AI / LLM Engineering
MCP AI Tool-Server Engineering
Model Context Protocol (MCP) servers that safely expose governed, read-only enterprise analytics capabilities to AI assistants — the protocol work that lets an LLM take real, bounded actions against real enterprise data.
Fixed typed tools — no raw SQL
Query surface exposed to the LLM
Per-user, catalog-scoped
Access model
Zero
Arbitrary/raw queries permitted
The Problem
Enterprise AI assistants are far more useful when they can query real business data, but exposing that data to an LLM naively (e.g., an arbitrary-SQL tool) creates real injection, data-exfiltration, and governance risk. The goal was tool access that's genuinely useful and safe by construction.
My Approach
- Conducted structured research into MCP architecture, vendor integration patterns for enterprise AI platforms, security best practices, and production-readiness checklists (input sanitization, observability, lifecycle management) before writing implementation code.
- Designed a governed semantic query layer instead of exposing raw SQL: the server offers a fixed set of typed tools (e.g., account search, pipeline summaries, renewal-risk assessment, schema introspection) backed by server-owned, pre-defined read-only query templates — the model can ask rich analytical questions, but cannot construct or execute arbitrary queries, run writes/DDL, or dump raw tables.
- Enforced per-user authentication against the underlying data platform with catalog-level access control, so the AI assistant only ever sees data the requesting user is already entitled to see — no shared "super user" service credential doing the querying.
- Built the local development version to be fully offline-safe by default (no live connection on import/startup, dry-run profiling mode) so it's safe to develop and test against without accidentally touching production data.
- Validated the deployed version end-to-end against real production data before intentionally pausing/decommissioning it pending a broader security review — a deliberate, security-first decision rather than leaving an unreviewed integration running indefinitely.
Stack
Protocol/Framework
Model Context Protocol (MCP)FastMCP (mcp.server.fastmcp)Streamable HTTP transport
Data Platform
Databricks (Unity Catalog governed access, per-user OAuth)
Language
Python
Deployment
Google Cloud RunAuthenticated-only ingress
AI Integration
Google Cloud Gemini Enterprise (Vertex AI Search / Discovery Engine)
Practices
Secure-by-design tool surfaces for LLMsLeast-privilege data accessOffline-safe local development
Skills Demonstrated
- ▸Applied understanding of emerging AI tool-use protocols (MCP) ahead of mainstream adoption
- ▸Security-first API design specifically for LLM consumers (a meaningfully different threat model than a typical human-facing API)
- ▸Data governance and least-privilege access control in an AI context
- ▸Willingness to build something, prove it works, and then pause it for proper review rather than optimizing purely for "shipped"