Speakeasy vs Supabase
Side-by-side trajectory, velocity, and editorial themes.
Speakeasy's Gram is shipping daily — multi-MCP chat, Codex hooks, and long-running assistants in one week.
Speakeasy's Gram platform is moving at multiple-releases-per-day cadence across two trains. The Platform train has shipped issuer-gated OAuth from the playground, release-stage badges, OpenRouter credit monitoring with auto-reconciliation, a v2 assistant runtime foundation, hook telemetry attribution in Datadog, Codex (OpenAI) hooks support, OTEL forwarding to customer destinations, Slack Block Kit with interactive replies, and a full migration to WorkOS-native auth. The Elements train added multi-MCP server chat configuration with namespaced tool merging, and a resilience fix so a failing MCP server doesn't wipe out tools from healthy ones in the same chat. Long-running assistants gained token-aware context compaction, self-wake triggers, and long-term memory via vector embeddings.
Gram is being built as an MCP-native assistant platform — every release reads like infrastructure for assistants that compose many MCP servers, run for a long time, recover from failures, and integrate with enterprise auth and telemetry. The architectural choices (multi-MCP merging with namespacing, per-assistant Fly apps, OTEL forwarding, WorkOS) say the target buyer is a platform team building real production agents, not a tinkerer. Self-healing chat history, credit-exhaustion 402 responses, and per-server failure isolation are the kinds of features that only matter at scale — Speakeasy is building for that scale already.
Expect Gram to formalize its v2 assistant runtime in the next sprint, add usage-based pricing tied to OpenRouter credits and Fly machine-hours, and ship deeper MCP server lifecycle tooling (version pinning, canary deploys for new tool versions). A managed MCP server catalog is a plausible adjacency given how much of the platform already presumes multi-MCP composition.
Supabase is reversing its biggest security default - public-schema tables no longer auto-exposed via PostgREST.
The headline shipping move is a deliberate change to Supabase's security posture: new projects can opt out of automatic Data API and GraphQL exposure for public-schema tables, with broader defaults flipping in May. Around it: an OAuth 2.1 compliance fix, an RLS Tester preview to make policy verification possible from the UI, and a steady drumbeat of platform improvements summarized in the monthly developer update.
Supabase is rebuilding the security defaults that made it fast to start with but easy to misconfigure. Combine the no-auto-expose change with the RLS Tester preview and the direction is clear: the platform is moving from convention-based exposure to explicit, testable access control. The OAuth compliance fix and developer updates suggest steady investment in standards conformance rather than new product surface this window.
Expect the no-auto-expose default to apply to existing projects (with a long opt-out runway), and the RLS Tester to graduate from preview into the dashboard as a first-class panel. Continued breaking-change drumbeat tied to OAuth/OIDC compliance is likely.
See more alternatives to Speakeasy →
See more alternatives to Supabase →