warehouse-mcp
Production MCP server for Postgres, Oracle, Snowflake, BigQuery, Redshift, DuckDB, MotherDuck.
Package Details
warehouse-mcp
Runtime Arguments
Positional
startBoots the MCP server. Use 'init' for interactive setup or 'doctor' to diagnose configuration.Environment Variables
stdioSet to 'stdio' for desktop AI clients (Claude Desktop, Cursor). Defaults to 'http'.
Which warehouse to connect to. One of: postgres, oracle, redshift, snowflake, bigquery, duckdb. (DuckDB also handles MotherDuck via DUCKDB_PATH=md:<db>.)
Comma-separated bearer keys with role and optional warehouse-role impersonation: 'key1:reader,key2:admin', 'key3:reader:set_role=alice'. Leave empty for stdio (OS process boundary is the trust boundary). Required for HTTP.
DuckDB file path, ':memory:', or 'md:<database>' for MotherDuck. Required when WAREHOUSE_TYPE=duckdb.
MotherDuck service token. Required when DUCKDB_PATH starts with 'md:'.
Postgres host. Required when WAREHOUSE_TYPE=postgres. (Use REDSHIFT_HOST for Redshift.)
Postgres database name.
Postgres user.
Postgres password.
Oracle user. Required when WAREHOUSE_TYPE=oracle.
Oracle password.
Oracle Easy Connect (e.g. host:1521/SERVICE), TNS descriptor, or alias.
Snowflake account identifier (e.g. xy12345.us-east-1). Required when WAREHOUSE_TYPE=snowflake.
Snowflake username.
Path to PKCS8 private key (.p8). Snowflake auth is key-pair only; password auth is not supported.
GCP project id. Required when WAREHOUSE_TYPE=bigquery.
Path to BigQuery service-account JSON. Omit on GKE / Cloud Run with workload identity.
offSet to 'on' to enable role-aware PII masking on result rows (emails, SSNs, phones, IPs, Luhn-validated CCs). Off by default.
0Per-principal token-bucket rate limit on tool invocations. 0 = disabled. Recommend 60 for production.