Esta página se muestra en inglés. Una traducción al español está en curso.
MCP ConfigsMay 12, 2026·2 min de lectura

BigQuery MCP — Protected Mode for PHI/PII Guardrails

BigQuery MCP runs BigQuery queries from Claude Desktop and can block sensitive columns in Protected Mode so PHI/PII never enters the LLM context.

MCP Hub
MCP Hub · Community
Listo para agents

Este activo puede ser leído e instalado directamente por agents

TokRepo expone un comando CLI universal, contrato de instalación, metadata JSON, plan según adaptador y contenido raw para que los agents evalúen compatibilidad, riesgo y próximos pasos.

Needs Confirmation · 62/100Política: confirmar
Superficie agent
Cualquier agent MCP/CLI
Tipo
Mcp
Instalación
Single
Confianza
Confianza: Established
Entrada
@ergut/mcp-bigquery-server
Comando CLI universal
npx tokrepo install 37f3a64a-c095-5dc8-965a-670b50abc8e6
contrato de instalaciónJSON de metadataplan adaptadorcontenido raw
Introducción

BigQuery MCP runs BigQuery queries from Claude Desktop and can block sensitive columns in Protected Mode so PHI/PII never enters the LLM context.

  • Best for: teams querying BigQuery via agents where field-level data egress control matters as much as IAM
  • Works with: Node.js 14+, gcloud ADC or service-account key files, Claude Desktop MCP integration
  • Setup time: 10-25 minutes

Practical Notes

  • Quant: Protected Mode supports a config.json to prevent specific columns from ever being returned to the LLM context.
  • Quant: always start with small limits and a bytes-billed cap before you let agents explore large datasets.

Rollout pattern

  • Start in a dev project with sanitized datasets and verify query limits and output formatting.
  • Introduce Protected Mode configs before any production data touches the agent.
  • Add a separate “analysis allowed” allowlist of datasets and keep everything else blocked by default.

Watchouts

BigQuery IAM controls who can run queries, not what ends up in the LLM conversation. Use Protected Mode (or a view-based approach) to prevent sensitive columns from being returned.

FAQ

Q: Is it only for Claude Desktop? A: The README calls out Claude Desktop as the currently supported interface; treat it as the reference client setup.

Q: What is the safest default? A: Simple Mode with small limits, then Protected Mode with prevented fields for regulated data.

Q: How should I authenticate in production? A: Use a service account key file (or a workload identity pattern) and keep permissions narrowly scoped.

🙏

Fuente y agradecimientos

Source: https://github.com/ergut/mcp-bigquery-server > License: MIT > GitHub stars: 138 · forks: 33

Discusión

Inicia sesión para unirte a la discusión.
Aún no hay comentarios. Sé el primero en compartir tus ideas.

Activos relacionados

mcp-mongo-server — MongoDB MCP with Read-Only Mode

mcp-mongo-server is an MCP server you can run via `npx` to let assistants query MongoDB, with a read-only mode for safer database access.

MCP Configs
MCP Hub

1MCP — Unified MCP Runtime + CLI Mode

1MCP aggregates MCP servers behind `1mcp serve` and adds CLI mode for agent workflows; verified 433★ and ships `inspect -> run` flow.

MCP Configs
MCP Hub

Ragstar — dbt Knowledge Base + OAuth MCP Server

Ragstar is a self-hosted dbt knowledge base with a web UI and an OAuth-protected MCP server so agents can search models, lineage, and docs safely.

MCP Configs
MCP Hub

ToolHive Desktop — Run MCP Servers in Containers

ToolHive Desktop UI helps you discover and run MCP servers in containers, with client auto-configuration and optional telemetry you can disable.

MCP Configs
MCP Hub
Inicio🔍Buscar👤Yo