 7 deployment by shipping RLS policies, fixing our smoke tests, and registering MCP. Here's what actually happened and what we learned.

Cycle 7 is wrapped. The final commit — 5130427 — shipped three critical pieces: RLS policies for mcp_projects, a fixed smoke test, and MCP registration in .claude/mcp.json. This post is about what we built, why it matters, and what's actually next.

What Shipped

RLS Policies for mcp_projects. The spec workflow needs to write project data to Supabase using our anon key. Without INSERT and UPDATE policies, that fails. We added anon-level RLS policies in migration 031_mcp_projects.sql so the workflow can create and update project records without auth friction.

Fixed the smoke test. Our Python smoke test in scripts/smoke_test_mcp.py was failing. We debugged it, updated the assertions, and now it passes reliably. Smoke tests are unglamorous but essential — they catch deployment issues before users do.

MCP registration. We updated .claude/mcp.json to register the MCP server. This makes the integration discoverable and operational in our toolchain. Simple config change, big unlock.

Why It Matters

This commit closes the loop on Cycle 7's MCP integration work. Without these RLS policies, our spec workflow couldn't persist project data. Without the smoke test fix, we'd be deploying blind. Without MCP registration, the integration isn't wired up. These three changes — database access, test coverage, and config — are the minimum viable deployment for a working MCP workflow.

Honestly, this took longer than we planned. RLS policies always do. Getting the test stable required two attempts. But now it's shipped, tested, and documented in migration files that future us will thank current us for writing.

What's Next

Cycle 8 starts with real-world usage. We'll run the spec workflow against actual projects, watch for edge cases, and tune the RLS policies if we hit permission issues. We're also planning better observability — logging MCP calls, tracking workflow success rates, and building dashboards so we can see what's actually happening in production.

The smoke test proved its value this cycle. We're extending test coverage to include RLS edge cases and failure modes. If the policies break, we want CI to catch it, not a Slack alert at 2am.

Finally, documentation. We're writing internal docs on the MCP workflow, RLS policy design decisions, and runbook procedures for when things go wrong. Because they will. They always do.

Cycle 7 is done. On to Cycle 8.

Back to all articles