Skip to content

mcp-data-platform-v1.78.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 02 Jun 20:02
· 33 commits to main since this release
v1.78.0
d3451f4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Highlights

Self-configuration: drive the platform with the agent (#543). The platform now ships a built-in API gateway connection named platform-admin that points the gateway at the platform's own /api/v1/admin/* REST API. An admin connected over MCP can create personas, add connections, update agent instructions, and manage prompts and API keys by asking the agent, instead of clicking through the Portal. "Create an analyst persona that can query Trino but cannot run any delete tool" becomes a sentence to the agent.

This is the platform dogfooding its own premise: an AI agent operating the data platform, including the platform itself.

What's new

  • platform-admin connection, auto-registered at startup. On a fresh install with a database and HTTP transport, an admin sees a platform-admin API connection and can run api_list_endpoints / api_get_endpoint_schema / api_invoke_endpoint against the full admin surface.
  • Always in sync with the running version. The connection's OpenAPI catalog is sourced from the spec embedded in the binary (a new embedded catalog source kind). Because the spec is generated from the same source tree at build time, the catalog is, by construction, the exact admin API of the running version. A release that adds admin endpoints re-indexes them automatically on startup. No URL fetch, no scheduled poll, no manual catalog maintenance.
  • Correct caller identity. Self-config mutations are attributed to and authorized as the acting admin, not a shared connection identity. The connection uses a new identity_passthrough mode: api_invoke_endpoint forwards the caller's inbound bearer token as the outbound Authorization header, so the admin API authenticates, authorizes, and audits the change as the real admin. A passthrough call with no caller token fails rather than calling anonymously.
  • Admin-only by default, grantable on demand. The connection is marked admin_only, which adds it to the authorizer's restricted set: a restricted connection is denied to non-admin personas by default and is granted only by adding it to a persona's connection allow-list. The built-in admin persona retains full access.
  • Complete admin API documentation. The admin handlers for config, prompts, API catalogs, and portal assets are now annotated, so the full admin surface (not just a subset) is discoverable through the gateway and the generated OpenAPI spec.

Enabling and configuration

Auto-enabled when the prerequisites are met: HTTP transport with the admin API mounted (admin.enabled: true), a database, and the API gateway toolkit. Opt out or override under apigateway.self_connection:

apigateway:
  self_connection:
    enabled: true            # nil/auto = on when prerequisites met; false to opt out
    base_url: ""             # override the loopback admin URL; empty derives http://127.0.0.1:<port>

New connection options usable on any kind: api connection:

  • identity_passthrough: true (requires auth_mode: none) forwards the caller's token instead of a shared credential.
  • admin_only: true restricts the connection to the admin persona by default.

See the new Self-Configuration documentation.

Upgrade notes

  • Database migration 000058 runs automatically on startup. It relaxes the api_catalog_specs.source_kind CHECK constraint to also allow embedded. Backward compatible; the down migration removes any embedded rows and restores the original constraint.
  • No breaking changes. Existing connections, personas, and configuration are unaffected. The built-in admin persona already had full access; its connection rules are now expressed explicitly so the new restricted-connection logic treats it correctly.
  • The feature requires HTTP transport with the admin API; stdio-only deployments are unaffected and simply do not register the connection.

Security

  • Default scope is admin only. Granting the connection to another persona is an explicit admin action.
  • Mutations are attributed to the acting admin through the existing audit middleware (identity passthrough), so the audit trail names the real user, not a shared service identity.
  • The invoke path keeps its host-pinning SSRF defense, and the model-supplied request path is still rejected for CR/LF/NUL. Identity passthrough reuses the same Authorization header mechanism as the existing bearer authenticator and adds no new header-handling surface.

Changelog

Features

  • feat(platform): built-in platform-admin self-configuration connection (#543) (#544) (@cjimti)

Full diff: v1.77.2...v1.78.0

Installation

Homebrew (macOS)

brew install txn2/tap/mcp-data-platform

Claude Code CLI

claude mcp add mcp-data-platform -- mcp-data-platform

Docker

docker pull ghcr.io/txn2/mcp-data-platform:v1.78.0

Verification

All release artifacts are signed with Cosign. Verify with:

cosign verify-blob --bundle mcp-data-platform_1.78.0_linux_amd64.tar.gz.sigstore.json \
  mcp-data-platform_1.78.0_linux_amd64.tar.gz

Contributors

cjimti
Assets 25
Loading