How do I install Trino MCP Server in Go?

Install Trino MCP Server in Go with a single command: npx mdskills install tuannvm/mcp-trino. This downloads the skill files into your project and your AI agent picks them up automatically.

What platforms support Trino MCP Server in Go?

Trino MCP Server in Go works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Gemini Cli, Amp, Roo Code, Goose. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.

← Back to MCP servers

Trino MCP Server in Go

Name: Trino MCP Server in Go: AI Agent Skill
Rating: 9 (1 reviews)
Author: tuannvm

Verified

MCP ServerDatabase DesignIntermediate

A high-performance Model Context Protocol (MCP) server for Trino implemented in Go. This project enables AI assistants to seamlessly interact with Trino's distributed SQL query engine through standardized MCP tools. This project implements a Model Context Protocol (MCP) server for Trino in Go. It enables AI assistants to access Trino's distributed SQL query engine through standardized MCP tools. T

by @tuannvm0Updated 1 weeks ago

Add this skill

npx mdskills install tuannvm/mcp-trino

Fork & Edit

Skill Advisor9.0

Production-ready MCP server with comprehensive OAuth, extensive tooling, and strong security practices

+Provides six well-documented Trino tools with clear use cases and schema discovery
+Implements sophisticated OAuth 2.1 with multiple providers and deployment modes
+Includes performance optimizations, CI/CD security, and SLSA provenance attestation
-Declares filesystem write and shell execution without documenting specific use cases

SKILL.md

Edit in Browser

1# Trino MCP Server in Go
2 
3A high-performance Model Context Protocol (MCP) server for Trino implemented in Go. This project enables AI assistants to seamlessly interact with Trino's distributed SQL query engine through standardized MCP tools.
4 
5[![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/tuannvm/mcp-trino/build.yml?branch=main&label=CI%2FCD&logo=github)](https://github.com/tuannvm/mcp-trino/actions/workflows/build.yml)
6[![Go Version](https://img.shields.io/github/go-mod/go-version/tuannvm/mcp-trino?logo=go)](https://github.com/tuannvm/mcp-trino/blob/main/go.mod)
7[![Trivy Scan](https://img.shields.io/github/actions/workflow/status/tuannvm/mcp-trino/build.yml?branch=main&label=Trivy%20Security%20Scan&logo=aquasec)](https://github.com/tuannvm/mcp-trino/actions/workflows/build.yml)
8[![SLSA 3](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev)
9[![Go Report Card](https://goreportcard.com/badge/github.com/tuannvm/mcp-trino)](https://goreportcard.com/report/github.com/tuannvm/mcp-trino)
10[![Go Reference](https://pkg.go.dev/badge/github.com/tuannvm/mcp-trino.svg)](https://pkg.go.dev/github.com/tuannvm/mcp-trino)
11[![Docker Image](https://img.shields.io/github/v/release/tuannvm/mcp-trino?sort=semver&label=GHCR&logo=docker)](https://github.com/tuannvm/mcp-trino/pkgs/container/mcp-trino)
12[![GitHub Release](https://img.shields.io/github/v/release/tuannvm/mcp-trino?sort=semver)](https://github.com/tuannvm/mcp-trino/releases/latest)
13[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
14 
15[![Trust Score](https://archestra.ai/mcp-catalog/api/badge/quality/tuannvm/mcp-trino)](https://archestra.ai/mcp-catalog/tuannvm__mcp-trino)
16 
17## Overview
18 
19This project implements a Model Context Protocol (MCP) server for Trino in Go. It enables AI assistants to access Trino's distributed SQL query engine through standardized MCP tools.
20 
21Trino (formerly PrestoSQL) is a powerful distributed SQL query engine designed for fast analytics on large datasets.
22 
23## Architecture
24 
25```mermaid
26graph TB
27    subgraph "AI Clients"
28        CC[Claude Code]
29        CD[Claude Desktop]
30        CR[Cursor]
31        WS[Windsurf]
32        CW[ChatWise]
33    end
34    
35    subgraph "Authentication (Optional)"
36        OP[OAuth Provider<br/>Okta/Google/Azure AD]
37        JWT[JWT Tokens]
38    end
39    
40    subgraph "MCP Server (mcp-trino)"
41        HTTP[HTTP Transport<br/>/mcp endpoint]
42        STDIO[STDIO Transport]
43        AUTH[OAuth Middleware]
44        TOOLS[MCP Tools<br/>• execute_query<br/>• list_catalogs<br/>• list_schemas<br/>• list_tables<br/>• get_table_schema<br/>• explain_query]
45    end
46    
47    subgraph "Data Layer"
48        TRINO[Trino Cluster<br/>Distributed SQL Engine]
49        CATALOGS[Data Sources<br/>• PostgreSQL<br/>• MySQL<br/>• S3/Hive<br/>• BigQuery<br/>• MongoDB]
50    end
51    
52    %% Connections
53    CC -.->|OAuth Flow| OP
54    OP -.->|JWT Token| JWT
55    
56    CC -->|HTTP + JWT| HTTP
57    CD -->|STDIO| STDIO
58    CR -->|HTTP + JWT| HTTP
59    WS -->|STDIO| STDIO
60    CW -->|HTTP + JWT| HTTP
61    
62    HTTP --> AUTH
63    AUTH -->|Validated| TOOLS
64    STDIO --> TOOLS
65    
66    TOOLS -->|SQL Queries| TRINO
67    TRINO --> CATALOGS
68    
69    %% Styling
70    classDef client fill:#e1f5fe
71    classDef auth fill:#f3e5f5
72    classDef server fill:#e8f5e8
73    classDef data fill:#fff3e0
74    
75    class CC,CD,CR,WS,CW client
76    class OP,JWT auth
77    class HTTP,STDIO,AUTH,TOOLS server
78    class TRINO,CATALOGS data
79```
80 
81**Key Components:**
82 
83- **AI Clients**: Various MCP-compatible applications
84- **Authentication**: Optional OAuth 2.0 with OIDC providers
85- **MCP Server**: Go-based server with dual transport support
86- **Data Layer**: Trino cluster connecting to multiple data sources
87 
88## Features
89 
90- ✅ MCP server implementation in Go
91- ✅ Trino SQL query execution through MCP tools
92- ✅ Catalog, schema, and table discovery
93- ✅ Docker container support
94- ✅ Supports both STDIO and HTTP transports
95- ✅ OAuth 2.1 authentication via [oauth-mcp-proxy](https://github.com/tuannvm/oauth-mcp-proxy) library
96  - **4 Providers**: HMAC, Okta, Google, Azure AD
97  - **Native mode**: Client handles OAuth directly (zero server-side secrets)
98  - **Proxy mode**: Server proxies OAuth flow for simple clients
99  - **Production-ready**: Token caching, PKCE, defense-in-depth security
100  - **Reusable**: OAuth library available for any Go MCP server
101- ✅ StreamableHTTP support with JWT authentication (upgraded from SSE)
102- ✅ Backward compatibility with SSE endpoints
103- ✅ Compatible with Cursor, Claude Desktop, Windsurf, ChatWise, and any MCP-compatible clients.
104- ✅ User Identity Tracking:
105  - **Query Attribution** (automatic): Tags queries with OAuth user via `X-Trino-Client-Tags/Info` headers
106  - **User Impersonation** (opt-in): Execute queries as OAuth user via `X-Trino-User` header
107 
108## Installation & Quick Start
109 
110**Install:**
111 
112```bash
113# Homebrew
114brew install tuannvm/mcp/mcp-trino
115 
116# Or one-liner (macOS/Linux)
117curl -fsSL https://raw.githubusercontent.com/tuannvm/mcp-trino/main/install.sh | bash
118```
119 
120**Run (Local Development):**
121 
122```bash
123export TRINO_HOST=localhost TRINO_USER=trino
124mcp-trino
125```
126 
127For production deployment with OAuth, see [Deployment Guide](docs/deployment.md) and [OAuth Architecture](docs/oauth.md).
128 
129## Usage
130 
131**Supported Clients:** Claude Desktop, Claude Code, Cursor, Windsurf, ChatWise
132 
133**Available Tools:** `execute_query`, `list_catalogs`, `list_schemas`, `list_tables`, `get_table_schema`, `explain_query`
134 
135For client integration and tool documentation, see [Integration Guide](docs/integrations.md) and [Tools Reference](docs/tools.md).
136 
137## Configuration
138 
139**Key Variables:** `TRINO_HOST`, `TRINO_USER`, `TRINO_SCHEME`, `MCP_TRANSPORT`, `OAUTH_PROVIDER`
140 
141**OAuth Configuration:**
142 
143```bash
144# Native mode (most secure - zero server-side secrets)
145export OAUTH_ENABLED=true OAUTH_MODE=native OAUTH_PROVIDER=okta
146export OIDC_ISSUER=https://company.okta.com OIDC_AUDIENCE=https://mcp-server.com
147 
148# Proxy mode (centralized credential management)
149export OAUTH_MODE=proxy OIDC_CLIENT_ID=app-id OIDC_CLIENT_SECRET=secret
150export OAUTH_REDIRECT_URI=https://mcp-server.com/oauth/callback  # Fixed mode (localhost-only)
151export OAUTH_REDIRECT_URI=https://app1.com/cb,https://app2.com/cb  # Allowlist mode
152export JWT_SECRET=$(openssl rand -hex 32)  # Required for multi-pod deployments
153```
154 
155**Performance Optimization:**
156 
157```bash
158# Focus AI on specific schemas only (10-20x performance improvement)
159export TRINO_ALLOWED_SCHEMAS="hive.analytics,hive.marts,hive.reporting"
160```
161 
162**User Identity Tracking:**
163 
164```bash
165# Query Attribution is AUTOMATIC when OAuth is enabled
166# Queries are tagged with X-Trino-Client-Tags and X-Trino-Client-Info headers
167 
168# For full impersonation (Trino enforces user permissions):
169export TRINO_ENABLE_IMPERSONATION=true
170export TRINO_IMPERSONATION_FIELD=email  # Options: username, email, subject
171```
172 
173For complete configuration, see [Deployment Guide](docs/deployment.md), [OAuth Guide](docs/oauth.md), [Allowlists Guide](docs/allowlists.md), and [User Identity Guide](docs/impersonation.md).
174 
175## OAuth Implementation
176 
177mcp-trino uses [oauth-mcp-proxy](https://github.com/tuannvm/oauth-mcp-proxy) - a standalone OAuth 2.1 library for Go MCP servers.
178 
179**Why a separate library?**
180- ✅ Reusable across any Go MCP server
181- ✅ Independent testing and versioning
182- ✅ Dedicated documentation and examples
183- ✅ Community-maintained OAuth implementation
184 
185**For OAuth details:**
186- [oauth-mcp-proxy Documentation](https://github.com/tuannvm/oauth-mcp-proxy#readme) - Complete OAuth guide
187- [Provider Setup Guides](https://github.com/tuannvm/oauth-mcp-proxy/tree/main/docs/providers) - Okta, Google, Azure AD
188- [Security Best Practices](https://github.com/tuannvm/oauth-mcp-proxy/blob/main/docs/SECURITY.md) - Production security
189 
190## Contributing
191 
192Contributions are welcome! Please feel free to submit a Pull Request.
193 
194## License
195 
196This project is licensed under the MIT License - see the LICENSE file for details.
197 
198## Related Projects
199 
200- **[oauth-mcp-proxy](https://github.com/tuannvm/oauth-mcp-proxy)** - OAuth 2.1 authentication library used by mcp-trino (reusable for any Go MCP server)
201 
202## CI/CD and Releases
203 
204This project uses GitHub Actions for continuous integration and GoReleaser for automated releases.
205 
206### Continuous Integration Checks
207 
208Our CI pipeline performs the following checks on all PRs and commits to the main branch:
209 
210#### Code Quality
211 
212- **Linting**: Using golangci-lint to check for common code issues and style violations
213- **Go Module Verification**: Ensuring go.mod and go.sum are properly maintained
214- **Formatting**: Verifying code is properly formatted with gofmt
215 
216#### Security
217 
218- **Vulnerability Scanning**: Using govulncheck to check for known vulnerabilities in dependencies
219- **Dependency Scanning**: Using Trivy to scan for vulnerabilities in dependencies (CRITICAL, HIGH, and MEDIUM)
220- **SBOM Generation**: Creating a Software Bill of Materials for dependency tracking
221- **SLSA Provenance**: Creating verifiable build provenance for supply chain security
222 
223#### Testing
224 
225- **Unit Tests**: Running tests with race detection and code coverage reporting
226- **Build Verification**: Ensuring the codebase builds successfully
227 
228#### CI/CD Security
229 
230- **Least Privilege**: Workflows run with minimum required permissions
231- **Pinned Versions**: All GitHub Actions use specific versions to prevent supply chain attacks
232- **Dependency Updates**: Automated dependency updates via Dependabot
233 
234### Release Process
235 
236When changes are merged to the main branch:
237 
2381. CI checks are run to validate code quality and security
2392. If successful, a new release is automatically created with:
240   - Semantic versioning based on commit messages
241   - Binary builds for multiple platforms
242   - Docker image publishing to GitHub Container Registry
243   - SBOM and provenance attestation
244

Full transparency — inspect the skill content before installing.