Esta página se muestra en inglés. Una traducción al español está en curso.
MCP ConfigsMay 12, 2026·2 min de lectura

BigQuery MCP — Protected Mode for PHI/PII Guardrails

BigQuery MCP runs BigQuery queries from Claude Desktop and can block sensitive columns in Protected Mode so PHI/PII never enters the LLM context.

Listo para agents

Staging seguro para este activo

Este activo primero queda en staging. El prompt copiado pide inspeccionar los archivos staged antes de activar scripts, config MCP o config global.

Stage only · 17/100Política: staging
Superficie agent
Cualquier agent MCP/CLI
Tipo
Mcp Config
Instalación
Stage only
Confianza
Confianza: Established
Entrada
Asset
Comando de staging seguro
npx -y tokrepo@latest install 37f3a64a-c095-5dc8-965a-670b50abc8e6 --target codex

Primero deja archivos en staging; la activación requiere revisar el README y el plan staged.

Introducción

BigQuery MCP runs BigQuery queries from Claude Desktop and can block sensitive columns in Protected Mode so PHI/PII never enters the LLM context.

  • Best for: teams querying BigQuery via agents where field-level data egress control matters as much as IAM
  • Works with: Node.js 14+, gcloud ADC or service-account key files, Claude Desktop MCP integration
  • Setup time: 10-25 minutes

Practical Notes

  • Quant: Protected Mode supports a config.json to prevent specific columns from ever being returned to the LLM context.
  • Quant: always start with small limits and a bytes-billed cap before you let agents explore large datasets.

Rollout pattern

  • Start in a dev project with sanitized datasets and verify query limits and output formatting.
  • Introduce Protected Mode configs before any production data touches the agent.
  • Add a separate “analysis allowed” allowlist of datasets and keep everything else blocked by default.

Watchouts

BigQuery IAM controls who can run queries, not what ends up in the LLM conversation. Use Protected Mode (or a view-based approach) to prevent sensitive columns from being returned.

FAQ

Q: Is it only for Claude Desktop? A: The README calls out Claude Desktop as the currently supported interface; treat it as the reference client setup.

Q: What is the safest default? A: Simple Mode with small limits, then Protected Mode with prevented fields for regulated data.

Q: How should I authenticate in production? A: Use a service account key file (or a workload identity pattern) and keep permissions narrowly scoped.

🙏

Fuente y agradecimientos

Source: https://github.com/ergut/mcp-bigquery-server > License: MIT > GitHub stars: 138 · forks: 33

Discusión

Inicia sesión para unirte a la discusión.
Aún no hay comentarios. Sé el primero en compartir tus ideas.

Activos relacionados