OSDU MCP Server
Access OSDU platform capabilities including search, data management, and schema operations.
OSDU MCP Server
A Model Context Protocol (MCP) server that provides AI assistants with access to OSDU platform capabilities.
Purpose
This server enables AI assistants to interact with OSDU platform services including search, data management, and schema operations through the MCP protocol.
AI-Driven Development
This project follows an AI-driven development workflow:
- 🤖 Built with AI - Developed using Claude Code and GitHub Copilot
- 📋 AI Task Assignment - Issues labeled with
copilotare automatically assigned - 📚 AI-Friendly Documentation - Comprehensive guides for AI agents in CLAUDE.md and .github/copilot-instructions.md
- 🔄 Multi-Agent Orchestration - Different AI agents handle different tasks based on their strengths
See our Case Study for insights on building quality code with AI agents.
Documentation
Installation
# Clone the repository
git clone <repository-url>
cd osdu-mcp-server
# Install using uv (recommended)
uv sync
uv pip install -e '.[dev]'
Configuration
Claude Code CLI
To add this MCP server using the Claude Code CLI:
claude mcp add osdu-mcp-server uvx "git+https://github.com/danielscholl-osdu/osdu-mcp-server@main" \
-e "OSDU_MCP_SERVER_URL=https://your-osdu.com" \
-e "OSDU_MCP_SERVER_DATA_PARTITION=your-partition" \
-e "AZURE_CLIENT_ID=your-client-id" \
-e "AZURE_TENANT_ID=your-tenant-id"
Direct Installation
To use this MCP server in your projects, add the following to your .mcp.json file:
{
"mcpServers": {
"osdu-mcp-server": {
"type": "stdio",
"command": "uvx",
"args": [
"--from",
"git+https://github.com/danielscholl-osdu/osdu-mcp-server@main",
"osdu-mcp-server"
],
"env": {
"OSDU_MCP_SERVER_URL": "https://your-osdu.com",
"OSDU_MCP_SERVER_DATA_PARTITION": "your-partition",
"AZURE_CLIENT_ID": "your-client-id",
"AZURE_TENANT_ID": "your-tenant-id"
}
}
}
}
VS Code Quick Install
Local Development
For local development, you can also use the local installation method:
To use the OSDU MCP Server, configure it through your MCP client's configuration file:
{
"mcpServers": {
"osdu-mcp-server": {
"type": "stdio",
"command": "uv",
"args": ["run", "osdu-mcp-server"],
"env": {
"OSDU_MCP_SERVER_URL": "https://your-osdu.com",
"OSDU_MCP_SERVER_DATA_PARTITION": "your-partition",
"AZURE_CLIENT_ID": "your-client-id",
"AZURE_TENANT_ID": "your-tenant"
}
}
}
}
Domain Configuration
Critical for ACL Format: OSDU deployments use different data domain formats for Access Control Lists (ACL). Configure your data domain to avoid ACL format errors:
"env": {
"OSDU_MCP_SERVER_DOMAIN": "contoso.com"
}
Data Domain Examples:
- Standard OSDU:
contoso.com(default) - Microsoft OSDU:
dataservices.energy - Microsoft Internal:
msft-osdu-test.org
Data Domain Detection Methods:
- Environment Variable (Recommended): Set
OSDU_MCP_SERVER_DOMAIN - Use Entitlements Tool: Run
entitlements_mine()to see your group format - Check with Administrator: Ask your OSDU administrator for the correct data domain
Important: The data domain is the internal OSDU data system domain used in ACL group emails, not the FQDN from your server URL.
If not set, the server will attempt to extract the domain from your server URL. For more guidance, use the MCP resource: ReadMcpResourceTool(server="osdu-mcp-server", uri="file://acl-format-examples.json").
Authentication Methods
The server supports two authentication methods:
Method 1: Azure CLI Authentication (Recommended for Development)
- Setup: Run
az loginbefore using the server - Environment Variables:
AZURE_CLIENT_ID: Your OSDU application IDAZURE_TENANT_ID: Your Azure tenant ID- No
AZURE_CLIENT_SECRETneeded
Claude Code CLI Example:
claude mcp add osdu-mcp-server uvx "git+https://github.com/danielscholl-osdu/osdu-mcp-server@main" \
-e "OSDU_MCP_SERVER_URL=https://your-osdu.com" \
-e "OSDU_MCP_SERVER_DATA_PARTITION=your-partition" \
-e "AZURE_CLIENT_ID=your-osdu-app-id" \
-e "AZURE_TENANT_ID=your-tenant-id"
Method 2: Service Principal Authentication (Recommended for Production)
- Setup: Create or use an existing service principal
- Environment Variables:
AZURE_CLIENT_ID: Service principal IDAZURE_CLIENT_SECRET: Service principal secretAZURE_TENANT_ID: Your Azure tenant IDOSDU_MCP_AUTH_SCOPE: (Optional) Custom OAuth scope for v1.0 token environments
Claude Code CLI Example:
claude mcp add osdu-mcp-server uvx "git+https://github.com/danielscholl-osdu/osdu-mcp-server@main" \
-e "OSDU_MCP_SERVER_URL=https://your-osdu.com" \
-e "OSDU_MCP_SERVER_DATA_PARTITION=your-partition" \
-e "AZURE_CLIENT_ID=your-service-principal-id" \
-e "AZURE_CLIENT_SECRET=your-service-principal-secret" \
-e "AZURE_TENANT_ID=your-tenant-id"
Method 3: v1.0 Token Authentication (Legacy OSDU Environments)
For OSDU environments configured with v1.0 tokens ("requestedAccessTokenVersion": 1 in app manifest):
- Setup: Service principal with access to OSDU resource application
- Environment Variables:
AZURE_CLIENT_ID: Service principal ID (authentication app)AZURE_CLIENT_SECRET: Service principal secretAZURE_TENANT_ID: Your Azure tenant IDOSDU_MCP_AUTH_SCOPE: Target OSDU application ID with/.defaultsuffix
Example Configuration:
{
"mcpServers": {
"osdu-mcp-server": {
"type": "stdio",
"command": "uvx",
"args": ["git+https://github.com/danielscholl-osdu/osdu-mcp-server@main"],
"env": {
"OSDU_MCP_SERVER_URL": "https://your-osdu.com",
"OSDU_MCP_SERVER_DATA_PARTITION": "your-partition",
"AZURE_CLIENT_ID": "service-principal-id",
"AZURE_CLIENT_SECRET": "service-principal-secret",
"AZURE_TENANT_ID": "your-tenant-id",
"OSDU_MCP_AUTH_SCOPE": "osdu-resource-app-id/.default"
}
}
}
}
Use Cases:
- Legacy OSDU deployments with v1.0 token requirements
- Environments where you authenticate with one app but request tokens for another
- OSDU platforms with dedicated resource applications and specific JWT audience requirements
Authorization Setup
When you need additional setup:
- ✅ Azure CLI auth: Always requires authorization setup
- ✅ External service principal: Requires authorization setup
- ❌ OSDU app's own service principal: No additional setup needed
For Azure CLI or External Service Principal:
- Navigate to your OSDU application in App registrations
- Go to Expose an API → Authorized client applications
- Click Add a client application
- Enter the client ID:
- Azure CLI:
04b07795-8ddb-461a-bbee-02f9e1bf7b46 - External Service Principal: Your service principal's ID
- Azure CLI:
- Select the
user_impersonationscope - Click Add
Verify authentication:
az account get-access-token --resource YOUR_AZURE_CLIENT_ID
Common Issues:
- "Application not found": Azure CLI app doesn't exist in some tenants. Use service principal instead.
- "Invalid resource": The client hasn't been authorized. Follow authorization setup above.
- "Authentication failed": Verify your client ID matches your OSDU application or service principal.
Write Operations
Write operations (create, update) for any service are disabled by default, you must explicitly enable them:
"env": {
"OSDU_MCP_ENABLE_WRITE_MODE": "true"
}
Delete Operations
Delete and purge operations are separately controlled and disabled by default:
"env": {
"OSDU_MCP_ENABLE_DELETE_MODE": "true"
}
This dual protection allows you to enable data creation and updates while maintaining strict control over destructive operations.
Complete Configuration Example
Here's a complete .mcp.json configuration example with all common environment variables:
{
"mcpServers": {
"osdu-mcp-server": {
"type": "stdio",
"command": "uv",
"args": ["run", "osdu-mcp-server"],
"env": {
"OSDU_MCP_SERVER_URL": "https://your-osdu.com",
"OSDU_MCP_SERVER_DATA_PARTITION": "opendes",
"OSDU_MCP_SERVER_DOMAIN": "contoso.com",
"OSDU_MCP_ENABLE_WRITE_MODE": "true",
"OSDU_MCP_ENABLE_DELETE_MODE": "true",
"AZURE_CLIENT_ID": "your-client-id",
"AZURE_TENANT_ID": "your-tenant-id",
"AZURE_CLIENT_SECRET": "your-client-secret"
}
}
}
}
Logging Configuration
The MCP server uses structured JSON logging that follows ADR-016. By default, logging is disabled due to verbosity. You can enable it by setting:
"env": {
"OSDU_MCP_LOGGING_ENABLED": "true",
"OSDU_MCP_LOGGING_LEVEL": "INFO"
}
Valid logging levels: DEBUG, INFO, WARNING, ERROR, CRITICAL
Usage
Health Check
osdu:health_check
This returns the health status of your OSDU platform, checking authentication and the availability of all services (storage, search, legal, schema, file, workflow, entitlements, and dataset).
Available Capabilities
Prompts
- list_mcp_assets: Comprehensive overview of all server capabilities with usage examples and quick start guidance
- guide_search_patterns: Search pattern guidance for OSDU operations with Elasticsearch syntax examples
Tools
Foundation
- health_check: Check OSDU platform connectivity and service health
Partition Service
- partition_list: List all accessible OSDU partitions
- partition_get: Retrieve configuration for a specific partition
- partition_create: Create a new partition (write-protected)
- partition_update: Update partition properties (write-protected)
- partition_delete: Delete a partition (write-protected)
Entitlements Service
- entitlements_mine: Get groups for the current authenticated user
Legal Service
- legaltag_list: List all legal tags
- legaltag_get: Get specific legal tag
- legaltag_get_properties: Get allowed property values
- legaltag_search: Search legal tags with filters
- legaltag_batch_retrieve: Get multiple tags at once
- legaltag_create: Create new legal tag (write-protected)
- legaltag_update: Update legal tag (write-protected)
- legaltag_delete: Delete legal tag (delete-protected)
Schema Service
- schema_list: List available schemas with optional filtering
- schema_get: Retrieve complete schema by ID
- schema_search: Advanced schema discovery with rich filtering and text search
- schema_create: Create a new schema (write-protected)
- schema_update: Update an existing schema (write-protected)
Search Service
- search_query: Execute search queries using Elasticsearch syntax
- search_by_id: Find specific records by ID
- search_by_kind: Find all records of specific type
Storage Service
- storage_create_update_records: Create or update records (write-protected)
- storage_get_record: Get latest version of a record by ID
- storage_get_record_version: Get specific version of a record
- storage_list_record_versions: List all versions of a record
- storage_query_records_by_kind: Get record IDs of a specific kind
- storage_fetch_records: Retrieve multiple records at once
- storage_delete_record: Logically delete a record (delete-protected)
- storage_purge_record: Permanently delete a record (delete-protected)
Related Servers
Remote MCP Server on Cloudflare
A remote MCP server that runs on Cloudflare Workers and supports OAuth login.
MCP Force
Exposes Salesforce APIs as tools for AI agents.
CData Zoho Inventory Server
A read-only MCP server by CData for querying live Zoho Inventory data.
My MCP
A remote MCP server deployable on Cloudflare Workers without authentication.
GAM MCP Server
Administer Google Workspace using the GAM command-line tool.
Remote MCP Server (Authless)
An example of a remote MCP server deployable on Cloudflare Workers without authentication.
Concordia MCP
Provides comprehensive analytics for Solana wallets, including real-time portfolio insights and detailed DeFi activity tracking.
GCP MCP Server
Access and manage Google Cloud Platform (GCP) services and resources.
Remote MCP Server on Cloudflare
A remote MCP server deployable on Cloudflare Workers with OAuth login support.
Remote MCP Server (Authless)
A remote, auth-less MCP server deployable on Cloudflare Workers or locally via npm.