dbt-mcp
by dbt-labs
Overview
Provides a Model Context Protocol (MCP) server that exposes various dbt-related functionalities (CLI, Semantic Layer, Discovery, Admin API, Code Generation, LSP) as tools for AI agents to interact with dbt projects in Core, Fusion, and Platform environments.
Installation
uv run src/dbt_mcp/main.pyEnvironment Variables
- DBT_HOST
- DBT_MCP_HOST
- DBT_PROD_ENV_ID
- DBT_ENV_ID
- DBT_DEV_ENV_ID
- DBT_USER_ID
- DBT_ACCOUNT_ID
- DBT_TOKEN
- MULTICELL_ACCOUNT_PREFIX
- HOST_PREFIX
- DBT_LSP_PATH
- DBT_PROJECT_DIR
- DBT_PATH
- DBT_CLI_TIMEOUT
- DBT_WARN_ERROR_OPTIONS
- DBT_PROFILES_DIR
- DISABLE_DBT_CLI
- DISABLE_DBT_CODEGEN
- DISABLE_SEMANTIC_LAYER
- DISABLE_DISCOVERY
- DISABLE_REMOTE
- DISABLE_ADMIN_API
- DISABLE_SQL
- DISABLE_TOOLS
- DISABLE_LSP
- DBT_MCP_ENABLE_TOOLS
- DBT_MCP_ENABLE_SEMANTIC_LAYER
- DBT_MCP_ENABLE_ADMIN_API
- DBT_MCP_ENABLE_DBT_CLI
- DBT_MCP_ENABLE_DBT_CODEGEN
- DBT_MCP_ENABLE_DISCOVERY
- DBT_MCP_ENABLE_LSP
- DBT_MCP_ENABLE_SQL
- DO_NOT_TRACK
- DBT_SEND_ANONYMOUS_USAGE_STATS
- DBT_MCP_SERVER_FILE_LOGGING
- DBT_MCP_LOG_LEVEL
- MCP_TRANSPORT
- OPENAI_API_KEY
- ANTHROPIC_API_KEY
- GOOGLE_GENAI_API_KEY
- ADK_MODEL
- DBT_MCP_URL
Security Notes
The server directly invokes external dbt CLI commands (`subprocess.Popen` in `src/dbt_mcp/dbt_cli/tools.py` and `src/dbt_mcp/dbt_codegen/tools.py`) and passes arguments originating from LLM output (e.g., `selector`, `vars`, `sql_query`). There is no explicit sanitization or strict validation of these string arguments to prevent shell or SQL injection before they are passed to the underlying `dbt` binary. While arguments are generally passed as a list to `Popen` (safer than `shell=True`), a sophisticated LLM could craft inputs that exploit the way `dbt` or the shell interprets these arguments, leading to arbitrary command execution or data manipulation (especially via the `dbt show` tool which runs arbitrary SQL). This lack of robust input sanitization for external process execution represents a significant security risk when integrating with potentially untrusted or adversarial LLMs.
Similar Servers
mcp-server
Provides a Model Context Protocol (MCP) server for AI agents to search and retrieve curated documentation for the Strands Agents framework, facilitating AI coding assistance.
mcp-servers
A curated collection of Model Context Protocol (MCP) server configurations to integrate various developer tools and services with AI agents.
1xn-vmcp
An open-source platform for composing, customizing, and extending multiple Model Context Protocol (MCP) servers into a single logical, virtual MCP server, enabling fine-grained context engineering for AI workflows and agents.
enhanced-postgres-mcp-server
This server acts as a Model Context Protocol interface for PostgreSQL, enabling LLMs to query data, modify records, and manage database schema objects with read and write capabilities.