MCP ConfigsMay 12, 2026·2 min read

BigQuery MCP — Protected Mode for PHI/PII Guardrails

BigQuery MCP runs BigQuery queries from Claude Desktop and can block sensitive columns in Protected Mode so PHI/PII never enters the LLM context.

Agent ready

Safe staging for this asset

This asset is staged first. The copied prompt tells the agent to inspect the staged files and ask before activating scripts, MCP config, or global config.

Stage only · 17/100Policy: stage
Agent surface
Any MCP/CLI agent
Kind
Mcp Config
Install
Stage only
Trust
Trust: Established
Entrypoint
Asset
Safe staging command
npx -y tokrepo@latest install 37f3a64a-c095-5dc8-965a-670b50abc8e6 --target codex

Stages files first; activation requires review of the staged README and plan.

Intro

BigQuery MCP runs BigQuery queries from Claude Desktop and can block sensitive columns in Protected Mode so PHI/PII never enters the LLM context.

  • Best for: teams querying BigQuery via agents where field-level data egress control matters as much as IAM
  • Works with: Node.js 14+, gcloud ADC or service-account key files, Claude Desktop MCP integration
  • Setup time: 10-25 minutes

Practical Notes

  • Quant: Protected Mode supports a config.json to prevent specific columns from ever being returned to the LLM context.
  • Quant: always start with small limits and a bytes-billed cap before you let agents explore large datasets.

Rollout pattern

  • Start in a dev project with sanitized datasets and verify query limits and output formatting.
  • Introduce Protected Mode configs before any production data touches the agent.
  • Add a separate “analysis allowed” allowlist of datasets and keep everything else blocked by default.

Watchouts

BigQuery IAM controls who can run queries, not what ends up in the LLM conversation. Use Protected Mode (or a view-based approach) to prevent sensitive columns from being returned.

FAQ

Q: Is it only for Claude Desktop? A: The README calls out Claude Desktop as the currently supported interface; treat it as the reference client setup.

Q: What is the safest default? A: Simple Mode with small limits, then Protected Mode with prevented fields for regulated data.

Q: How should I authenticate in production? A: Use a service account key file (or a workload identity pattern) and keep permissions narrowly scoped.

🙏

Source & Thanks

Source: https://github.com/ergut/mcp-bigquery-server > License: MIT > GitHub stars: 138 · forks: 33

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets