ctxd
Supports importing dbt manifest.json to incorporate dbt models and sources into the context model, enabling agents to reference dbt-defined data structures.
Integrates with Metabase to retrieve database metadata, relationships, and saved questions; can optionally execute queries through the Metabase API for agent-driven data analysis.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@ctxdsearch for tables and metrics related to revenue"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
ctxd
A vendor-neutral, release-aware context contract and MCP runtime for reliable data agents. It gives Claude, Codex, and other clients compact metadata, reviewed semantic definitions, approved join paths, and pre-execution validation.
The project deliberately does not replace Metabase, dbt, Cube, or a warehouse. It is the contract, compiler, release gate, and evaluation layer between those systems and an agent.
Install
From npm (CLI + library; requires a C++ toolchain for better-sqlite3):
npm install ctxd
npx ctxd initFrom source (recommended for development and contributions):
git clone https://github.com/thisis-gp/ctxd.git
cd ctxd
npm install # or: corepack enable && yarn install
npm test
npx ctxd initSee CONTRIBUTING.md for the full dev workflow. Report security issues privately — see SECURITY.md.
Agent question
-> context search / plan / compile
-> trusted SQL (validated, version-stamped)
-> user runs SQL in Metabase (their own access)By default ctxd does not execute production queries. It is the context and SQL compiler for agents; Metabase remains the query surface.
It talks to Metabase via the Metabase API for metadata ingest (and optionally
for tech-bot query execution). No direct database credentials. Nightly refresh
uses a server-side API key; end users never see it.
Related MCP server: SQL Server MCP Server
Who configures what (plug-and-play)
Role | What they do | What they never need |
Tech team | Set Metabase URL/API key on the server, run | Per-user Metabase logins for agents |
Claude / Codex users | Add MCP URL + their personal token; get trusted SQL for Metabase | Metabase API keys, shared org token, running queries through ctxd |
Default product mode is context-only: ctxd helps the LLM find tables/joins/metrics and draft/validate SQL. Users (or Metabase) run the query. Query execution tools stay off unless CTXD_ALLOW_QUERY=true (tech bots only).
Org quickstart (hosted + HTTPS)
# On the server (tech once)
npx ctxd init
# edit .env: METABASE_URL, METABASE_API_KEY, CTXD_ADMIN_TOKEN, CTXD_DOMAIN, ACME_EMAIL
npx ctxd refresh --prune-keep 14 # must run on the SAME host/volume as serve
docker compose up -d --build # Caddy HTTPS → ctxdOps note: Nightly refresh must run where the MCP server reads snapshots
(e.g. docker compose run --rm refresh on that host). A GitHub Action that only
uploads an artifact does not update the live server — that was the “ops gap.”
15 2 * * * cd /opt/ctxd && docker compose run --rm refresh >> /var/log/ctxd-refresh.log 2>&1Open https://$CTXD_DOMAIN/admin, sign in with CTXD_ADMIN_TOKEN, and create
one token per user. Users paste into Claude/Codex:
{
"mcpServers": {
"ctxd": {
"url": "https://ctxd.example.com/mcp",
"headers": {
"Authorization": "Bearer ctxd_USER_SPECIFIC_TOKEN"
}
}
}
}Health: GET /health. MCP: POST /mcp (per-user Bearer). Admin: /admin.
Local developer (stdio)
npx ctxd serveRegister with a local command entry as in examples/mcp-config.json (ctxd-local).
How it works
A snapshot build queries Metabase once and produces an immutable, per-release snapshot directory:
snapshots/v8.19.0-0/
├── manifest.json # release, git commit, fingerprint, counts, status
├── entities.jsonl # databases / schemas / tables / columns (inspectable)
├── relationships.jsonl # foreign-key edges
├── metabase-assets.jsonl # questions / models / dashboards + query definitions
├── semantic-definitions.json # versioned metric definitions + SQL templates
├── search.sqlite # FTS5 full-text index for sub-second retrieval
└── changes.json # diff vs the previous snapshotThe MCP server then serves focused retrieval from the promoted current snapshot
instead of dumping the whole model into the conversation.
Architecture
Layer | Module | Responsibility |
Adapter |
| Only place that speaks the Metabase HTTP API |
Metadata indexer |
| Normalize DB structure into entities + FK relationships |
Content indexer |
| Normalize questions / models / dashboards |
Snapshot |
| Deterministic fingerprint, JSONL + SQLite, manifest, diff |
Release |
|
|
Retrieval |
| Search, entity context, freshness, SQL validation, read-only exec |
MCP |
| Fourteen |
Adapters |
| Import dbt, Cube, and MetricFlow JSON metadata into the same normalized model |
Contract draft |
| Generate a reviewable starting contract from a snapshot or adapter export |
Evaluation |
| Compare direct-schema agent runs with context-layer runs on accuracy, tokens, calls, and time |
The adapter boundary is strict: nothing above src/metabase/ sees a raw Metabase
response — everything consumes the normalized model in src/model.ts. Swapping
the data source later means rewriting only the adapter.
Setup
yarn install
yarn build
node dist/cli.js init # scaffolds .env from .env.example
# edit .env: set METABASE_URL and METABASE_API_KEYBuilding a snapshot
# Build, validate, publish, and promote a release snapshot.
node dist/cli.js snapshot build --release v8.19.0-0 --git-commit "$(git rev-parse HEAD)"
node dist/cli.js snapshot validate --release v8.19.0-0
node dist/cli.js snapshot publish --release v8.19.0-0
node dist/cli.js snapshot promote --release v8.19.0-0 # advances `current`Or run the whole pipeline (build → validate → publish → deploy/health → promote):
DEPLOY_SCRIPT=./scripts/deploy.sh HEALTHCHECK_SCRIPT=./scripts/healthcheck.sh scripts/release.sh v8.19.0-0 v8.18.0-0Rollback restores the previous pointer:
node dist/cli.js snapshot rollbackQuerying from the terminal
node dist/cli.js search "active user subscriptions"
node dist/cli.js search "invoices" --scope tables
node dist/cli.js join-path public.claim_files public.benefits # shortest FK join path
node dist/cli.js diff # schema changes vs previous release
node dist/cli.js drift # is the current snapshot stale vs live Metabase?
node dist/cli.js freshness
node dist/cli.js stats # token/latency savings dashboard from recorded MCP usage
node dist/cli.js query "SELECT COUNT(*) AS claim_count FROM public.claims;"Importing other metadata tools
The core model is not Metabase-specific. Adapter inputs can be inspected or used to draft a contract:
node dist/cli.js adapters list
node dist/cli.js adapters inspect dbt examples/dbt-manifest-mini.json
node dist/cli.js contract draft --adapter dbt --input examples/dbt-manifest-mini.json --project demoSupported JSON importers:
Adapter | Input |
|
|
| Cube schema JSON with cubes, dimensions, and measures |
| MetricFlow semantic manifest JSON |
These importers create the same NormalizedModel that snapshots use, so new
connectors do not need a separate agent-facing contract.
Serving to an agent
npx ctxd serve # local MCP stdio (developer laptop)
npx ctxd serve --http # shared org MCP at http://HOST:8787/mcpRegister it with Claude Code / Codex (see examples/mcp-config.json).
For --http, users only need the URL and their personal Bearer token (issued at /admin) — not Metabase credentials.
MCP tools
Tool | Purpose |
| Top-N tables, columns, and saved questions for a query |
| Resolve a question into candidate tables, columns, saved questions, and ambiguity warnings |
| Compile measures/dimensions/filters into SQL (no execution) |
| Compile reviewed-contract SQL (no execution) |
| One table's columns, relationships, and referencing questions |
| FK edges touching a table |
| Shortest FK join path between two tables |
| Reusable Metabase questions/models before writing SQL |
| Schema-change diff for a release |
| Inspect a specific release snapshot |
| Snapshot version, fingerprint, deployed-match status |
| Check a statement is read-only (no execution) |
| Hidden by default. Execute via Metabase only when |
Every response embeds the source snapshot + release version.
Context contract
context.contract.json is the vendor-neutral project contract. It records entity
grain, measures, dimensions, approved joins, fanout risk, and query policies.
The contract is reviewed like code and can be validated without credentials:
node dist/cli.js validate-contract context.contract.json
node dist/cli.js benchmark validate examples/benchmark.json examples/benchmark-observations.json
node dist/cli.js benchmark compare examples/benchmark.json examples/benchmark-direct-observations.json examples/benchmark-context-observations.json
node dist/cli.js snapshot validate --release v1.0.0-0 --contract context.contract.jsonCross-entity compilation uses only approved contract joins. Inferred foreign keys remain useful for discovery, but they cannot silently become semantic truth. High-fanout and many-to-many paths fail closed until explicitly modeled.
The benchmark format is intentionally model-neutral. Record each agent's selected measures, dimensions, entities, calls, latency, and answer correctness, then compare them against the same contract. This makes releases measurable on correctness, wrong joins, round trips, latency, and cost instead of relying on token estimates alone.
Release gate
Use one command in CI to block a release when snapshot validation, contract validation, or benchmark validation fails:
node dist/cli.js release-gate \
--release v1.0.0-0 \
--contract context.contract.json \
--benchmark examples/benchmark.json \
--observations examples/benchmark-observations.jsonThe example GitHub Actions workflow in .github/workflows/release.yml runs this
after snapshot build and before publish/promote.
Demo
Open docs/demo.html for a static overview of the workflow and copyable
commands. It does not require credentials or a dev server.
Declarative semantic queries
Agents should prefer semantic queries when a registered metric exists. They declare the measure and optional dimensions/filters; the layer owns the table, canonical formula, default filters, row cap, and read-only execution.
{
"measures": ["claims.csat_responses"],
"dimensions": [],
"limit": 100
}Use context_compile_semantic_query to get generated SQL, validate with
context_validate_sql, then run it in Metabase. Cross-table measures are rejected
until a reviewed join graph is registered. (context_run_semantic_query exists only
when CTXD_ALLOW_QUERY=true.)
Safety
API keys come only from env / secret manager, are never logged, and are never written into a snapshot.
Default: no query execution through ctxd. Agents get context + drafted SQL; users run queries in Metabase under their own access. Set
CTXD_ALLOW_QUERY=trueonly for trusted tech bots.When execution is enabled, SQL must start with
SELECT/WITH, parse as a single SELECT (fail closed), rejectSELECT ... INTO, enforce row/time limits, and validate table/column references against the active snapshot.Sensitive tables/fields can be denylisted (
DENYLISTenv) — they stay indexed but carry no descriptions and cannot be referenced in validated/executed SQL.Reviewed semantic and contract definition files may contain raw SQL expressions; treat those files like code.
Snapshots store metadata and query definitions only, never production rows.
When execution is enabled, every executed query is appended to
audit/queries.jsonl.
Status
Implements the Metabase adapter, indexers, SQLite snapshot + FTS search, MCP server, semantic + contract compilation, release versioning, release gate, benchmark harness, and multi-source metadata adapters (dbt/Cube/MetricFlow). Incremental snapshot refresh (Phase 5 in the BRD) is not yet implemented.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/thisis-gp/ctxd'
If you have feedback or need assistance with the MCP directory API, please join our Discord server