{"id":36473662,"url":"https://github.com/txn2/mcp-trino","last_synced_at":"2026-02-16T04:13:18.527Z","repository":{"id":331992116,"uuid":"1130842100","full_name":"txn2/mcp-trino","owner":"txn2","description":"A Model Context Protocol (MCP) server for Trino, enabling AI assistants like Claude to query and explore data warehouses.","archived":false,"fork":false,"pushed_at":"2026-01-12T01:37:28.000Z","size":1206,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-12T02:44:08.716Z","etag":null,"topics":["mcp-server","trino"],"latest_commit_sha":null,"homepage":"http://mcp-trino.txn2.com/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/txn2.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":"docs/support/changelog.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["cjimti"]}},"created_at":"2026-01-09T05:03:30.000Z","updated_at":"2026-01-12T01:37:32.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/txn2/mcp-trino","commit_stats":null,"previous_names":["txn2/mcp-trino"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/txn2/mcp-trino","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/txn2%2Fmcp-trino","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/txn2%2Fmcp-trino/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/txn2%2Fmcp-trino/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/txn2%2Fmcp-trino/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/txn2","download_url":"https://codeload.github.com/txn2/mcp-trino/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/txn2%2Fmcp-trino/sbom","scorecard":{"id":1241232,"data":{"date":"2026-01-12T01:37:38Z","repo":{"name":"github.com/txn2/mcp-trino","commit":"fdbfce663ad733382b0bee9fd92ed627380dc076"},"scorecard":{"version":"v5.3.0","commit":"c22063e786c11f9dd714d777a687ff7c4599b600"},"score":7.1,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/20 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#code-review"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dependency-update-tool"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"project was created within the last 90 days. Please review its contents carefully","details":["Warn: Repository was created within the last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#maintained"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#security-policy"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:16","Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:37","Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:64","Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:85","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:19","Info: topLevel permissions set to 'read-all': .github/workflows/ci.yml:9","Info: topLevel permissions set to 'read-all': .github/workflows/codeql.yml:11","Info: topLevel 'contents' permission set to 'read': .github/workflows/docs.yml:14","Info: found token with 'none' permissions: .github/workflows/release.yml:1","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:10","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":7,"reason":"dependency not pinned by hash detected -- score normalized to 7","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/txn2/mcp-trino/docs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/txn2/mcp-trino/docs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/txn2/mcp-trino/docs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/txn2/mcp-trino/docs.yml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:3: pin your Docker image by updating alpine:3.21 to alpine:3.21@sha256:5405e8f36ce1878720f71217d664aa3dea32e5e5df11acbf07fc78ef5661465b","Warn: pipCommand not pinned by hash: e2e/scripts/seed-datahub.sh:31","Warn: pipCommand not pinned by hash: .github/workflows/docs.yml:36","Info:  18 out of  22 GitHub-owned GitHubAction dependencies pinned","Info:  10 out of  10 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   2 pipCommand dependencies pinned","Info:   1 out of   1 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":8,"reason":"1 out of the last 1 releases have a total of 1 signed artifacts.","details":["Info: signed release artifact: checksums.txt.sigstore.json: https://github.com/txn2/mcp-trino/releases/tag/v0.1.1","Warn: release artifact v0.1.1 does not have provenance: https://api.github.com/repos/txn2/mcp-trino/releases/275743004"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#signed-releases"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#vulnerabilities"}},{"name":"Branch-Protection","score":4,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: branch 'main' does not require approvers","Info: codeowner review is required on branch 'main'","Info: 'last push approval' is required to merge on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#branch-protection"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#license"}},{"name":"SAST","score":9,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 16 commits out of 20 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#sast"}},{"name":"Contributors","score":10,"reason":"project has 4 contributing companies or organizations","details":["Info: found contributions from: DeasilCognitive, apk8s, deasilworks, txn2"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#contributors"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#fuzzing"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:11"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#packaging"}},{"name":"CI-Tests","score":9,"reason":"12 out of 13 merged PRs checked by a CI test -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#ci-tests"}}]},"last_synced_at":"2026-01-12T05:22:02.115Z","repository_id":331992116,"created_at":"2026-01-12T05:22:02.115Z","updated_at":"2026-01-12T05:22:02.115Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28441331,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-15T00:55:22.719Z","status":"online","status_checked_at":"2026-01-15T02:00:08.019Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["mcp-server","trino"],"created_at":"2026-01-12T00:44:31.305Z","updated_at":"2026-02-16T04:13:18.520Z","avatar_url":"https://github.com/txn2.png","language":"Go","funding_links":["https://github.com/sponsors/cjimti"],"categories":[],"sub_categories":[],"readme":"![txn2/mcp-trino](./docs/images/txn2_mcp_trino_banner.png)\n\n[![GitHub license](https://img.shields.io/github/license/txn2/mcp-trino.svg)](https://github.com/txn2/mcp-trino/blob/main/LICENSE)\n[![Go Reference](https://pkg.go.dev/badge/github.com/txn2/mcp-trino.svg)](https://pkg.go.dev/github.com/txn2/mcp-trino)\n[![Go Report Card](https://goreportcard.com/badge/github.com/txn2/mcp-trino)](https://goreportcard.com/report/github.com/txn2/mcp-trino)\n[![codecov](https://codecov.io/gh/txn2/mcp-trino/branch/main/graph/badge.svg)](https://codecov.io/gh/txn2/mcp-trino)\n[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/txn2/mcp-trino/badge)](https://scorecard.dev/viewer/?uri=github.com/txn2/mcp-trino)\n[![SLSA 3](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev)\n\n**Full documentation at [mcp-trino.txn2.com](https://mcp-trino.txn2.com)**\n\nA Model Context Protocol (MCP) server for [Trino](https://trino.io/), enabling AI assistants to query and explore data warehouses with optional semantic context from metadata catalogs.\n\nAI assistants excel at querying data but lack organizational context: which tables are trustworthy, what metrics mean, and which columns contain sensitive data. mcp-trino bridges this gap by connecting Trino to AI assistants through the MCP protocol, with an optional semantic layer that surfaces business metadata alongside query results.\n\n## Core Capabilities\n\n**Composable Architecture**\n- Import as a Go library to build custom MCP servers\n- Add authentication, tenant isolation, audit logging without forking\n- Middleware and interceptor patterns for enterprise requirements\n\n**Semantic Context**\n- Surface business descriptions, ownership, and data quality from metadata catalogs\n- Mark sensitive columns and deprecation warnings for AI assistants\n- Connect to DataHub, static files, or build custom metadata providers\n\n**Multi-Cluster Connectivity**\n- Query multiple Trino servers from a single MCP installation\n- Unified interface across production, staging, and development environments\n\n**Secure Defaults**\n- Read-only mode prevents accidental data modification\n- Query limits and timeouts prevent runaway operations\n- SLSA Level 3 provenance for supply chain security\n\n## Features\n\n- **Execute SQL Queries**: Run queries with configurable row limits and timeouts\n- **Analyze Execution Plans**: Inspect logical, distributed, and I/O query plans\n- **Discover Schema**: Browse catalogs, schemas, and tables across clusters\n- **Describe Tables**: View column definitions with optional data samples\n- **Enrich with Context**: Surface business metadata, ownership, and data quality\n- **Compose Custom Servers**: Import as a Go library with middleware and interceptors\n\n## Installation\n\n### Homebrew (macOS)\n\n```bash\nbrew install txn2/tap/mcp-trino\n```\n\n### Claude Desktop\n\nClaude Desktop is the GUI application for chatting with Claude. Install the mcp-trino extension to enable Trino queries in your conversations.\n\n**Option 1: One-Click Install (Recommended)**\n\nDownload the `.mcpb` bundle for your Mac from the [releases page](https://github.com/txn2/mcp-trino/releases) and double-click to install:\n\n| Mac Type | Chip | Download |\n|----------|------|----------|\n| MacBook Air/Pro (2020+), Mac Mini (2020+), iMac (2021+), Mac Studio | Apple M1, M2, M3, M4 (arm64) | `mcp-trino_*_darwin_arm64.mcpb` |\n| MacBook Air/Pro (pre-2020), Mac Mini (pre-2020), iMac (pre-2021) | Intel (amd64) | `mcp-trino_*_darwin_amd64.mcpb` |\n\n\u003e **Tip:** Not sure which chip you have? Click  → \"About This Mac\". Look for \"Chip\" (Apple Silicon) or \"Processor\" (Intel).\n\n**Option 2: Manual Configuration**\n\nAdd to your `claude_desktop_config.json` (find via Claude Desktop → Settings → Developer):\n\n```json\n{\n  \"mcpServers\": {\n    \"trino\": {\n      \"command\": \"/opt/homebrew/bin/mcp-trino\",\n      \"env\": {\n        \"TRINO_HOST\": \"trino.example.com\",\n        \"TRINO_USER\": \"your_user\",\n        \"TRINO_PASSWORD\": \"your_password\",\n        \"TRINO_CATALOG\": \"hive\",\n        \"TRINO_SCHEMA\": \"default\"\n      }\n    }\n  }\n}\n```\n\n### Claude Code CLI\n\nClaude Code is the terminal-based coding assistant. Add mcp-trino as an MCP server:\n\n```bash\n# Install via Homebrew first (see above), then:\nclaude mcp add trino \\\n  -e TRINO_HOST=trino.example.com \\\n  -e TRINO_USER=your_user \\\n  -e TRINO_PASSWORD=your_password \\\n  -e TRINO_CATALOG=hive \\\n  -- mcp-trino\n```\n\nOr download and install manually:\n\n```bash\n# Download the latest release for your architecture\ncurl -L https://github.com/txn2/mcp-trino/releases/latest/download/mcp-trino_$(uname -s)_$(uname -m).tar.gz | tar xz\n\n# Add to Claude Code\nclaude mcp add trino \\\n  -e TRINO_HOST=trino.example.com \\\n  -e TRINO_USER=your_user \\\n  -e TRINO_PASSWORD=your_password \\\n  -e TRINO_CATALOG=hive \\\n  -- ./mcp-trino\n```\n\n### Docker\n\n```bash\ndocker run --rm -i \\\n  -e TRINO_HOST=trino.example.com \\\n  -e TRINO_USER=your_user \\\n  -e TRINO_PASSWORD=your_password \\\n  ghcr.io/txn2/mcp-trino:latest\n```\n\n### Go Install\n\n```bash\ngo install github.com/txn2/mcp-trino/cmd/mcp-trino@latest\n```\n\n### Download Binary\n\nDownload pre-built binaries from the [releases page](https://github.com/txn2/mcp-trino/releases). All releases are signed with [Cosign](https://github.com/sigstore/cosign) and include [SLSA provenance](https://slsa.dev/).\n\n### As a Library\n\n```bash\ngo get github.com/txn2/mcp-trino\n```\n\n## Quick Start\n\n### Multiple Trino Servers\n\nYou can configure multiple Trino instances with different names:\n\n```bash\n# Production\nclaude mcp add trino-prod \\\n  -e TRINO_HOST=trino.prod.example.com \\\n  -e TRINO_USER=prod_user \\\n  -- mcp-trino\n\n# Staging\nclaude mcp add trino-staging \\\n  -e TRINO_HOST=trino.staging.example.com \\\n  -e TRINO_USER=staging_user \\\n  -- mcp-trino\n```\n\n### Standalone Server\n\n```bash\nexport TRINO_HOST=trino.example.com\nexport TRINO_USER=your_user\nexport TRINO_PASSWORD=your_password\nmcp-trino\n```\n\n## Tools\n\n| Tool | Description |\n|------|-------------|\n| `trino_query` | Execute SQL queries with limit/timeout control |\n| `trino_explain` | Get execution plans (logical/distributed/io/validate) |\n| `trino_list_catalogs` | List available catalogs |\n| `trino_list_schemas` | List schemas in a catalog |\n| `trino_list_tables` | List tables in a schema |\n| `trino_describe_table` | Get columns, sample data, and semantic context (if configured) |\n| `trino_list_connections` | List all configured server connections |\n\n## Semantic Layer\n\nAI agents operate more reliably when they understand organizational context: not just table structures, but which datasets are production-ready, what business terms mean, and which columns require careful handling.\n\nmcp-trino's semantic layer integrates with metadata catalogs to surface this context alongside query results:\n\n| Metadata | Description |\n|----------|-------------|\n| **Descriptions** | Business-friendly explanations of tables and columns |\n| **Ownership** | Data stewards and technical owners |\n| **Tags \u0026 Domains** | Classification labels and business domains |\n| **Glossary Terms** | Links to formal business definitions |\n| **Data Quality** | Freshness scores and quality metrics |\n| **Sensitivity** | PII and sensitive data markers at column level |\n| **Deprecation** | Warnings with replacement guidance |\n| **Lineage** | Upstream and downstream data dependencies |\n\n### Providers\n\n| Provider | Description |\n|----------|-------------|\n| **DataHub** | Connect to DataHub's GraphQL API for enterprise metadata |\n| **Static Files** | Load metadata from YAML or JSON files with hot-reload |\n| **Custom** | Implement the `semantic.Provider` interface for any catalog |\n\nSee the [Semantic Layer Documentation](https://mcp-trino.txn2.com/semantic/) for configuration, caching, and custom provider development.\n\n## Configuration\n\n| Environment Variable | Description | Default |\n|---------------------|-------------|---------|\n| `TRINO_HOST` | Trino server hostname | `localhost` |\n| `TRINO_PORT` | Trino server port | `443` (SSL) / `8080` |\n| `TRINO_USER` | Authentication username | (required) |\n| `TRINO_PASSWORD` | Authentication password | (optional) |\n| `TRINO_CATALOG` | Default catalog | `memory` |\n| `TRINO_SCHEMA` | Default schema | `default` |\n| `TRINO_SSL` | Enable HTTPS | `true` for remote hosts |\n| `TRINO_SSL_VERIFY` | Verify SSL certificates | `true` |\n| `TRINO_TIMEOUT` | Query timeout (seconds) | `120` |\n| `TRINO_SOURCE` | Client identifier | `mcp-trino` |\n| `TRINO_ADDITIONAL_SERVERS` | Additional servers (JSON) | (optional) |\n\n### Multi-Server Configuration\n\nConnect to multiple Trino servers from a single installation. Configure your primary server with the standard environment variables, then add additional servers via JSON:\n\n```bash\nexport TRINO_HOST=prod.trino.example.com\nexport TRINO_USER=admin\nexport TRINO_PASSWORD=secret\nexport TRINO_ADDITIONAL_SERVERS='{\n  \"staging\": {\"host\": \"staging.trino.example.com\"},\n  \"dev\": {\"host\": \"localhost\", \"port\": 8080, \"ssl\": false}\n}'\n```\n\nAdditional servers inherit credentials and settings from the primary server unless overridden:\n\n```json\n{\n  \"staging\": {\n    \"host\": \"staging.trino.example.com\",\n    \"user\": \"staging_user\",\n    \"catalog\": \"iceberg\"\n  },\n  \"dev\": {\n    \"host\": \"localhost\",\n    \"port\": 8080,\n    \"ssl\": false,\n    \"user\": \"admin\"\n  }\n}\n```\n\nUse the `connection` parameter in any tool to target a specific server:\n\n```\n\"Query the staging server: SELECT * FROM users LIMIT 10\"\n→ trino_query(sql=\"...\", connection=\"staging\")\n```\n\nUse `trino_list_connections` to discover available connections.\n\n### File-Based Configuration\n\nFor production deployments using Kubernetes ConfigMaps, Vault, or other secret management systems, mcp-trino supports file-based configuration:\n\n```yaml\n# config.yaml\ntrino:\n  host: trino.example.com\n  port: 443\n  user: ${TRINO_USER}           # Supports env var expansion\n  password: ${TRINO_PASSWORD}   # Secrets can come from env\n  catalog: hive\n  schema: default\n  ssl: true\n  timeout: 120s\n\ntoolkit:\n  default_limit: 1000\n  max_limit: 10000\n  default_timeout: 120s\n  max_timeout: 300s\n\nextensions:\n  logging: true\n  readonly: true\n  errors: true\n```\n\nLoad configuration in your custom server:\n\n```go\nimport \"github.com/txn2/mcp-trino/pkg/extensions\"\n\n// Load from file with env var overrides\ncfg, err := extensions.LoadConfig(\"/etc/mcp-trino/config.yaml\")\n\n// Convert to individual configs\nclientCfg := cfg.ClientConfig()\ntoolsCfg := cfg.ToolsConfig()\nextCfg := cfg.ExtConfig()\n```\n\n## Using as a Library\n\nmcp-trino is designed to be composable. You can import its tools into your own MCP server:\n\n```go\npackage main\n\nimport (\n    \"context\"\n    \"log\"\n\n    \"github.com/modelcontextprotocol/go-sdk/mcp\"\n    \"github.com/txn2/mcp-trino/pkg/client\"\n    \"github.com/txn2/mcp-trino/pkg/tools\"\n)\n\nfunc main() {\n    // Create your MCP server\n    server := mcp.NewServer(\u0026mcp.Implementation{\n        Name:    \"my-data-server\",\n        Version: \"1.0.0\",\n    }, nil)\n\n    // Create Trino client\n    trinoClient, err := client.New(client.Config{\n        Host:    \"trino.example.com\",\n        Port:    443,\n        User:    \"service_user\",\n        SSL:     true,\n        Catalog: \"hive\",\n        Schema:  \"analytics\",\n    })\n    if err != nil {\n        log.Fatal(err)\n    }\n    defer trinoClient.Close()\n\n    // Add Trino tools to your server\n    toolkit := tools.NewToolkit(trinoClient, tools.Config{\n        DefaultLimit: 1000,\n        MaxLimit:     10000,\n    })\n    toolkit.RegisterAll(server)\n\n    // Add your own custom tools here...\n    // mcp.AddTool(server, \u0026mcp.Tool{...}, handler)\n\n    // Run the server\n    if err := server.Run(context.Background(), \u0026mcp.StdioTransport{}); err != nil {\n        log.Fatal(err)\n    }\n}\n```\n\n## Extensions\n\nThe standalone server includes optional extensions that can be enabled via environment variables:\n\n| Environment Variable | Default | Description |\n|---------------------|---------|-------------|\n| `MCP_TRINO_EXT_LOGGING` | `false` | Structured JSON logging of tool calls |\n| `MCP_TRINO_EXT_METRICS` | `false` | In-memory metrics collection |\n| `MCP_TRINO_EXT_READONLY` | `true` | Block modification statements (INSERT, UPDATE, DELETE, etc.) |\n| `MCP_TRINO_EXT_QUERYLOG` | `false` | Log all SQL queries for audit |\n| `MCP_TRINO_EXT_METADATA` | `false` | Add execution metadata footer to results |\n| `MCP_TRINO_EXT_ERRORS` | `true` | Add helpful hints to error messages |\n\n### Using Extensions in Custom Servers\n\n```go\nimport (\n    \"github.com/txn2/mcp-trino/pkg/extensions\"\n    \"github.com/txn2/mcp-trino/pkg/tools\"\n)\n\n// Load extension config from environment\nextCfg := extensions.FromEnv()\n\n// Or configure programmatically\nextCfg := extensions.Config{\n    EnableLogging:   true,\n    EnableReadOnly:  true,\n    EnableErrorHelp: true,\n}\n\n// Build toolkit options from extensions\ntoolkitOpts := extensions.BuildToolkitOptions(extCfg)\n\n// Create toolkit with extensions\ntoolkit := tools.NewToolkit(trinoClient, toolsCfg, toolkitOpts...)\n```\n\n### Custom Middleware and Interceptors\n\nYou can create custom middleware, interceptors, and transformers:\n\n```go\n// Custom middleware for authentication\nauthMiddleware := tools.MiddlewareFunc{\n    BeforeFn: func(ctx context.Context, tc *tools.ToolContext) (context.Context, error) {\n        // Validate user permissions\n        return ctx, nil\n    },\n}\n\n// Custom interceptor for tenant isolation\ntenantInterceptor := tools.QueryInterceptorFunc(\n    func(ctx context.Context, sql string, toolName tools.ToolName) (string, error) {\n        // Add WHERE tenant_id = ? clause\n        return sql, nil\n    },\n)\n\n// Apply to toolkit\ntoolkit := tools.NewToolkit(client, cfg,\n    tools.WithMiddleware(authMiddleware),\n    tools.WithQueryInterceptor(tenantInterceptor),\n)\n```\n\n## Security Considerations\n\n- **Credentials**: Store passwords in environment variables or secret managers\n- **Query Limits**: Default 1000 rows, max 10000 to prevent data exfiltration\n- **Timeouts**: Default 120s timeout prevents runaway queries\n- **Read-Only**: ReadOnly interceptor enabled by default blocks modification statements\n- **Access Control**: Configure Trino roles and catalog access for defense in depth\n\n## Development\n\n```bash\n# Clone the repository\ngit clone https://github.com/txn2/mcp-trino.git\ncd mcp-trino\n\n# Build\nmake build\n\n# Run tests\nmake test\n\n# Run linter\nmake lint\n\n# Run all checks\nmake verify\n\n# Run with a local Trino (e.g., via Docker)\nmake docker-trino\nexport TRINO_HOST=localhost\nexport TRINO_PORT=8080\nexport TRINO_USER=admin\nexport TRINO_SSL=false\n./mcp-trino\n```\n\n## Contributing\n\nWe welcome contributions for bug fixes, tests, and documentation. See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.\n\n## License\n\n[Apache License 2.0](LICENSE)\n\n## Related Projects\n\n- [Model Context Protocol](https://modelcontextprotocol.io/) - The MCP specification\n- [Trino](https://trino.io/) - Distributed SQL query engine\n- [Official Go MCP SDK](https://github.com/modelcontextprotocol/go-sdk) - Go SDK for MCP\n\n---\n\nOpen source by [Craig Johnston](https://twitter.com/cjimti), sponsored by [Deasil Works, Inc.](https://deasil.works/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftxn2%2Fmcp-trino","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftxn2%2Fmcp-trino","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftxn2%2Fmcp-trino/lists"}