Nodal never needs access to your database — in the open-source repo or the hosted MCP server.
We never touch your database
Nodal serves your context layer — the definitions and canonical queries your analyst curated — not your data. When an agent needs to run SQL, it runs it through your own read-only warehouse connector (see self-service MCP setup). Nodal does not replicate, proxy, or store a connection to your warehouse. The credentials to your data never leave your side.For the hosted MCP server, we need only read-only GitHub
To serve your context to your team, the hosted endpoint needs to read the files in your context repo. That’s it:Context repo (required)
A read-only GitHub token for your analytics-context repo — the Markdown + YAML the endpoint
serves.
dbt repo (optional)
If you choose, a read-only token for your dbt project’s GitHub repo. dbt models and docs are
a nicely structured source for lineage, so the agent can check how a metric is computed.
What that means in practice
| Nodal can read | Nodal cannot access |
|---|---|
| Your analytics-context repo (read-only GitHub) | Your database / warehouse |
| Your dbt repo, if you opt in (read-only GitHub) | Any write access to your GitHub |
| The questions your team asks the endpoint | Data outside the repos you granted |
Organization scoping
Every request tohttps://analyst.nodaldata.io/mcp is authenticated with OAuth 2.0 and scoped to
your organization, so a token only ever reaches your organization’s context — never another
customer’s.