MCP Server Overview
The Model Context Protocol (MCP) is Metatate's canonical machine interface, and the reason the decision layer is portable. Any MCP-aware client can call the same structured tools to get governed context (policies, column classifications, compliance metadata, authorization decisions) before reading, writing, or exporting data.
Today, the MCP server is delivered inside the Metatate Snowflake Native App as a fully managed Snowflake MCP server (core.metatate_mcp). On top of that canonical layer, Metatate ships a Snowflake Intelligence adapter (core.agent_*) for Snowflake-native agents and GitHub-hosted Claude Code and Cortex Code plugins for developer workflows. Other MCP-compatible clients can use the same managed MCP endpoint when they support HTTP MCP and the required Snowflake OAuth flow.
Why MCP for Data Governance?
AI agents that interact with Snowflake data need guardrails. Without governance awareness, an agent might:
- Query PII columns it should not access
- Export data to a jurisdiction that violates retention policy
- Join tables across sensitivity boundaries without authorization
Metatate's MCP server solves this by giving agents a governance-aware toolkit they can call inline, before executing any data operation.
Architecture
┌──────────────────────────────────────────────────────────────┐
│ Snowflake Account │
│ │
│ ┌────────────────────────────────────────────────────────┐ │
│ │ METATATE_APP (Native App) │ │
│ │ │ │
│ │ ┌──────────────┐ ┌──────────────────────────────┐ │ │
│ │ │ MCP Server │───▶│ Governance Tables │ │ │
│ │ │ core. │ │ │ │ │
│ │ │ metatate_mcp │ │ ├─ governed_tables │ │ │
│ │ └──────▲────────┘ │ ├─ governed_columns │ │ │
│ │ │ │ ├─ usage_rules │ │ │
│ │ │ │ ├─ compliance_metadata │ │ │
│ │ │ │ ├─ retention_policies │ │ │
│ │ │ │ └─ lineage_edges │ │ │
│ │ │ └──────────────────────────────┘ │ │
│ └─────────┼──────────────────────────────────────────────┘ │
│ │ │
│ ┌─────────┴─────────────────────────────┐ │
│ │ Consumer Layers │ │
│ │ │ │
│ │ Snowflake Intelligence agent wrappers │ │
│ │ Claude Code plugin │ │
│ │ Cortex Code plugin │ │
│ │ MCP server / machine integrations │ │
│ └────────────────────────────────────────┘ │
└──────────────────────────────────────────────────────────────┘
The canonical MCP tools read from the governance tables that Metatate materializes when you deploy policies. Snowflake Intelligence uses core.agent_* wrappers that forward into those canonical tools. Claude Code connects to the Snowflake-managed core.metatate_mcp server through Snowflake OAuth. Cortex Code connects to the same managed MCP server with role-restricted PAT headers. No governed data leaves Snowflake at any point.
The 7 Tools
Metatate's MCP server exposes seven tools organized into four categories:
Discovery
| Tool | Type | Purpose |
|---|---|---|
discover-context | Function | Search governed tables by database, schema, sensitivity, control tags, PII presence, or domain |
get-decision-context | Function | Get full governance context for a specific table: policies, control tags, retention, lineage, and business metadata |
inspect-data-meaning | Function | Get column-level detail: data types, sensitivity, PII flags, masking configuration, and applied policies |
inspect-governance-rules | Function | Inspect deployed usage, validation, and transfer rules with provenance |
Authorization
| Tool | Type | Purpose |
|---|---|---|
authorize-use | Procedure | Request an authorization decision for a specific data operation (read, export, share, transform) with full context |
Validation
| Tool | Type | Purpose |
|---|---|---|
validate-query-context | Procedure | Analyze a SQL query for governance compliance before execution: check table access, column sensitivity, masking, and policy violations |
explain-why | Procedure | Retrieve the full audit trail for a previous authorization decision, including policy evidence and evaluation trace |
Response Envelope
Every tool returns a consistent JSON envelope:
{
"status": "success",
"data": { ... },
"errors": []
}
On failure, status becomes "error" and the errors array contains diagnostic messages. The data field will be null or an empty object.
Canonical MCP Endpoint
The MCP server is accessible at:
https://<account>.snowflakecomputing.com/api/v2/databases/METATATE_APP/schemas/CORE/mcp-servers/METATATE_MCP
Replace <account> with your Snowflake account identifier (e.g., xy12345.us-east-1).
This endpoint remains the canonical machine API for Metatate. Snowflake Intelligence does not wire directly to the raw VARIANT signatures in the agent builder UI; it uses the core.agent_* wrappers documented in the Snowflake Intelligence guide. Claude Code and Cortex Code use this managed MCP endpoint directly after their Metatate plugins are installed and client authentication is configured. Custom MCP clients can use the same endpoint when their runtime supports HTTP MCP and the required OAuth configuration.
Next Steps
- Setup & Registration -- Register the MCP server and verify it is running
- Tool Reference -- Detailed documentation for each tool
- Snowflake Intelligence -- Build a Snowflake Intelligence agent with the
core.agent_*wrappers - Claude Code Plugin -- Install the plugin and connect Claude Code to the Snowflake-managed MCP server
- Cortex Code Plugin -- Install the plugin and connect Cortex Code with a role-restricted PAT
- Cookbook -- Real-world workflows combining multiple tools