Serveur MCP géré par Snowflake¶
Vue d’ensemble¶
Note
Snowflake prend en charge la révision du Model Context Protocol 2025-06-18.
Le Model Context Protocol (MCP) est une norme open source qui permet aux agents AI d’interagir en toute sécurité avec les applications métier et les systèmes de données externes, tels que les bases de données et les référentiels de contenu. Le MCP permet aux entreprises de réduire les défis d’intégration et de produire rapidement des résultats à partir de modèles. Depuis son lancement, le MCP est devenu essentiel pour les applications agentiques, fournissant un dispositif cohérent et sécurisé pour l’appel d’outils et la récupération de données.
The Snowflake-managed MCP server lets AI agents securely retrieve data from Snowflake accounts without needing to deploy separate infrastructure. You can configure the MCP server to serve Cortex Analyst, Cortex Search, and Cortex Agents as tools, along with custom tools and SQL executions on the standards-based interface. MCP clients discover and invoke these tools, and retrieve data required for the application. With managed MCP servers on Snowflake, you can build scalable enterprise-grade applications while maintaining access and privacy controls. The MCP server on Snowflake provides:
Intégration standard : interface unifiée pour la détection et l’appel d’outils, conformément aux normes en constante évolution.
Authentification complète : service OAuth intégré de Snowflake pour activer l’authentification basée sur OAuth pour les intégrations MCP.
Gouvernance robuste : contrôle d’accès basé sur les rôles (RBAC) pour le serveur MCP et les outils pour gérer la détection et l’appel d’outils.
Pour plus d’informations sur le cycle de vie MCP, voir Cycle de vie. Pour un exemple d’une mise en œuvre MCP, voir le guide de démarrage rapide Premiers pas avec le serveur MCP Snowflake géré.
MCP server security recommendations¶
Important
When you configure hostnames for MCP server connections, use hyphens (-) instead of underscores (_). MCP servers have connection issues with hostnames containing underscores.
Using multiple MCP servers without verifying tools and descriptions could lead to vulnerabilities such as tool poisoning or tool shadowing. Snowflake recommends verifying third-party MCP servers before using them. This includes any MCP server from another Snowflake user or account. Verify all tools offered by third-party MCP servers.
We recommend using OAuth as the authentication method. Using hardcoded tokens can lead to token leakage.
When using a Programmatic Access Token (PAT), set it to use the least-privileged role allowed to work with MCP. This will help prevent leaking a secret with access to a highly-privileged role.
Configure proper permissions for the MCP server and tools following the least-privilege principle. Access to the MCP Server does not give access to the tools. Permission needs to be granted for each tool.
Créer un objet du serveur MCP¶
Créez un objet, en spécifiant les outils et les autres métadonnées. Les clients MCP qui se connectent au serveur sont en mesure de détecter et d’appeler ces outils après l’authentification requise.
Accédez à la base de données et au schéma de votre choix pour créer le serveur MCP.
Créer le serveur MCP :
CREATE [ OR REPLACE ] MCP SERVER [ IF NOT EXISTS ] <server_name> FROM SPECIFICATION $$ tools: - name: "product-search" type: "CORTEX_SEARCH_SERVICE_QUERY" identifier: "database1.schema1.Cortex_Search_Service1" description: "cortex search service for all products" title: "Product Search" - name: "revenue-semantic-view" type: "CORTEX_ANALYST_MESSAGE" identifier: "database1.schema1.Semantic_View_1" description: "Semantic view for all revenue tables" title: "Semantic view for revenue" $$
Snowflake prend actuellement en charge les types d’outils suivants :
CORTEX_SEARCH_SERVICE_QUERY: outil Cortex Search Service
CORTEX_ANALYST_MESSAGE: outil Cortex Analyst
SYSTEM_EXECUTE_SQL: SQL execution
CORTEX_AGENT_RUN: Cortex Agent tool
GENERIC: tool for UDFs and stored procedures
The following examples show how to configure different tool types:
Using the Analyst tool, your client can generate text from SQL. Use the following code to specify the tool configuration.
Note
The Snowflake-managed MCP server only supports using semantic views with Cortex Analyst. It does not support semantic models.
tools: - name: "revenue-semantic-view" type: "CORTEX_ANALYST_MESSAGE" identifier: "database1.schema1.Semantic_View_1" description: "Semantic view for all revenue tables" title: "Semantic view for revenue"Using the Search tool requests, your client can perform unstructured search on their data.
tools: - name: "product-search" type: "CORTEX_SEARCH_SERVICE_QUERY" identifier: "database1.schema1.Cortex_Search_Service1" description: "cortex search service for all products" title: "Product Search"For the SQL execution tool, your client can execute SQL queries on Snowflake. Use the following code to specify the tool configuration.
tools: - title: "SQL Execution Tool" name: "sql_exec_tool" type: "SYSTEM_EXECUTE_SQL" description: "A tool to execute SQL queries against the connected Snowflake database."For the Agent tool, your client passes a message to the agent. The agent processes the request and returns a response. Use the following code to specify the tool configuration.
tools: - title: "Agent V2" name: "agent_1" type: "CORTEX_AGENT_RUN" identifier: "db.schema.agent" description: "agent that gives the ability to..."For your custom tools, you must provide the user-defined function (UDF) or stored procedure signature in the tool configuration. The custom tool enables you to invoke UDFs and stored procedures as tools through the MCP server.
You need to specify the following in the tool configuration:
type:functionfor UDF,procedurefor stored procedure
Warehouse
Input schema: corresponds to the function signature
Use the following examples to create and configure custom tools using UDFs and stored procedures:
The following examples demonstrate creating UDFs that can be used as custom tools:
-- create a simple udf
CREATE OR REPLACE FUNCTION MULTIPLY_BY_TEN(x FLOAT)
RETURNS FLOAT
LANGUAGE PYTHON
RUNTIME_VERSION = '3.8'
HANDLER = 'multiply_by_ten'
AS
$$
def multiply_by_ten(x: float) -> float:
return x * 10
$$;
SHOW FUNCTIONS LIKE 'MULTIPLY_BY_TEN';
-- test return json/variant
CREATE OR REPLACE FUNCTION CALCULATE_PRODUCT_AND_SUM(x FLOAT, y FLOAT)
RETURNS VARIANT
LANGUAGE PYTHON
RUNTIME_VERSION = '3.8'
HANDLER = 'calculate_values'
AS
$$
import json
def calculate_values(x: float, y: float) -> dict:
"""
Calculates the product and sum of two numbers and returns them in a dictionary.
The dictionary is converted to a VARIANT (JSON) in the SQL return.
"""
product = x * y
sum_val = x + y
return {
"product": product,
"sum": sum_val
}
$$;
-- test return list/array
CREATE OR REPLACE FUNCTION GET_NUMBERS_IN_RANGE(x FLOAT, y FLOAT)
RETURNS ARRAY -- Use ARRAY to explicitly state a list is being returned
LANGUAGE PYTHON
RUNTIME_VERSION = '3.8'
HANDLER = 'get_numbers'
AS
$$
def get_numbers(x: float, y: float) -> list:
"""
Returns a list of integers between x (exclusive) and y (inclusive).
Assumes x < y.
"""
# Ensure x and y are treated as integers for range generation
start = int(x) + 1
end = int(y) + 1 # range() is exclusive on the stop value
# Use a list comprehension to generate the numbers
# The Python list will be converted to a Snowflake ARRAY.
return list(range(start, end))
$$;
The following examples demonstrate creating stored procedures that can be used as custom tools:
-- create a simple stored procedure
CREATE OR REPLACE PROCEDURE MULTIPLY_BY_TEN_SP(x FLOAT)
RETURNS FLOAT
LANGUAGE PYTHON
RUNTIME_VERSION = '3.8'
PACKAGES = ('snowflake-snowpark-python')
HANDLER = 'multiply_by_ten'
AS
$$
# The handler logic is identical to the UDF for a scalar return
def multiply_by_ten(x: float) -> float:
return x * 10
$$;
-- test return json/variant
CREATE OR REPLACE PROCEDURE CALCULATE_VALUES_SP(x FLOAT, y FLOAT)
RETURNS VARIANT
LANGUAGE PYTHON
RUNTIME_VERSION = '3.8'
PACKAGES = ('snowflake-snowpark-python')
HANDLER = 'calculate_values'
AS
$$
# The handler logic is identical to the UDF for a VARIANT return
def calculate_values(x: float, y: float) -> dict:
"""
Calculates the product and sum of two numbers and returns them in a dictionary.
The dictionary is converted to a VARIANT (JSON) in the SQL return.
"""
product = x * y
sum_val = x + y
return {
"product": product,
"sum": sum_val
}
$$;
-- test return list/array
CREATE OR REPLACE PROCEDURE GET_NUMBERS_SP(x FLOAT, y FLOAT)
RETURNS ARRAY
LANGUAGE PYTHON
RUNTIME_VERSION = '3.8'
PACKAGES = ('snowflake-snowpark-python')
HANDLER = 'get_numbers'
AS
$$
def get_numbers(x: float, y: float) -> list:
"""
Returns a list of integers between x (exclusive) and y (inclusive).
The Python list will be converted to a Snowflake ARRAY.
"""
# Ensure x and y are treated as integers for range generation
start = int(x) + 1
end = int(y) + 1 # range() is exclusive on the stop value
# Use a list comprehension to generate the numbers
return list(range(start, end))
$$;
The following examples demonstrate configuring custom tools for UDFs and stored procedures:
CREATE MCP SERVER my_mcp_server
FROM SPECIFICATION $$
tools:
- title: "Custom Tool 1"
identifier: "EXAMPLE_DATABASE.AGENTS.MULTIPLY_BY_TEN"
name: "multiply_by_ten"
type: "GENERIC"
description: "Multiplied input value by ten and returns the result."
config:
type: "function"
warehouse: "COMPUTE_SERVICE_WAREHOUSE"
input_schema:
type: "object"
properties:
x:
description: "A number to be multiplied by ten"
type: "number"
- title: "Custom Tool 2"
identifier: "EXAMPLE_DATABASE.AGENTS.CALCULATE_PRODUCT_AND_SUM"
name: "calculate_product_and_sum"
type: "GENERIC"
description: "Calculates the product and sum of two numbers and returns them in a JSON object."
config:
type: "function"
warehouse: "COMPUTE_SERVICE_WAREHOUSE"
input_schema:
type: "object"
properties:
x:
description: "First number"
type: "number"
y:
description: "Second number"
type: "number"
- title: "Custom Tool 3"
identifier: "EXAMPLE_DATABASE.AGENTS.GET_NUMBERS_IN_RANGE"
name: "get_numbers_in_range"
type: "GENERIC"
description: "Returns a list of integers between two numbers."
config:
type: "function"
warehouse: "COMPUTE_SERVICE_WAREHOUSE"
input_schema:
type: "object"
properties:
x:
description: "Start number (exclusive)"
type: "number"
y:
description: "End number (inclusive)"
type: "number"
- title: "Custom Tool 4"
identifier: "EXAMPLE_DATABASE.AGENTS.MULTIPLY_BY_TEN_SP"
name: "multiply_by_ten_sp"
type: "GENERIC"
description: "Multiplied input value by ten and returns the result."
config:
type: "procedure"
warehouse: "COMPUTE_SERVICE_WAREHOUSE"
input_schema:
type: "object"
properties:
x:
description: "A number to be multiplied by ten"
type: "number"
- title: "Custom Tool 5"
identifier: "EXAMPLE_DATABASE.AGENTS.CALCULATE_PRODUCT_AND_SUM_SP"
name: "calculate_product_and_sum_sp"
type: "GENERIC"
description: "Calculates the product and sum of two numbers and returns them in a JSON object."
config:
type: "procedure"
warehouse: "COMPUTE_SERVICE_WAREHOUSE"
input_schema:
type: "object"
properties:
x:
description: "First number"
type: "number"
y:
description: "Second number"
type: "number"
- title: "Custom Tool 6"
identifier: "EXAMPLE_DATABASE.AGENTS.GET_NUMBERS_IN_RANGE_SP"
name: "get_numbers_in_range_sp"
type: "GENERIC"
description: "Returns a list of integers between two numbers."
config:
type: "procedure"
warehouse: "COMPUTE_SERVICE_WAREHOUSE"
input_schema:
type: "object"
properties:
x:
description: "Start number (exclusive)"
type: "number"
y:
description: "End number (inclusive)"
type: "number"
$$;
Pour afficher les serveurs MCP, utilisez les commandes suivantes :
SHOW MCP SERVERS IN DATABASE <database_name>; SHOW MCP SERVERS IN SCHEMA <schema_name>; SHOW MCP SERVERS IN ACCOUNT;
The following shows the output of the command:
| created_on | name | database_name | schema_name | owner | comment | ------------------------------------------+-------------------+---------------+-------------+--------------+------------------------------ | Fri, 23 Jun 1967 07:00:00.123000 +0000 | TEST_MCP_SERVER | TEST_DATABASE | TEST_SCHEMA | ACCOUNTADMIN | [NULL] | | Fri, 23 Jun 1967 07:00:00.123000 +0000 | TEST_MCP_SERVER_2 | TEST_DATABASE | TEST_SCHEMA | ACCOUNTADMIN | Test MCP server with comment |
Pour décrire un serveur MCP, utilisez la commande suivante :
DESCRIBE MCP SERVER <server_name>;
The following shows the output of the command:
| name | database_name | schema_name | owner | comment | server_spec | created_on | ------------------------------------------------------------------------------------------------------+------------------------------------- | TEST_MCP_SERVER | TEST_DATABASE | TEST_SCHEMA | ACCOUNTADMIN | [NULL] | {"version":1,"tools":[{"name":"product-search","identifier":"db.schema.search_service","type":"CORTEX_SEARCH_SERVICE_QUERY"}]} | Fri, 23 Jun 1967 07:00:00.123000 +0000 |
Pour abandonner un serveur MCP, utilisez la commande suivante :
DROP MCP SERVER <server_name>;
Contrôle d’accès¶
Vous pouvez utiliser les privilèges suivants pour gérer l’accès à l’objet MCP et aux outils sous-jacents
Privilège |
Objet |
Description |
|---|---|---|
OWNERSHIP |
Objet MCP |
Nécessaire pour mettre à jour la configuration de l’objet |
MODIFY |
Objet MCP |
Fournit la mise à jour, l’abandon, la description, l’affichage et l’utilisation ( |
USAGE |
Objet MCP |
Nécessaire pour se connecter au serveur MCP et aux outils de découverte |
USAGE |
Cortex Search Service |
Nécessaire pour appeler l’outil Cortex Search dans le serveur MCP |
SELECT |
Vue sémantique |
Nécessaire pour appeler l’outil Cortex Analyst dans le serveur MCP |
USAGE |
Cortex Agent |
Required to invoke the Cortex Agent as a tool in the MCP server |
USAGE |
User-defined function (UDF) or stored procedure |
Required to invoke the UDF or stored procedure as a tool in the MCP server |
Configurer l’authentification OAuth¶
Configuration de l’authentification sur le client MCP. Le serveur MCP géré par Snowflake prend en charge l’authentification 2.0 OAuth alignée avec la recommandation d’autorisation dans le protocole MCP. Le serveur MCP géré par Snowflake ne prend pas en charge l’enregistrement dynamique des clients.
Tout d’abord, créez l’intégration de sécurité. Pour plus d’informations sur cette commande, voir CREATE SECURITY INTEGRATION (Snowflake OAuth).
CREATE [ OR REPLACE ] SECURITY INTEGRATION [IF NOT EXISTS] <integration_name> TYPE = OAUTH OAUTH_CLIENT = GENERIC ENABLED = TRUE OAUTH_CLIENT_TYPE = 'CONFIDENTIAL' OAUTH_REDIRECT_URI = '<redirect_URI>'
Ensuite, appelez la fonction système pour récupérer votre identifiant client et les clés pour la configuration du client. Le nom de l’intégration est sensible à la casse et doit être en majuscules.
SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('<integration_name>');
Interagir avec le serveur MCP à l’aide d’un client MCP personnalisé¶
Si vous créez un client MCP personnalisé, les sections suivantes présentent les points de terminaison Snowflake avec lesquels votre client interagit.
Note
Le serveur MCP de Snowflake ne prend actuellement en charge que les capacités d’outil.
Initialiser le serveur MCP¶
Après l’authentification, initialisez le serveur en émettant des appels GET et POST au point de terminaison API suivant :
POST /api/v2/databases/{database}/schemas/{schema}/mcp-servers/{name}
{
"jsonrpc": "2.0",
"id": 1,
"method": "initialize",
"params": { "protocolVersion": "2025-06-18" }
}
L’exemple suivant montre la réponse :
{
"jsonrpc": "2.0", // passthrough from req
"id": 1, // passthrough from req
"result": {
"proto_version": "2025-06-18",
"capabilities": {
"tools": {
"listChanged": false
}
},
"server_info": {
"name": "<snowflake-mcp-name>",
"title": "Snowflake Server: <snowflake-mcp-name>",
"version": "1.0.0"
}
}
}
Découvrir et appeler des outils¶
Les clients MCP peuvent découvrir et appeler des outils avec des requêtes tools/list et tools/call.
Pour découvrir les outils, envoyez un appel POST comme indiqué dans la requête outils/liste :
POST /api/v2/databases/{database}/schemas/{schema}/mcp-servers/{name}
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/list",
"params": {}
}
L’exemple suivant montre la réponse :
{
"jsonrpc": "2.0", // passthrough from req
"id": 1, // passthrough from req
"result": {
"tools": [ // search
{
"name":"product-search",
"description":"Test search tool",
"inputSchema": {
"type": "object",
"description": "A search query and additional parameters for search.",
"properties": {
"query": {
"description": "Unstructured text query. Exactly one of 'query' or 'multi_index_query' must be specified.",
"type": "string"
},
"columns": {
"description": "List of columns to return.",
"type": "array",
"items": {
"type": "string"
}
},
"filter": {
"description": "Filter query.",
"type": "object"
},
"limit": {
"description": "Max number of results to return.",
"type": "integer",
"default": 10
}
}
},
"outputSchema": {
"type": "object",
"description": "Search results.",
"properties": {
"results": {
"description": "List of result rows.",
"type": "array",
"items": {
"type": "object",
"additionalProperties": true,
"description": "Map of column names to values (as bytes)."
}
},
"request_id": {
"description": "ID of the request.",
"type": "string"
}
},
"required": ["results", "request_id"]
}
},
{ // analyst
"name":"revenue-semantic-view",
"description":"Test tool",
"inputSchema": {
"type": "object",
"description": "A message and additional parameters for Cortex Analyst.",
"properties": {
"message": {
"description": "The user’s question.",
"type": "string"
}
}
}
}
]
}
}
Pour appeler un outil, envoyez un appel POST comme indiqué dans la requête outils/appel.
For the Analyst tool, your client passes messages in the request. The SQL statement is listed in the output. You must pass the name of the tool that you’re invoking in the request in the name parameter.
POST /api/v2/databases/<database>/schemas/<schema>/mcp-servers/<name>
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "test-analyst",
"arguments": {
"message ": "text"
}
}
}
L’exemple suivant montre la réponse :
{
"jsonrpc": "2.0",
"id": 1,
"result": {
"content": [
{
"type": "text",
"text": "string"
}
]
}
}
Pour les requêtes de l’outil de recherche, votre client peut transmettre la requête et les arguments facultatifs suivants :
colonnes
filtre
limite
The search results and request ID are returned in the output. You must pass the name of the tool that you’re invoking in the request as the name parameter.
POST /api/v2/databases/{database}/schemas/{schema}/mcp-servers/{name}
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "product-search",
"arguments": {
"query": "Hotels in NYC",
"columns": array of strings,
"filter": json,
"limit": int
}
}
}
L’exemple suivant montre la réponse :
{
"jsonrpc": "2.0",
"id": 1,
"result": {
"results": {}
}
}
Limitations¶
Le serveur MCP géré par Snowflake ne prend pas en charge les constructions suivantes dans le protocole MCP : ressources, invites, racines, notifications, négociations de version, phases de cycle de vie et échantillonnage.
Seules les réponses sans flux sont prises en charge.