Skip to content

mcp-data-platform-v0.22.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 18 Feb 01:43
· 347 commits to main since this release
v0.22.0
23f8f7e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's New

Read-Only trino_query and New trino_execute Tool

The platform now ships with mcp-trino v0.8.0, which splits SQL execution into two tools with clear safety semantics:

Tool Purpose MCP Annotation Client Behavior
trino_query Read-only SQL (SELECT, SHOW, DESCRIBE) ReadOnlyHint: true Auto-approve
trino_execute Any SQL including writes (INSERT, UPDATE, DELETE, CREATE, DROP) DestructiveHint: true Prompt for confirmation

Write SQL sent to trino_query is rejected before reaching Trino with a clear error directing users to trino_execute.

Three Layers of Write Control

  1. Tool semanticstrino_query always rejects writes; trino_execute always allows them
  2. Instance-level ReadOnly — when read_only: true, the platform's interceptor blocks writes on both tools
  3. Persona allow/deny — deny trino_execute for read-only personas, allow it for write personas

Persona Examples

Analyst with full read-write access:

analyst:
  tools:
    allow: ["trino_*", "datahub_*"]

Viewer with read-only query access:

viewer:
  tools:
    allow: ["trino_query", "trino_list_*", "trino_describe_*", "datahub_*"]
    deny: ["trino_execute"]

Existing personas using trino_* wildcards automatically pick up trino_execute with no config changes.

ReadOnlyInterceptor Simplified

The platform's ReadOnlyInterceptor now delegates to upstream trinotools.IsWriteSQL() instead of maintaining a duplicate regex and keyword list.

Breaking Changes

  • trino_query now rejects write SQL that it previously accepted. Workflows using trino_query for writes must switch to trino_execute.
  • The platform registers 8 Trino tools (was 7). Tools() returns trino_execute in the list.

Files Changed

Area Files Change
Code go.mod mcp-trino v0.6.2v0.8.0
Code pkg/toolkits/trino/toolkit.go Register ToolExecute in RegisterTools() and Tools()
Code pkg/toolkits/trino/readonly.go Delegate to upstream IsWriteSQL()
Docs 12 documentation files Added trino_execute to tool references, API specs, persona examples, deny lists
Config 4 mcpapps configs Added trino_execute to query-results app tool lists

Upgrading

No configuration changes required for most deployments. If your personas use trino_* wildcards, trino_execute is automatically included.

If you have personas that should NOT have write access, explicitly deny trino_execute:

read_only_persona:
  tools:
    allow: ["trino_query", "trino_list_*", "datahub_*"]
    deny: ["trino_execute"]

Changelog

  • feat: upgrade mcp-trino to v0.8.0, register trino_execute tool (#115)

Full diff: v0.21.1...v0.22.0

Installation

Homebrew (macOS)

brew install txn2/tap/mcp-data-platform

Claude Code CLI

claude mcp add mcp-data-platform -- mcp-data-platform

Docker

docker pull ghcr.io/txn2/mcp-data-platform:v0.22.0

Verification

All release artifacts are signed with Cosign. Verify with:

cosign verify-blob --bundle mcp-data-platform_0.22.0_linux_amd64.tar.gz.sigstore.json \
  mcp-data-platform_0.22.0_linux_amd64.tar.gz
Assets 25
Loading