What is the DeltaForge MCP server?

DeltaForge ships a built-in Model Context Protocol server. It exposes catalog discovery, SQL validation, lineage, and pipeline inspection as typed MCP tools. AI assistants like Claude, Cursor, and GitHub Copilot Chat call those tools directly.

Which AI assistants can connect to it?

Any MCP-compatible client. Validated targets are Claude Desktop, Cursor, GitHub Copilot Chat, and Codex. One install command per tool writes the MCP server configuration automatically.

How does the MCP server enforce permissions?

The MCP server is a thin adapter over the same control plane that serves human users. Whatever a role cannot SELECT, the model cannot either. Per-agent scoped tokens carry explicit tool allow-lists, schema scopes, and expirations.

Why typed tools instead of a single execute_sql tool?

A single execute_sql wrapper forces the assistant to invent SQL against tables it has never seen. Purpose-built tools give the assistant typed catalog metadata, exact parser errors with line and column, lineage edges, and pipeline source.

MCP Server for Delta Lake Catalog and SQL | Claude, Cursor

Q: Does the model provider see my data or storage credentials?

No. The MCP server runs inside your DeltaForge deployment. The model provider receives prompts and tool results, not your storage credentials and not raw table contents beyond what the tool result deliberately returns.

What the tools give the assistant

Not a thin wrapper around execute_sql. Purpose-built tools so the assistant uses typed metadata instead of inventing SQL against tables it has never seen.

Catalog discovery

The assistant can browse zones, schemas, tables, views, columns, row counts, and version history. It writes SQL against your real catalog, not hallucinated column names.

SQL validation and planning

The engine runs the actual DeltaForge parser and returns exact line and column positions for every error. Query plan inspection with row estimates lets the assistant fix plans before you run them.

Lineage and impact analysis

The assistant can trace which pipelines and views depend on a column before suggesting a refactor. Upstream and downstream traversal in one call. No more "I renamed it and the report broke."

Pipeline inspection

Read pipeline source SQL, check run status, review schedules, and get a workspace overview. The assistant can triage a failed run, read the source, validate the failing statement, and propose a fix.

Trust model

The MCP server is a thin adapter over the same control plane your humans use. The same RBAC, the same audit log, the same scoped-token model.

RBAC on tool calls

If a role cannot SELECT a column, the model cannot either. No second permission system to configure or keep in sync with the main one.

Scoped tokens

Issue per-agent tokens with explicit tool allow-lists, schema scopes, and expiration. A read-only agent literally cannot reach DROP, INSERT, or pipeline mutation.

Tool-call audit logging

Tool name, arguments, identity, and outcome land in the same audit log as human queries. Reconstruct exactly what an agent saw and did.

Runs in your network

The MCP server runs inside your DeltaForge deployment. The model provider receives prompts and tool results, not your storage credentials or raw table data.

Wire it up in one command

Install delta-forge-mcp, then run one install command per tool. It writes the config to Claude Desktop, Cursor, or Codex automatically.

# Install
brew install delta-forge-mcp

# Wire into your AI tools
delta-forge-mcp install claude
delta-forge-mcp install cursor
delta-forge-mcp install codex

# Claude Desktop config written automatically:
# { "mcpServers": { "deltaforge": { "command": "delta-forge-mcp" } } }

Your catalog, wired into AI assistants