Fabric Data Engineering MCP Server
A secure Model Context Protocol (MCP) server for Microsoft Fabric Data Engineering operations. Execute notebooks, pipelines, Spark jobs, and manage Lakehouses through a standardized interface.
Version
v1.0.1 - Security-hardened release
Features
- Workspace Management: List workspaces and items
- Notebook Operations: Run, monitor, and cancel notebook executions
- Pipeline Operations: Execute and manage data pipelines
- Lakehouse Management: Create, delete, and load data into Lakehouses
- Spark Jobs: Run Spark job definitions
- Scheduling: Create and manage schedules for notebooks, pipelines, and Spark jobs
- Health Check: Monitor server health and connectivity
Security Features
This release includes comprehensive security hardening:
- ✅ Input Validation: UUID format validation for all resource IDs
- ✅ Parameter Limits: Max 50 parameters per execution, 1KB per value
- ✅ Rate Limiting: Configurable per-category rate limits
- ✅ Audit Logging: Structured JSON logs for compliance (SOC 2, HIPAA)
- ✅ Error Sanitization: Credentials never exposed in error messages
- ✅ Read-Only Mode: Disable destructive operations
- ✅ Path Traversal Protection: Sanitized file paths for OneLake operations
Installation
npm install fabric-data-engineering-mcp
Or run directly with npx:
npx fabric-data-engineering-mcp
Configuration
Required Environment Variables
Authentication requires one of the following configurations:
Option 1: Service Principal (Recommended for Production)
export AZURE_TENANT_ID="your-tenant-id"
export AZURE_CLIENT_ID="your-client-id"
export AZURE_CLIENT_SECRET="your-client-secret"
export FABRIC_AUTH_METHOD="client_credentials"
Option 2: Azure CLI (Development)
az login
# No additional env vars needed, uses FABRIC_AUTH_METHOD="default"
Option 3: Interactive Browser
export AZURE_TENANT_ID="your-tenant-id"
export AZURE_CLIENT_ID="your-client-id"
export FABRIC_AUTH_METHOD="interactive"
Optional Environment Variables
| Variable | Default | Description |
|---|---|---|
FABRIC_DEBUG | false | Enable verbose error messages |
FABRIC_READ_ONLY | false | Disable destructive operations |
FABRIC_AUDIT_LOG | true | Enable audit logging to stderr |
FABRIC_RATE_LIMIT | true | Enable rate limiting |
FABRIC_RATE_LIMIT_GLOBAL | 100 | Max requests per minute (global) |
FABRIC_RATE_LIMIT_WRITE | 20 | Max write operations per minute |
FABRIC_RATE_LIMIT_DELETE | 10 | Max delete operations per minute |
FABRIC_TIMEOUT_MS | 30000 | HTTP request timeout |
FABRIC_LRO_TIMEOUT_MS | 300000 | Long-running operation timeout |
FABRIC_MAX_RETRIES | 3 | Max retry attempts |
FABRIC_TOKEN_REFRESH_BUFFER_MINUTES | 2 | Token refresh buffer |
Claude Desktop Configuration
Add to your Claude Desktop configuration file:
{
"mcpServers": {
"fabric-data-engineering": {
"command": "npx",
"args": ["-y", "fabric-data-engineering-mcp@1.0.1"],
"env": {
"AZURE_TENANT_ID": "your-tenant-id",
"AZURE_CLIENT_ID": "your-client-id",
"AZURE_CLIENT_SECRET": "your-secret",
"FABRIC_DEBUG": "false",
"FABRIC_READ_ONLY": "false",
"NODE_ENV": "production"
}
}
}
}
Production Configuration (Recommended)
{
"mcpServers": {
"fabric-data-engineering": {
"command": "npx",
"args": ["-y", "fabric-data-engineering-mcp@1.0.1"],
"env": {
"AZURE_TENANT_ID": "your-tenant-id",
"AZURE_CLIENT_ID": "your-client-id",
"AZURE_CLIENT_SECRET": "your-secret",
"FABRIC_DEBUG": "false",
"FABRIC_READ_ONLY": "false",
"FABRIC_AUDIT_LOG": "true",
"FABRIC_RATE_LIMIT": "true",
"FABRIC_TIMEOUT_MS": "30000",
"NODE_ENV": "production"
}
}
}
}
Available Tools
Workspace Tools
| Tool | Description |
|---|---|
workspace_list | List all accessible workspaces |
workspace_get | Get details of a specific workspace |
workspace_items_list | List items in a workspace |
Notebook Tools
| Tool | Description |
|---|---|
notebook_list | List notebooks in a workspace |
notebook_run | Execute a notebook (max 50 parameters) |
notebook_run_status | Check notebook run status |
notebook_run_cancel | Cancel a running notebook |
Pipeline Tools
| Tool | Description |
|---|---|
pipeline_list | List pipelines in a workspace |
pipeline_run | Execute a pipeline (max 50 parameters) |
pipeline_run_status | Check pipeline run status |
pipeline_run_cancel | Cancel a running pipeline |
Lakehouse Tools
| Tool | Description |
|---|---|
lakehouse_list | List Lakehouses in a workspace |
lakehouse_get | Get Lakehouse details |
lakehouse_create | Create a new Lakehouse |
lakehouse_delete | Delete a Lakehouse |
lakehouse_tables_list | List tables in a Lakehouse |
lakehouse_table_load | Load data into a table |
Spark Tools
| Tool | Description |
|---|---|
spark_job_list | List Spark job definitions |
spark_job_run | Execute a Spark job |
spark_job_status | Check Spark job status |
spark_job_cancel | Cancel a running Spark job |
Scheduler Tools
| Tool | Description |
|---|---|
schedule_list | List schedules for an item |
schedule_create | Create a new schedule |
schedule_delete | Delete a schedule |
schedule_enable | Enable a schedule |
schedule_disable | Disable a schedule |
Health Tools
| Tool | Description |
|---|---|
health_check | Check server health and connectivity |
Input Validation
All resource IDs must be valid UUID v4 format:
xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx
Where:
xis a hexadecimal digit (0-9, a-f)yis one of 8, 9, a, or b
Parameter Limits
| Limit | Value |
|---|---|
| Max parameters per execution | 50 |
| Max parameter value length | 1,024 characters |
| Max total parameter size | 1 MB |
| Max display name length | 256 characters |
| Max description length | 4,096 characters |
Rate Limiting
Default rate limits (per minute):
| Category | Default Limit |
|---|---|
| Read operations | 60/min |
| Write/Execute operations | 20/min |
| Delete operations | 10/min |
| Global (all operations) | 100/min |
Override with environment variables:
export FABRIC_RATE_LIMIT_GLOBAL=200
export FABRIC_RATE_LIMIT_WRITE=50
export FABRIC_RATE_LIMIT_DELETE=20
Audit Logging
When enabled (FABRIC_AUDIT_LOG=true), structured JSON logs are written to stderr:
{
"timestamp": "2024-01-15T09:00:00.000Z",
"type": "audit",
"correlationId": "1705312800000-abc123def",
"toolName": "notebook_run",
"action": "success",
"workspaceId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"resourceId": "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy",
"resourceType": "Notebook",
"durationMs": 1234
}
Log Fields
| Field | Description |
|---|---|
timestamp | ISO 8601 timestamp |
type | Always "audit" |
correlationId | Unique request identifier |
toolName | Name of the tool invoked |
action | "invoke", "success", or "failure" |
workspaceId | Workspace ID (if applicable) |
resourceId | Resource ID (if applicable) |
resourceType | Type of resource |
durationMs | Execution time in milliseconds |
errorCode | Error code (on failure) |
errorMessage | Sanitized error message (on failure) |
Read-Only Mode
Enable read-only mode to disable all destructive operations:
export FABRIC_READ_ONLY=true
Disabled tools in read-only mode:
lakehouse_create,lakehouse_delete,lakehouse_table_loadnotebook_run,notebook_run_cancelpipeline_run,pipeline_run_cancelspark_job_run,spark_job_cancelschedule_create,schedule_delete,schedule_enable,schedule_disable
Error Handling
Errors are sanitized to prevent credential leakage:
- In production (
FABRIC_DEBUG=false): Generic error messages - In debug mode (
FABRIC_DEBUG=true): Detailed but sanitized messages
Sensitive data patterns that are redacted:
client_secret=***Bearer ***password=***- JWT tokens
- Long hex strings (potential secrets)
Development
# Install dependencies
npm install
# Run in development mode
npm run dev
# Build for production
npm run build
# Type check
npm run typecheck
# Security audit
npm audit
Azure Permissions
The service principal or user must have the following permissions in Microsoft Fabric:
| Operation | Required Role |
|---|---|
| List/Get workspaces | Viewer |
| List items | Viewer |
| Run notebooks/pipelines | Contributor |
| Create/Delete Lakehouses | Contributor |
| Manage schedules | Contributor |
Security Best Practices
- Use Service Principals: Avoid interactive auth in production
- Enable Read-Only Mode: When write access isn't needed
- Enable Audit Logging: For compliance and monitoring
- Pin Dependencies: Use exact versions in package.json
- Rotate Secrets: Regularly rotate client secrets
- Use Azure Key Vault: Store secrets securely
- Monitor Logs: Integrate with SIEM for alerting
Troubleshooting
Authentication Errors
# Enable debug mode for detailed errors
export FABRIC_DEBUG=true
Common issues:
- AADSTS700016: Application not found - check CLIENT_ID
- AADSTS7000215: Invalid secret - check CLIENT_SECRET
- AADSTS50076: MFA required - use Azure CLI auth
Rate Limit Errors
Reduce request frequency or increase limits:
export FABRIC_RATE_LIMIT_GLOBAL=200
Timeout Errors
Increase timeout for long operations:
export FABRIC_TIMEOUT_MS=60000
export FABRIC_LRO_TIMEOUT_MS=600000
Changelog
v1.0.1 (Security Release)
- Security: Fixed ReDoS vulnerability in MCP SDK (GHSA-8r9q-7v3j-jr4g)
- Security: Fixed DNS rebinding vulnerability (GHSA-w48q-cv73-mx4w)
- Security: Added UUID validation for all resource IDs
- Security: Added parameter count and size limits
- Security: Implemented error message sanitization
- Security: Added rate limiting at tool layer
- Security: Added audit logging for compliance
- Security: Added read-only mode
- Feature: Added health_check tool
- Fix: Reduced token refresh buffer from 5 to 2 minutes
- Fix: Pinned all dependency versions
v1.0.0
- Initial release
License
MIT
Contributing
- Fork the repository
- Create a feature branch
- Run tests and security audit
- Submit a pull request
Support
For issues and feature requests, please open a GitHub issue.