mcp-data-platform-v1.50.1

mcp-data-platform v1.50.1 — Fix Empty Search Results

Patch release bumping mcp-datahub to v1.8.1.

Bug fix

• datahub_search returns null entities on zero results — When a search matched no results, the response contained "entities": null instead of "entities": [], causing MCP OutputSchema validation failures on the client side. Fix is in the upstream library; no platform code changes.

Dependency updates

Dependency	From	To
mcp-datahub	v1.8.0	v1.8.1

Upgrading

All users of v1.50.0 should upgrade. No breaking changes.

---

Installation

Homebrew (macOS)

brew install txn2/tap/mcp-data-platform

Claude Code CLI

claude mcp add mcp-data-platform -- mcp-data-platform

Docker

docker pull ghcr.io/txn2/mcp-data-platform:v1.50.1

Verification

All release artifacts are signed with Cosign. Verify with:

cosign verify-blob --bundle mcp-data-platform_1.50.1_linux_amd64.tar.gz.sigstore.json \
  mcp-data-platform_1.50.1_linux_amd64.tar.gz

mcp-data-platform-v1.50.0

mcp-data-platform v1.50.0 — Advanced DataHub Search & Connection Editor Fixes

Advanced DataHub Search with Column-Level Filtering (#289)

Upgrades mcp-datahub to v1.8.0, switching the search backend from the basic search GraphQL endpoint to DataHub's searchAcrossEntities API. Agents can now search for datasets by column name, column-level tags, glossary terms, and more — without scanning every schema individually.

Simple search (unchanged):

datahub_search(query: "revenue", entity_type: "DATASET")

Search by column name:

datahub_search(
  query: "*",
  filters: [{ field: "fieldPaths", values: ["email"], condition: "CONTAIN" }]
)

Multi-type search with filters:

datahub_search(
  query: "customer",
  types: ["DATASET", "DASHBOARD"],
  filters: [
    { field: "platform", value: "urn:li:dataPlatform:trino" },
    { field: "tags", values: ["urn:li:tag:deprecated"], negated: true }
  ]
)

New tool parameters

Parameter	Description
types	Search across multiple entity types (e.g., ["DATASET", "DASHBOARD"])
filters	Advanced field-level filters (AND'd together)
mode	Search strategy: keyword (default) or semantic

Filter fields reference

Field	Matches
fieldPaths	Column/schema field names
fieldTags	Column-level tags
fieldGlossaryTerms	Column-level glossary terms
fieldDescriptions	Column-level descriptions
platform	Data platform (URN)
domains	Domain (URN)
owners	Owner (URN)
tags	Entity-level tags
glossaryTerms	Entity-level glossary terms
typeNames	Entity subtypes

Semantic layer changes

• SearchFilter type extended with EntityTypes, Mode, and Filters fields
• New FieldFilter type for arbitrary field-level filter criteria
• DataHub adapter switched from Search to SearchAcrossEntities / SemanticSearch
• Legacy filter fields (Platform, Tags, Domain, Owner) mapped to DataHub equivalents for backward compatibility
• Mode comparison is case-insensitive

---

Connection Editor Fixes (#288)

Fixes several issues in the admin connection editor UI, verified against the running dev environment.

• S3 path-style toggle: UI read force_path_style but the backend config key is use_path_style — toggle always showed OFF. Fixed key alignment in S3ConfigForm.
• Runtime config keys in detail view: redactConnectionConfig() now strips platform-injected keys (elicitation, progress_enabled) so only user-configured values appear in the connection config table.
• Description empty for file-only connections: File-sourced connections store description inside the config map, but the editor only read the top-level connection.description. Added fallback to config.description.
• Missing Schema field: Added "Default Schema" field to the Trino connection editor alongside "Default Catalog".

---

Installation

Homebrew (macOS)

brew install txn2/tap/mcp-data-platform

Claude Code CLI

claude mcp add mcp-data-platform -- mcp-data-platform

Docker

docker pull ghcr.io/txn2/mcp-data-platform:v1.50.0

Verification

All release artifacts are signed with Cosign. Verify with:

cosign verify-blob --bundle mcp-data-platform_1.50.0_linux_amd64.tar.gz.sigstore.json \
  mcp-data-platform_1.50.0_linux_amd64.tar.gz

mcp-data-platform-v1.49.1

Changelog

Bug Fixes

• 4747e8d: fix: connection editor form values and config display (#288) (@cjimti)

Installation

Homebrew (macOS)

brew install txn2/tap/mcp-data-platform

Claude Code CLI

claude mcp add mcp-data-platform -- mcp-data-platform

Docker

docker pull ghcr.io/txn2/mcp-data-platform:v1.49.1

Verification

All release artifacts are signed with Cosign. Verify with:

cosign verify-blob --bundle mcp-data-platform_1.49.1_linux_amd64.tar.gz.sigstore.json \
  mcp-data-platform_1.49.1_linux_amd64.tar.gz

mcp-data-platform-v1.49.0

Highlights

Database-managed personas and API keys, persona-based tool visibility for agents, and a restructured admin UI.

Database-managed personas

Personas can now be created, edited, and deleted through the admin UI with full PostgreSQL persistence. DB-defined personas override file-configured personas with the same name, allowing file config to serve as defaults while the admin UI provides runtime control.

The persona_definitions table (migration 000028) stores all persona fields including roles, tool allow/deny rules, connection allow/deny rules, and context overrides as JSONB columns.

Database-managed API keys

API keys can now be created and deleted through the admin UI with full PostgreSQL persistence. Keys are bcrypt-hashed at rest — the plaintext value is returned exactly once at creation time. File-configured keys continue to work alongside DB-managed keys.

New fields on API keys:

• Email — contact address for the key holder
• Description — what the key is used for
• Expiration — optional duration (e.g., 8760h for one year); expired keys are rejected at authentication time

The api_keys table (migration 000029) stores hashed keys with metadata and JSONB roles.

Persona-based tool visibility

Agents now only see tools their persona allows. Previously tools/list returned every registered tool regardless of the caller's persona — agents saw tools they couldn't call, wasting tokens and causing confusion. The visibility middleware resolves the caller's persona from the session and filters the tool list through the persona's allow/deny rules.

Admin UI restructure

The nested settings menu has been replaced with flat alphabetized navigation: Dashboard, Agent Instructions, Assets, Audit Log, Changelog, Connections, Description, Keys, Knowledge, Personas, Tools. Each section is a standalone page with its own URL for direct linking.

The Keys page has a table layout with role browser reference panel, expiration display, and inline email/description fields.

Connection UI improvements

• Nested config objects render as formatted JSON instead of [object Object]
• Connections managed in both file and database show as "database" (the authoritative source) instead of the confusing "file+db" label
• Explanatory note when a DB-managed connection also has a file fallback

Other improvements

• ${VAR:-default} environment variable expansion syntax in YAML config
• .env.example for local development with remote backends

Database migrations

Migration	Table	Purpose
000028	persona_definitions	Persona management
000029	api_keys	API key management with bcrypt hashes

Migrations run automatically on startup when a database is configured.

Breaking changes

• APIKeyManager.GenerateKey now accepts auth.APIKey struct instead of (name string, roles []string)

Installation

Homebrew (macOS)

brew install txn2/tap/mcp-data-platform

Claude Code CLI

claude mcp add mcp-data-platform -- mcp-data-platform

Docker

docker pull ghcr.io/txn2/mcp-data-platform:v1.49.0

Verification

All release artifacts are signed with Cosign. Verify with:

cosign verify-blob --bundle mcp-data-platform_1.49.0_linux_amd64.tar.gz.sigstore.json \
  mcp-data-platform_1.49.0_linux_amd64.tar.gz

mcp-data-platform-v1.48.2

Bug Fixes

Markdown Editor Scroll

The Description and Agent Instructions editors in Admin Settings were cut off — long content was not scrollable. The editor panel now uses proper flex column layout so both the CodeMirror editor and the markdown preview scroll independently within the available space.

File Connection Config Display

File-configured connections (from YAML) showed blank config fields in the Connections viewer and editor. The effective connections endpoint now reads the raw toolkit instance config from the YAML configuration, so file connections display their full settings (host, port, user, catalog, SSL, etc.). The returned config is a shallow copy to prevent accidental mutation of the live platform config.

Important: ENCRYPTION_KEY

If upgrading from before v1.48.0, ensure ENCRYPTION_KEY is set for connection credential encryption. See the v1.48.0 release notes for setup instructions.

Installation

Homebrew (macOS)

brew install txn2/tap/mcp-data-platform

Claude Code CLI

claude mcp add mcp-data-platform -- mcp-data-platform

Docker

docker pull ghcr.io/txn2/mcp-data-platform:v1.48.2

Verification

All release artifacts are signed with Cosign. Verify with:

cosign verify-blob --bundle mcp-data-platform_1.48.2_linux_amd64.tar.gz.sigstore.json \
  mcp-data-platform_1.48.2_linux_amd64.tar.gz

mcp-data-platform-v1.48.1

Bug Fixes and Dependency Updates

Dependency Updates

• lodash bumped to latest (security patch)

Important: ENCRYPTION_KEY

If upgrading from v1.48.0, ensure ENCRYPTION_KEY is set. See the v1.48.0 release notes for details.

Installation

Homebrew (macOS)

brew install txn2/tap/mcp-data-platform

Claude Code CLI

claude mcp add mcp-data-platform -- mcp-data-platform

Docker

docker pull ghcr.io/txn2/mcp-data-platform:v1.48.1

Verification

All release artifacts are signed with Cosign. Verify with:

cosign verify-blob --bundle mcp-data-platform_1.48.1_linux_amd64.tar.gz.sigstore.json \
  mcp-data-platform_1.48.1_linux_amd64.tar.gz

mcp-data-platform-v1.48.0

Admin Settings, Connection Management, and Persona Overrides

Major release adding a full admin configuration system with granular config entries, connection management with encryption, persona context overrides, and dynamic connection support.

Important: Set ENCRYPTION_KEY

Connection credentials (passwords, tokens, secret access keys) are encrypted at rest in the database using AES-256-GCM. You must set the ENCRYPTION_KEY environment variable before creating connections with sensitive fields.

# Generate a 32-byte key (recommended: hex-encoded for full 256-bit entropy)
export ENCRYPTION_KEY=$(openssl rand -hex 32)

# Or base64-encoded
export ENCRYPTION_KEY=$(openssl rand -base64 32)

If ENCRYPTION_KEY is not set, the platform logs a warning and stores sensitive fields in plain text. Once set, the key must remain the same across restarts — changing it will make existing encrypted values unreadable.

Granular Config Entries

Replace the unused full-YAML-blob config store with a per-key config entry system. Database entries override file config defaults for whitelisted keys, with hot-reload on save.

• Admin API: GET/PUT/DELETE /config/entries/{key}, GET /config/effective, GET /config/changelog
• Whitelisted keys: server.description, server.agent_instructions
• Hot-reload: changes via the admin API take effect immediately without restart
• Audit trail: all config changes logged in config_changelog table
• Settings UI: full CodeMirror markdown editor with formatting toolbar, split edit/preview, and live rendering for Description and Agent Instructions
• File defaults: always preserved as fallback when DB entries are deleted

Connection Management

Manage Trino and S3 connection instances via the admin API and Settings UI. Connections are live immediately — no restart required.

• Admin API: GET/PUT/DELETE /connection-instances/{kind}/{name}, GET /connection-instances/effective
• Typed config forms: Trino (host, port, user, password, catalog, SSL) and S3 (endpoint, region, keys, path style) with per-field help text
• AES-256-GCM encryption at rest: sensitive config fields encrypted when ENCRYPTION_KEY is set (see above)
• API secret redaction: all GET responses redact sensitive fields as [REDACTED]; PUT preserves existing secrets when [REDACTED] is submitted
• Dynamic connections: powered by upstream mcp-trino v1.2.0 and mcp-s3 v1.1.0 — connections added/removed via the API are live immediately without restart
• Single-client promotion: Trino toolkits in single-connection mode automatically promote to multi-connection mode when the first dynamic connection is added
• Source indicators: effective connections endpoint shows whether each connection comes from the config file, database, or both
• Thread-safe: sync.RWMutex on connection source maps and toolkit description maps for concurrent access safety

Per-Connection DataHub Source Mapping

Each connection specifies a datahub_source_name — the platform identifier in DataHub URNs (e.g. "trino", "postgres", "s3"). This enables:

• Forward enrichment: when enriching Trino query results, the connection's catalog mapping is applied to table identifiers before resolving DataHub metadata
• Reverse enrichment: datahub_search results are annotated with available_connections listing which connections can access each dataset
• list_connections tool: now includes datahub_source_name per connection so agents know the DataHub mapping
• Catalog mapping: per-connection key-value editor maps connection catalog names to DataHub catalog names (e.g. rdbms → postgres)

Persona Context Overrides

Personas can customize the platform description and agent instructions returned by the platform_info tool:

• description_prefix — prepended to the server description
• description_override — replaces the server description entirely
• agent_instructions_suffix — appended to the server agent instructions
• agent_instructions_override — replaces the server agent instructions entirely

Override fields take precedence over prefix/suffix. Wired into handleInfo — applied when platform_info is called based on the caller's persona.

Persona Connection Filtering

Personas now have connection-level access control alongside tool-level filtering. A tool call must pass both checks.

• connections.allow — glob patterns for allowed connections (e.g. prod-*)
• connections.deny — glob patterns for denied connections (deny overrides allow)
• Empty allow list = all connections permitted (backward compatible)
• Connection picker in the persona editor shows available connections

Admin Portal UI

• Settings page with sidebar sub-navigation: Description, Agent Instructions, Personas, Connections, Change Log
• Markdown editor: CodeMirror with formatting toolbar, three view modes (edit, split, preview), placeholder support — used across settings and collection editors
• Personas panel: master-detail layout with tool pattern picker (browse by toolkit kind, wildcard support), connection access controls, context override editors, help text throughout
• Connections panel: master-detail layout with typed forms per toolkit kind, DataHub integration fields, source badges (file/database/both)
• Mobile responsive: hamburger menu, slide-over sidebar overlay, responsive padding
• Error handling: error banners with retry for API failures, unsaved changes indicators
• Change log: expandable value reveal per entry

Collection Editor Improvements

• Sections show actual title instead of "Section 1, Section 2..."
• Sections are collapsible for easier reordering
• Section deletion requires confirmation modal
• Shared MarkdownEditor component replaces plain textareas
• Sidebar no longer auto-collapses on collection edit route

Removed

• config_versions table and full-YAML-blob config store
• POST /config/import and GET /config/history endpoints
• syncConfig calls from persona and authkey handlers
• Persona prompt fields (system_prefix, system_suffix, instructions) — replaced by context overrides
• Persona hints and hints://operational MCP resource — replaced by connection-level DataHub mapping
• HintManager, DefaultHints, BuildSystemPrompt, GetFullSystemPrompt

Database Migrations

• 000026: config_entries and config_changelog tables (drops config_versions)
• 000027: connection_instances table with JSONB config
• 000009: neutralized to no-op (superseded by 000026)

Dependency Updates

• github.com/txn2/mcp-trino v1.1.0 → v1.2.0 (dynamic AddConnection/RemoveConnection)
• github.com/txn2/mcp-s3 v1.0.0 → v1.1.0 (dynamic AddClient/RemoveClient)
• AWS SDK dependencies updated

Dev Harness

• Sample description and agent_instructions in dev config
• 6 ACME personas with context overrides and connection access rules
• 80 audit events for apikey:admin user so Activity dashboard populates
• 4 sample connection instances (2 Trino, 2 S3) with DataHub source mappings

Installation

Homebrew (macOS)

brew install txn2/tap/mcp-data-platform

Claude Code CLI

claude mcp add mcp-data-platform -- mcp-data-platform

Docker

docker pull ghcr.io/txn2/mcp-data-platform:v1.48.0

Verification

All release artifacts are signed with Cosign. Verify with:

cosign verify-blob --bundle mcp-data-platform_1.48.0_linux_amd64.tar.gz.sigstore.json \
  mcp-data-platform_1.48.0_linux_amd64.tar.gz

mcp-data-platform-v1.47.0

Collections

This release adds the collections system to the Admin Portal — curated, ordered groups of assets organized into sections with rich markdown descriptions. Collections are the primary way to assemble assets into shareable packages like executive review decks, regional analysis bundles, or onboarding kits.

What's new

Collections CRUD

• Create, edit, view, and delete collections from the portal sidebar
• Each collection contains ordered sections, each with a title, markdown description, and an ordered list of asset references
• Drag-and-drop reordering for both sections and items within sections
• Full markdown support in descriptions (GFM tables, code blocks, mermaid diagrams, blockquotes)

Asset browser

• Full-screen modal for browsing and adding assets to collection sections
• Live search by name, description, and tags with sortable results
• Thumbnail previews inline in the browser

Asset preview modal

• Quick-view any asset's rendered content without navigating away
• Available in both the asset browser and the My Assets list

Collection thumbnails

• Auto-generated mosaic thumbnails composited from up to 4 asset thumbnails
• Generated in a background queue on the collections list page
• Configurable thumbnail display size per collection (large, medium, small, none)

Sharing

• Share collections via public links (token-based, time-limited) or user shares (email, viewer/editor permission)
• Public collection viewer renders markdown with the same fidelity as asset shares (mermaid, GFM, code blocks)
• Assets open in a full-screen modal overlay within the public viewer
• Share management: view active shares, copy public links, revoke access

Context-aware navigation

• URL paths encode navigation context (/collections/:id/assets/:assetId, /shared/assets/:id)
• Back arrow always returns to the correct parent level, not browser history

Collection associations on assets

• My Assets grid and table views show which collections contain each asset as clickable badges
• Aggregated asset tags displayed on collection list cards

Grid/table view toggle

• Persistent toggle between thumbnail grid and dense table view for My Assets and Shared With Me pages
• Preference stored in localStorage, shared across pages

API

Method	Endpoint	Description
POST	/api/v1/portal/collections	Create collection
GET	/api/v1/portal/collections	List user's collections
GET	/api/v1/portal/collections/{id}	Get collection with sections and items
PUT	/api/v1/portal/collections/{id}	Update name and description
DELETE	/api/v1/portal/collections/{id}	Soft delete
PUT	/api/v1/portal/collections/{id}/config	Update collection settings
PUT	/api/v1/portal/collections/{id}/sections	Replace all sections (full structure)
PUT	/api/v1/portal/collections/{id}/thumbnail	Upload thumbnail
GET	/api/v1/portal/collections/{id}/thumbnail	Get thumbnail
POST	/api/v1/portal/collections/{id}/shares	Create share
GET	/api/v1/portal/collections/{id}/shares	List shares
GET	/api/v1/portal/shared-collections	List collections shared with current user
GET	/portal/view/{token}	Public collection viewer (extends existing route)
GET	/portal/view/{token}/items/{assetId}/content	Public item content
GET	/portal/view/{token}/items/{assetId}/thumbnail	Public item thumbnail
GET	/portal/view/{token}/items/{assetId}/view	Public item full viewer

Database migrations

Three new migrations are applied automatically on startup:

• 000023 — portal_collections, portal_collection_sections, portal_collection_items tables with indexes
• 000024 — Extends portal_shares with collection_id column and a CHECK constraint enforcing exactly one of asset_id/collection_id
• 000025 — Adds config JSONB column to portal_collections for extensible per-collection settings

Dev harness improvements

• Seed data includes 3 collections with sections, items, and a public share
• 50 fresh audit events with unique IDs added each restart for realistic activity
• S3 content upload skipped if content already exists (preserves thumbnails across restarts)
• .air.toml watches .html and .sql files for template/migration hot-reload

CI dependency updates

• actions/deploy-pages 4.0.5 → 5.0.0
• actions/setup-go 6.3.0 → 6.4.0
• codecov/codecov-action 5.5.3 → 6.0.0
• sigstore/cosign-installer 4.1.0 → 4.1.1

Installation

Homebrew (macOS)

brew install txn2/tap/mcp-data-platform

Claude Code CLI

claude mcp add mcp-data-platform -- mcp-data-platform

Docker

docker pull ghcr.io/txn2/mcp-data-platform:v1.47.0

Verification

All release artifacts are signed with Cosign. Verify with:

cosign verify-blob --bundle mcp-data-platform_1.47.0_linux_amd64.tar.gz.sigstore.json \
  mcp-data-platform_1.47.0_linux_amd64.tar.gz

mcp-data-platform-v1.46.2

Context Documents Now Visible by Default

Context documents created via apply_knowledge (add_context_document) and datahub_create (what=document) now default to visible (global_context=true) and published (status=PUBLISHED). Previously, documents were created invisible in the DataHub UI, requiring callers to manually set both flags.

Callers can still override with global_context=false or status=UNPUBLISHED when needed.

Dependency Updates

• txn2/mcp-datahub v1.7.0 → v1.7.1 (#276)

Installation

Homebrew (macOS)

brew install txn2/tap/mcp-data-platform

Claude Code CLI

claude mcp add mcp-data-platform -- mcp-data-platform

Docker

docker pull ghcr.io/txn2/mcp-data-platform:v1.46.2

Verification

All release artifacts are signed with Cosign. Verify with:

cosign verify-blob --bundle mcp-data-platform_1.46.2_linux_amd64.tar.gz.sigstore.json \
  mcp-data-platform_1.46.2_linux_amd64.tar.gz

mcp-data-platform-v1.46.1

Highlights

Unified Local Dev Harness (#274)

Single make dev command replaces the multi-terminal manual setup. Starts Docker (PostgreSQL + SeaweedFS), Go server with air hot-reload, and Vite UI dev server — all with pre-flight checks and clear status reporting.

What changed:

• Pre-flight checks: verifies Docker is running, air is installed, and ports 5432/8080/5173/9000 are free before starting anything
• Sequential startup with health checks: each service is confirmed healthy before the next starts — no more guessing what's running
• Auto-seeding: first run populates ~5,000 audit events, 8 knowledge insights, and 6 portal assets with real renderable content (HTML dashboards, CSV, JSX components, Markdown with mermaid diagrams, SVG)
• Go hot-reload: edit a .go file and the server rebuilds and restarts in ~2s via air
• Clean shutdown: Ctrl-C stops all processes and Docker containers

Portal Bug Fixes (#274)

• Thumbnails now work in API key auth mode: <img> tags can't send custom headers, so thumbnails were returning 401 when authenticated via API key. New AuthImg component fetches with the X-API-Key header and uses blob URLs.
• Mermaid diagrams render in markdown: added mermaid dependency with theme-aware rendering — diagrams automatically switch between light and dark themes via MutationObserver on the document's dark class. Error states show a styled card instead of breaking the page.
• Thumbnail generator renders mermaid before capture: previously captured the raw mermaid code block text instead of the rendered diagram. Now renders all mermaid blocks in the DOM before html2canvas capture.

Dependency Upgrade (#275)

• txn2/mcp-datahub v1.6.0 → v1.7.0: upstream AssertionResult.ResultType (pass/fail) replaced by AssertionResult.AssertionURN (pointer to the assertion entity). This aligns with DataHub's model where pass/fail status lives on the assertion run, not the contract reference.

Security

• Fixed 4 gosec G124 findings on cookie SetCookie calls where the Secure attribute is config-driven (defaults true, opt-out for local dev without TLS). Added #nosec G124 annotations with justification.

Changelog

Features

• ff0ae07: feat: unified local dev harness with hot-reload, seed data, and portal fixes (#274) (@cjimti)

Dependencies

• f12284a: deps: upgrade txn2/mcp-datahub v1.6.0 → v1.7.0 (#275) (@cjimti)

Installation

Homebrew (macOS)

brew install txn2/tap/mcp-data-platform

Claude Code CLI

claude mcp add mcp-data-platform -- mcp-data-platform

Docker

docker pull ghcr.io/txn2/mcp-data-platform:v1.46.1

Verification

All release artifacts are signed with Cosign. Verify with:

cosign verify-blob --bundle mcp-data-platform_1.46.1_linux_amd64.tar.gz.sigstore.json \
  mcp-data-platform_1.46.1_linux_amd64.tar.gz