MCP Overview

Coming Soon: Rockfish MCP is currently under development and will be available in March 2025.

Rockfish MCP is a Model Context Protocol (MCP) server for querying Parquet files using DuckDB.

Features

• SQL queries via DuckDB - Full SQL support for Parquet files
• S3 support - AWS, MinIO, Cloudflare R2, DigitalOcean Spaces
• Configurable data sources - Abstract file locations from API
• Multiple output formats - JSON, JSON Lines, CSV, Table
• TLS support - Secure connections for remote access
• HTTP/WebSocket mode - Standard HTTP with Bearer token auth
• License validation - Verify Parquet files were generated by licensed probes

Operation Modes

Built-in Tools

Quick Example

# config.yaml
sources:
  flow:
    path: s3://security-data/netflow/
    description: Network flow data

output:
  default_format: json
  max_rows: 1000

ROCKFISH_CONFIG=config.yaml rockfish_mcp

Query example:

query:
  source: flow
  columns: [saddr, daddr, sbytes, dbytes]
  filter: "sbytes > 1000000"
  limit: 50

License Validation

Rockfish MCP will validate that Parquet files were generated by a licensed rockfish_probe. Each Parquet file includes signed metadata:

• rockfish.license_id - License identifier
• rockfish.tier - License tier (Community, Basic, Professional, Enterprise)
• rockfish.company - Company name
• rockfish.observation - Observation domain name

Configure validation per data source:

sources:
  prod_flows:
    path: s3://data/flows/
    require_license: true              # Reject unlicensed files
    allowed_license_ids:               # Optional: restrict to specific licenses
      - "lic_abc123"

Next Steps

• Setup - Configure MCP server
• Authentication - Secure your server
• Tools & Queries - Query reference