datasecops-cli 0.5.1__tar.gz → 0.5.3__tar.gz

{datasecops_cli-0.5.1 → datasecops_cli-0.5.3}/CHANGELOG.md

@@ -2,6 +2,35 @@
 
 All notable changes to the DataSecOps CLI are documented in this file.
 
+## [0.5.3] - 2026-06-05
+
+### Changed
+
+- **MCP linting tools report progress** — `lint_sql`, `fix_sql`, and `lint_project` now use MCP `Context` to send progress notifications and info messages during execution, so callers can see what stage the tool is at (project discovery, running SQLFluff, processing results).
+- **MCP linting tools no longer block the event loop** — subprocess calls to SQLFluff are wrapped in `asyncio.to_thread` so the MCP server remains responsive while linting runs.
+- **`_ensure_dbt_packages` skips `dbt deps` when packages exist** — `dbt deps` is only triggered when `dbt_packages/` is actually empty, but the `dbt-snowflake` Python package check always runs to ensure the dbt templater works.
+
+## [0.5.2] - 2026-06-05
+
+### Added
+
+- **`get_sqlfluff_config` MCP tool** — exposes the rendered `.sqlfluff` INI config file from the native app, allowing AI tools to retrieve the exact linting configuration without needing a local `.sqlfluff` file.
+- **`get_documentation` MCP tool** — exposes framework documentation topics (model development, data governance, deployment, etc.) so AI tools can reference framework conventions directly.
+
+### Changed
+
+- **Cortex Code MCP config is now project-level** — MCP server registration for Cortex Code now writes `.snowflake/cortex/mcp.json` in the project root instead of calling `cortex mcp add`. This enables project-scoped MCP servers in Cortex Code Desktop and removes the dependency on the `cortex` binary being installed.
+- **All MCP servers included in Cortex Code config** — the datasecops-framework, GitHub, Azure DevOps, and dbt MCP servers are all written to the project-level config file with `"type": "stdio"` field.
+- **Cortex Code always available as an AI tool option** — removed the `shutil.which("cortex")` check since we no longer need the cortex binary for MCP configuration.
+- **Expanded `_ALLOWED_PROCEDURES`** — added `get_sqlfluff_config_file` and `get_documentation` to the MCP connection allowlist.
+
+### Fixed
+
+- **Linting now installs dbt-snowflake at framework-pinned version** — the CLI lint menu fetches both SQLFluff and dbt requirements from the native app and ensures all packages (including `dbt-core` and `dbt-snowflake`) are installed at the correct versions before linting.
+- **Linting runs `dbt deps` if packages are missing** — if `packages.yml` exists but `dbt_packages/` is empty, `dbt deps` is run automatically before linting to satisfy the sqlfluff dbt templater.
+- **Default `.sqlfluffignore` created on first lint** — excludes `target/`, `dbt_packages/`, `dbt_modules/`, `logs/`, `macros/`, `models/cortex/agents`, `models/cortex/semantic_views`, `objects/stages/config/`, and `objects/file_formats/config/`.
+- **MCP linting tools check for dbt-snowflake** — the MCP server lint/fix tools now verify `dbt-snowflake` is installed (and install it if missing) before running SQLFluff.
+
 ## [0.5.1] - 2026-06-04
 
 ### Added

{datasecops_cli-0.5.1 → datasecops_cli-0.5.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: datasecops-cli
-Version: 0.5.1
+Version: 0.5.3
 Summary: DataSecOps Framework CLI for Snowflake Native App
 License-Expression: MIT
 License-File: LICENSE
@@ -158,10 +158,60 @@ The package includes an MCP (Model Context Protocol) server that exposes your fr
 
 ### Setup for AI Tools
 
-**Cortex Code:**
+**Cortex Code** — add to `.snowflake/cortex/mcp.json` in your project root:
 
-```bash
-cortex mcp add datasecops-framework -- datasecops-mcp --connection-name <CONNECTION> --app-database <APP_DB>
+```json
+{
+  "mcpServers": {
+    "datasecops-framework": {
+      "type": "stdio",
+      "command": "datasecops-mcp",
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
+    },
+    "github": {
+      "type": "stdio",
+      "command": "npx",
+      "args": ["-y", "@modelcontextprotocol/server-github"],
+      "env": {
+        "GITHUB_PERSONAL_ACCESS_TOKEN": "<your-github-pat>"
+      }
+    },
+    "dbt": {
+      "type": "stdio",
+      "command": "uvx",
+      "args": ["dbt-mcp"]
+    }
+  }
+}
+```
+
+For Azure DevOps instead of GitHub:
+
+```json
+{
+  "mcpServers": {
+    "datasecops-framework": {
+      "type": "stdio",
+      "command": "datasecops-mcp",
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
+    },
+    "azure-devops": {
+      "type": "stdio",
+      "command": "npx",
+      "args": ["-y", "@tiberriver256/mcp-server-azure-devops"],
+      "env": {
+        "AZURE_DEVOPS_ORG_URL": "https://dev.azure.com/<your-org>",
+        "AZURE_DEVOPS_AUTH_METHOD": "pat",
+        "AZURE_DEVOPS_PAT": "<your-azure-pat>"
+      }
+    },
+    "dbt": {
+      "type": "stdio",
+      "command": "uvx",
+      "args": ["dbt-mcp"]
+    }
+  }
+}
 ```
 
 **VS Code / Cursor** — add to `.vscode/mcp.json` or `.cursor/mcp.json`:

{datasecops_cli-0.5.1 → datasecops_cli-0.5.3}/README.md

@@ -139,10 +139,60 @@ The package includes an MCP (Model Context Protocol) server that exposes your fr
 
 ### Setup for AI Tools
 
-**Cortex Code:**
+**Cortex Code** — add to `.snowflake/cortex/mcp.json` in your project root:
 
-```bash
-cortex mcp add datasecops-framework -- datasecops-mcp --connection-name <CONNECTION> --app-database <APP_DB>
+```json
+{
+  "mcpServers": {
+    "datasecops-framework": {
+      "type": "stdio",
+      "command": "datasecops-mcp",
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
+    },
+    "github": {
+      "type": "stdio",
+      "command": "npx",
+      "args": ["-y", "@modelcontextprotocol/server-github"],
+      "env": {
+        "GITHUB_PERSONAL_ACCESS_TOKEN": "<your-github-pat>"
+      }
+    },
+    "dbt": {
+      "type": "stdio",
+      "command": "uvx",
+      "args": ["dbt-mcp"]
+    }
+  }
+}
+```
+
+For Azure DevOps instead of GitHub:
+
+```json
+{
+  "mcpServers": {
+    "datasecops-framework": {
+      "type": "stdio",
+      "command": "datasecops-mcp",
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
+    },
+    "azure-devops": {
+      "type": "stdio",
+      "command": "npx",
+      "args": ["-y", "@tiberriver256/mcp-server-azure-devops"],
+      "env": {
+        "AZURE_DEVOPS_ORG_URL": "https://dev.azure.com/<your-org>",
+        "AZURE_DEVOPS_AUTH_METHOD": "pat",
+        "AZURE_DEVOPS_PAT": "<your-azure-pat>"
+      }
+    },
+    "dbt": {
+      "type": "stdio",
+      "command": "uvx",
+      "args": ["dbt-mcp"]
+    }
+  }
+}
 ```
 
 **VS Code / Cursor** — add to `.vscode/mcp.json` or `.cursor/mcp.json`:

{datasecops_cli-0.5.1 → datasecops_cli-0.5.3}/docs/getting-started.md

@@ -215,20 +215,23 @@ Create `.cursor/mcp.json` in your project root with the same format as above.
 
 ### Cortex Code (CoCo)
 
-Add servers from the command line:
+Create `.snowflake/cortex/mcp.json` in your project root:
 
-```bash
-# DataSecOps Framework
-cortex mcp add datasecops-framework -- datasecops-mcp --connection-name <CONNECTION> --app-database <APP_DB>
-
-# dbt
-cortex mcp add dbt -- uvx dbt-mcp
-
-# GitHub
-cortex mcp add github -e GITHUB_PERSONAL_ACCESS_TOKEN=$GITHUB_TOKEN -- npx -y @modelcontextprotocol/server-github
-
-# OR Azure DevOps
-cortex mcp add azure-devops -e AZURE_DEVOPS_ORG_URL=$AZURE_DEVOPS_ORG_URL -e AZURE_DEVOPS_AUTH_METHOD=pat -e AZURE_DEVOPS_PAT=$AZURE_DEVOPS_PAT -- npx -y @tiberriver256/mcp-server-azure-devops
+```json
+{
+  "mcpServers": {
+    "datasecops-framework": {
+      "type": "stdio",
+      "command": "datasecops-mcp",
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
+    },
+    "dbt": {
+      "type": "stdio",
+      "command": "uvx",
+      "args": ["dbt-mcp"]
+    }
+  }
+}
 ```
 
 Verify all servers are connected:

{datasecops_cli-0.5.1 → datasecops_cli-0.5.3}/docs/mcp-server.md

@@ -24,8 +24,18 @@ If `--connection-name` and `--app-database` are not provided, the server falls b
 
 ### Cortex Code
 
-```bash
-cortex mcp add datasecops-framework -- datasecops-mcp --connection-name <CONNECTION> --app-database <APP_DB>
+Create `.snowflake/cortex/mcp.json` in your project root:
+
+```json
+{
+  "mcpServers": {
+    "datasecops-framework": {
+      "type": "stdio",
+      "command": "datasecops-mcp",
+      "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"]
+    }
+  }
+}
 ```
 
 ### Claude Code

{datasecops_cli-0.5.1 → datasecops_cli-0.5.3}/mcp-servers.json

@@ -1,12 +1,13 @@
 {
   "mcpServers": {
     "datasecops-framework": {
+      "type": "stdio",
       "command": "datasecops-mcp",
       "args": ["--connection-name", "<CONNECTION>", "--app-database", "<APP_DB>"],
-      "env": {},
       "description": "DataSecOps Framework governance rules, branching conventions, linting config, and project profiles from your Snowflake Native App"
     },
     "github": {
+      "type": "stdio",
       "command": "npx",
       "args": ["-y", "@modelcontextprotocol/server-github"],
       "env": {
@@ -15,6 +16,7 @@
       "description": "GitHub API access for PRs, issues, checks, and repository management"
     },
     "azure-devops": {
+      "type": "stdio",
       "command": "npx",
       "args": ["-y", "@tiberriver256/mcp-server-azure-devops"],
       "env": {
@@ -23,6 +25,12 @@
         "AZURE_DEVOPS_PAT": "<your-azure-pat>"
       },
       "description": "Azure DevOps API access for PRs, pipelines, work items, and boards"
+    },
+    "dbt": {
+      "type": "stdio",
+      "command": "uvx",
+      "args": ["dbt-mcp"],
+      "description": "dbt lineage, model discovery, codegen, and semantic layer"
     }
   }
 }

{datasecops_cli-0.5.1 → datasecops_cli-0.5.3}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "datasecops-cli"
-version = "0.5.1"
+version = "0.5.3"
 description = "DataSecOps Framework CLI for Snowflake Native App"
 readme = "README.md"
 requires-python = ">=3.10"

datasecops_cli-0.5.3/src/datasecops_cli/__init__.py

@@ -0,0 +1 @@
+__version__ = "0.5.3"

{datasecops_cli-0.5.1 → datasecops_cli-0.5.3}/src/datasecops_cli/main.py

@@ -307,66 +307,63 @@ def _run_setup(project_dir: Path):
 
         info_line("")
         info_line("Which AI tool are you configuring?")
-        tool_options = ["VS Code (Copilot)", "Cursor", "Claude Code"]
-        if shutil.which("cortex"):
-            tool_options.append("Cortex Code")
+        tool_options = ["VS Code (Copilot)", "Cursor", "Claude Code", "Cortex Code"]
         tool_options.append("Skip")
         tool_choice = select_from_list(tool_options, "tool", add_back=False)
 
         if tool_choice == "Cortex Code":
             info_line("")
             info_line("Adding MCP servers to Cortex Code...")
-            try:
-                subprocess.run(["cortex", "mcp", "add", "datasecops-framework", "--",
-                                "datasecops-mcp", "--connection-name", connection_name,
-                                "--app-database", app_database],
-                               capture_output=True, text=True)
-                success_line("Added datasecops-framework MCP server")
-            except FileNotFoundError:
-                warning_line(
-                    "cortex not found — run manually: cortex mcp add datasecops-framework "
-                    f"-- datasecops-mcp --connection-name {connection_name} --app-database {app_database}"
-                )
+            mcp_path = project_dir / ".snowflake" / "cortex" / "mcp.json"
+
+            servers = {"datasecops-framework": {
+                "type": "stdio",
+                "command": "datasecops-mcp",
+                "args": ["--connection-name", connection_name, "--app-database", app_database],
+            }}
 
             # Add AI Agent MCP server if enabled
             if ai_agent_mcp_url:
-                try:
-                    result = subprocess.run(["cortex", "mcp", "add", "datasecops-docs", ai_agent_mcp_url, "--transport", "http"],
-                                           capture_output=True, text=True)
-                    if result.returncode == 0:
-                        success_line("Added datasecops-docs MCP server (AI Agent documentation search)")
-                    else:
-                        warning_line(f"Failed to add AI Agent MCP server: {result.stderr.strip() or 'unknown error'}")
-                except Exception as agent_err:
-                    warning_line(f"Could not add AI Agent MCP server: {agent_err}")
+                snowflake_pat = get_input_string(
+                    "Enter your Snowflake PAT for datasecops-docs MCP server (or press Enter to skip): ",
+                    allow_empty=True,
+                )
+                server_entry = {
+                    "type": "http",
+                    "url": ai_agent_mcp_url,
+                }
+                if snowflake_pat:
+                    server_entry["headers"] = {"Authorization": f"Bearer {snowflake_pat}"}
+                servers["datasecops-docs"] = server_entry
 
             if platform_choice == "GitHub":
                 github_token = get_input_string("Enter your GitHub PAT (or press Enter to skip): ", allow_empty=True)
                 if github_token:
-                    try:
-                        subprocess.run(["cortex", "mcp", "add", "github",
-                                        "-e", f"GITHUB_PERSONAL_ACCESS_TOKEN={github_token}",
-                                        "--", "npx", "-y", "@modelcontextprotocol/server-github"],
-                                       capture_output=True, text=True)
-                        success_line("Added GitHub MCP server")
-                    except FileNotFoundError:
-                        warning_line("cortex not found — configure GitHub MCP server manually")
+                    servers["github"] = {
+                        "type": "stdio",
+                        "command": "npx",
+                        "args": ["-y", "@modelcontextprotocol/server-github"],
+                        "env": {"GITHUB_PERSONAL_ACCESS_TOKEN": github_token},
+                    }
             elif platform_choice == "Azure DevOps":
                 azure_org = get_input_string("Enter your Azure DevOps org URL (e.g. https://dev.azure.com/myorg): ")
                 azure_pat = get_input_string("Enter your Azure DevOps PAT (or press Enter to skip): ", allow_empty=True)
                 if azure_pat:
-                    try:
-                        subprocess.run(["cortex", "mcp", "add", "azure-devops",
-                                        "-e", f"AZURE_DEVOPS_ORG_URL={azure_org}",
-                                        "-e", "AZURE_DEVOPS_AUTH_METHOD=pat",
-                                        "-e", f"AZURE_DEVOPS_PAT={azure_pat}",
-                                        "--", "npx", "-y", "@tiberriver256/mcp-server-azure-devops"],
-                                       capture_output=True, text=True)
-                        success_line("Added Azure DevOps MCP server")
-                    except FileNotFoundError:
-                        warning_line("cortex not found — configure Azure DevOps MCP server manually")
-
-            success_line("Cortex Code MCP servers configured")
+                    servers["azure-devops"] = {
+                        "type": "stdio",
+                        "command": "npx",
+                        "args": ["-y", "@tiberriver256/mcp-server-azure-devops"],
+                        "env": {
+                            "AZURE_DEVOPS_ORG_URL": azure_org,
+                            "AZURE_DEVOPS_AUTH_METHOD": "pat",
+                            "AZURE_DEVOPS_PAT": azure_pat,
+                        },
+                    }
+
+            from datasecops_cli.utilities.file_utils import ensure_dir, write_file
+            ensure_dir(mcp_path.parent)
+            write_file(mcp_path, json.dumps({"mcpServers": servers}, indent=2))
+            success_line(f"MCP config written to {mcp_path}")
 
         elif tool_choice in ("VS Code (Copilot)", "Cursor", "Claude Code"):
             dir_map = {

{datasecops_cli-0.5.1 → datasecops_cli-0.5.3}/src/datasecops_cli/menus/configuration.py

@@ -150,9 +150,7 @@ class ConfigurationMenu:
         # Select target tool
         info_line("")
         info_line("Which AI tool are you configuring?")
-        tool_options = ["VS Code (Copilot)", "Cursor", "Claude Code"]
-        if shutil.which("cortex"):
-            tool_options.append("Cortex Code")
+        tool_options = ["VS Code (Copilot)", "Cursor", "Claude Code", "Cortex Code"]
         tool_choice = select_from_list(tool_options, "tool", add_back=False)
 
         if tool_choice == "Cortex Code":
@@ -163,60 +161,16 @@ class ConfigurationMenu:
         complete_action()
 
     def _install_mcp_cortex(self, servers: list[str], platform: str) -> None:
-        """Install MCP servers via cortex mcp add."""
-        info_line("")
-        for server in servers:
-            if server == "datasecops-framework":
-                conn = self.datasecops_config.connection_name
-                app_db = self.datasecops_config.app_database
-                try:
-                    subprocess.run(["cortex", "mcp", "add", "datasecops-framework", "--",
-                                    "datasecops-mcp", "--connection-name", conn,
-                                    "--app-database", app_db],
-                                   capture_output=True, text=True)
-                    success_line("Added datasecops-framework MCP server")
-                except FileNotFoundError:
-                    warning_line(
-                        "cortex not found — run manually: cortex mcp add datasecops-framework "
-                        f"-- datasecops-mcp --connection-name {conn} --app-database {app_db}"
-                    )
-
-            elif server == "GitHub":
-                token = get_input_string("Enter your GitHub PAT (or press Enter to skip): ", allow_empty=True)
-                if token:
-                    try:
-                        subprocess.run(["cortex", "mcp", "add", "github",
-                                        "-e", f"GITHUB_PERSONAL_ACCESS_TOKEN={token}",
-                                        "--", "npx", "-y", "@modelcontextprotocol/server-github"],
-                                       capture_output=True, text=True)
-                        success_line("Added GitHub MCP server")
-                    except FileNotFoundError:
-                        warning_line("cortex not found — configure GitHub MCP server manually")
-
-            elif server == "Azure DevOps":
-                org = get_input_string("Enter your Azure DevOps org URL (e.g. https://dev.azure.com/myorg): ")
-                pat = get_input_string("Enter your Azure DevOps PAT (or press Enter to skip): ", allow_empty=True)
-                if pat:
-                    try:
-                        subprocess.run(["cortex", "mcp", "add", "azure-devops",
-                                        "-e", f"AZURE_DEVOPS_ORG_URL={org}",
-                                        "-e", "AZURE_DEVOPS_AUTH_METHOD=pat",
-                                        "-e", f"AZURE_DEVOPS_PAT={pat}",
-                                        "--", "npx", "-y", "@tiberriver256/mcp-server-azure-devops"],
-                                       capture_output=True, text=True)
-                        success_line("Added Azure DevOps MCP server")
-                    except FileNotFoundError:
-                        warning_line("cortex not found — configure Azure DevOps MCP server manually")
-
-            elif server == "dbt":
-                try:
-                    subprocess.run(["cortex", "mcp", "add", "dbt", "--", "uvx", "dbt-mcp"],
-                                   capture_output=True, text=True)
-                    success_line("Added dbt MCP server")
-                except FileNotFoundError:
-                    warning_line("cortex not found — run manually: cortex mcp add dbt -- uvx dbt-mcp")
-
-        success_line("Cortex Code MCP servers configured")
+        """Write MCP server config to .snowflake/cortex/mcp.json for Cortex Code."""
+        from datasecops_cli.utilities.mcp import write_cortex_mcp_config
+
+        mcp_path = self.project_dir / ".snowflake" / "cortex" / "mcp.json"
+        write_cortex_mcp_config(
+            mcp_path=mcp_path,
+            servers=servers,
+            connection_name=self.datasecops_config.connection_name,
+            app_database=self.datasecops_config.app_database,
+        )
 
     def _install_mcp_json(self, servers: list[str], platform: str, tool: str) -> None:
         """Write MCP server config as mcp.json for VS Code, Cursor, or Claude Code."""

{datasecops_cli-0.5.1 → datasecops_cli-0.5.3}/src/datasecops_cli/menus/development.py

@@ -164,9 +164,30 @@ class DevelopmentMenu:
             info_line("No .sqlfluff config found — downloading from framework...")
             if not self.downloads.download_sqlfluff_config(profiles_dir=self.profiles_dir, dbt_project_dir=self.linting.project_dir):
                 return False
-        # Fetch pinned versions from the native app and ensure they're installed
-        required = self.downloads.get_sqlfluff_requirements() if self.downloads else None
-        return self.linting.ensure_templater_installed(required_packages=required or None)
+        # Fetch pinned versions from the native app (sqlfluff + dbt) and ensure they're installed
+        required = []
+        if self.downloads:
+            sqlfluff_pkgs = self.downloads.get_sqlfluff_requirements() or []
+            dbt_pkgs = self.downloads.get_dbt_requirements() or []
+            required = sqlfluff_pkgs + dbt_pkgs
+        if not self.linting.ensure_templater_installed(required_packages=required or None):
+            return False
+        # Ensure dbt project packages are installed (required by sqlfluff dbt templater)
+        self._ensure_dbt_packages()
+        return True
+
+    def _ensure_dbt_packages(self) -> None:
+        """Ensure dbt packages are installed for the sqlfluff dbt templater."""
+        packages_dir = self.linting.project_dir / "dbt_packages"
+        if packages_dir.exists() and any(packages_dir.iterdir()):
+            return
+
+        packages_yml = self.linting.project_dir / "packages.yml"
+        if not packages_yml.exists():
+            return
+
+        info_line("Installing dbt packages (required for linting)...")
+        self.dbt.deps()
     
     def _lint_menu(self) -> None:
         clear()

{datasecops_cli-0.5.1 → datasecops_cli-0.5.3}/src/datasecops_cli/menus/downloads.py

@@ -134,9 +134,7 @@ class DownloadsMenu:
         # Select target tool
         info_line("")
         info_line("Which AI tool are you configuring?")
-        tool_options = ["VS Code (Copilot)", "Cursor", "Claude Code"]
-        if shutil.which("cortex"):
-            tool_options.append("Cortex Code")
+        tool_options = ["VS Code (Copilot)", "Cursor", "Claude Code", "Cortex Code"]
         tool_choice = select_from_list(tool_options, "tool", add_back=False)
 
         if tool_choice == "Cortex Code":
@@ -147,60 +145,16 @@ class DownloadsMenu:
         complete_action()
 
     def _install_mcp_cortex(self, servers: list[str], platform: str) -> None:
-        """Install MCP servers via cortex mcp add."""
-        info_line("")
-        for server in servers:
-            if server == "datasecops-framework":
-                conn = self.datasecops_config.connection_name
-                app_db = self.datasecops_config.app_database
-                try:
-                    subprocess.run(["cortex", "mcp", "add", "datasecops-framework", "--",
-                                    "datasecops-mcp", "--connection-name", conn,
-                                    "--app-database", app_db],
-                                   capture_output=True, text=True)
-                    success_line("Added datasecops-framework MCP server")
-                except FileNotFoundError:
-                    warning_line(
-                        "cortex not found — run manually: cortex mcp add datasecops-framework "
-                        f"-- datasecops-mcp --connection-name {conn} --app-database {app_db}"
-                    )
-
-            elif server == "GitHub":
-                token = get_input_string("Enter your GitHub PAT (or press Enter to skip): ", allow_empty=True)
-                if token:
-                    try:
-                        subprocess.run(["cortex", "mcp", "add", "github",
-                                        "-e", f"GITHUB_PERSONAL_ACCESS_TOKEN={token}",
-                                        "--", "npx", "-y", "@modelcontextprotocol/server-github"],
-                                       capture_output=True, text=True)
-                        success_line("Added GitHub MCP server")
-                    except FileNotFoundError:
-                        warning_line("cortex not found — configure GitHub MCP server manually")
-
-            elif server == "Azure DevOps":
-                org = get_input_string("Enter your Azure DevOps org URL (e.g. https://dev.azure.com/myorg): ")
-                pat = get_input_string("Enter your Azure DevOps PAT (or press Enter to skip): ", allow_empty=True)
-                if pat:
-                    try:
-                        subprocess.run(["cortex", "mcp", "add", "azure-devops",
-                                        "-e", f"AZURE_DEVOPS_ORG_URL={org}",
-                                        "-e", "AZURE_DEVOPS_AUTH_METHOD=pat",
-                                        "-e", f"AZURE_DEVOPS_PAT={pat}",
-                                        "--", "npx", "-y", "@tiberriver256/mcp-server-azure-devops"],
-                                       capture_output=True, text=True)
-                        success_line("Added Azure DevOps MCP server")
-                    except FileNotFoundError:
-                        warning_line("cortex not found — configure Azure DevOps MCP server manually")
-
-            elif server == "dbt":
-                try:
-                    subprocess.run(["cortex", "mcp", "add", "dbt", "--", "uvx", "dbt-mcp"],
-                                   capture_output=True, text=True)
-                    success_line("Added dbt MCP server")
-                except FileNotFoundError:
-                    warning_line("cortex not found — run manually: cortex mcp add dbt -- uvx dbt-mcp")
-
-        success_line("Cortex Code MCP servers configured")
+        """Write MCP server config to .snowflake/cortex/mcp.json for Cortex Code."""
+        from datasecops_cli.utilities.mcp import write_cortex_mcp_config
+
+        mcp_path = Path.cwd() / ".snowflake" / "cortex" / "mcp.json"
+        write_cortex_mcp_config(
+            mcp_path=mcp_path,
+            servers=servers,
+            connection_name=self.datasecops_config.connection_name,
+            app_database=self.datasecops_config.app_database,
+        )
 
     def _install_mcp_json(self, servers: list[str], platform: str, tool: str) -> None:
         """Write MCP server config as mcp.json for VS Code, Cursor, or Claude Code."""

{datasecops_cli-0.5.1 → datasecops_cli-0.5.3}/src/datasecops_cli/services/linting_service.py

@@ -82,7 +82,7 @@ class LintingService:
             return self.install_requirements(to_install)
 
         # No pinned versions — just ensure sqlfluff packages are present
-        missing = [pkg for pkg in ["sqlfluff", "sqlfluff-templater-dbt"] if not installed.get(pkg)]
+        missing = [pkg for pkg in ["sqlfluff", "sqlfluff-templater-dbt", "dbt-snowflake"] if not installed.get(pkg)]
         if not missing:
             return True
         warning_line(f"Missing packages: {', '.join(missing)}")
@@ -99,6 +99,9 @@ class LintingService:
         config_path = self.project_dir / ".sqlfluff"
         if config_path.exists():
             cmd += ["--config", str(config_path)]
+
+        # Ensure .sqlfluffignore is created with defaults if it doesn't exist
+        self._ensure_sqlfluffignore()
         
         info_line(f"Running: sqlfluff {action}")
         result = subprocess.run(cmd, capture_output=False, cwd=str(self.project_dir))
@@ -109,6 +112,31 @@ class LintingService:
         else:
             error_line(f"SQLFluff {action} failed with exit code {result.returncode}")
         return result
+
+    def _ensure_sqlfluffignore(self) -> None:
+        """Create a default .sqlfluffignore if one doesn't exist."""
+        ignore_path = self.project_dir / ".sqlfluffignore"
+        if ignore_path.exists():
+            return
+        default_content = "\n".join([
+            "# Directories to exclude from linting",
+            "target/",
+            "dbt_packages/",
+            "dbt_modules/",
+            "logs/",
+            "macros/",
+            "",
+            "# Ignore cortex agents and semantic views - spec is part of the body",
+            "models/cortex/agents",
+            "models/cortex/semantic_views",
+            "",
+            "# Ignore config-only object directories",
+            "objects/stages/config/",
+            "objects/file_formats/config/",
+            "",
+        ])
+        ignore_path.write_text(default_content, encoding="utf-8")
+        info_line(f"Created default .sqlfluffignore at {ignore_path}")
     
     def lint_modified(self, fix: bool = False, changed_files: list[str] = None) -> None:
         if not changed_files:

datasecops_cli-0.5.3/src/datasecops_cli/utilities/mcp.py

@@ -0,0 +1,74 @@
+"""MCP server configuration utilities."""
+
+import json
+from pathlib import Path
+
+from datasecops_cli.utilities.display import get_input_string, success_line
+from datasecops_cli.utilities.file_utils import ensure_dir, write_file
+
+
+def build_cortex_mcp_servers(
+    servers: list[str],
+    connection_name: str,
+    app_database: str,
+) -> dict:
+    """Build an MCP server config dict for selected servers, prompting for credentials.
+
+    Returns a dict suitable for {"mcpServers": ...} JSON output.
+    """
+    server_config = {}
+
+    for server in servers:
+        if server == "datasecops-framework":
+            server_config["datasecops-framework"] = {
+                "type": "stdio",
+                "command": "datasecops-mcp",
+                "args": ["--connection-name", connection_name, "--app-database", app_database],
+            }
+
+        elif server == "GitHub":
+            token = get_input_string("Enter your GitHub PAT (or press Enter to skip): ", allow_empty=True)
+            if token:
+                server_config["github"] = {
+                    "type": "stdio",
+                    "command": "npx",
+                    "args": ["-y", "@modelcontextprotocol/server-github"],
+                    "env": {"GITHUB_PERSONAL_ACCESS_TOKEN": token},
+                }
+
+        elif server == "Azure DevOps":
+            org = get_input_string("Enter your Azure DevOps org URL (e.g. https://dev.azure.com/myorg): ")
+            pat = get_input_string("Enter your Azure DevOps PAT (or press Enter to skip): ", allow_empty=True)
+            if pat:
+                server_config["azure-devops"] = {
+                    "type": "stdio",
+                    "command": "npx",
+                    "args": ["-y", "@tiberriver256/mcp-server-azure-devops"],
+                    "env": {
+                        "AZURE_DEVOPS_ORG_URL": org,
+                        "AZURE_DEVOPS_AUTH_METHOD": "pat",
+                        "AZURE_DEVOPS_PAT": pat,
+                    },
+                }
+
+        elif server == "dbt":
+            server_config["dbt"] = {
+                "type": "stdio",
+                "command": "uvx",
+                "args": ["dbt-mcp"],
+            }
+
+    return server_config
+
+
+def write_cortex_mcp_config(
+    mcp_path: Path,
+    servers: list[str],
+    connection_name: str,
+    app_database: str,
+) -> None:
+    """Build and write .snowflake/cortex/mcp.json for Cortex Code."""
+    server_config = build_cortex_mcp_servers(servers, connection_name, app_database)
+    ensure_dir(mcp_path.parent)
+    write_file(mcp_path, json.dumps({"mcpServers": server_config}, indent=2))
+    success_line(f"MCP config written to {mcp_path}")

{datasecops_cli-0.5.1 → datasecops_cli-0.5.3}/src/datasecops_mcp/connection.py

@@ -79,6 +79,8 @@ class MCPSnowflakeService:
         "get_source_definitions",
         "get_access_groups",
         "get_support_contacts",
+        "get_sqlfluff_config_file",
+        "get_documentation",
     })
 
     def _call_procedure(self, proc_name: str, *args) -> Any:
@@ -118,6 +120,12 @@ class MCPSnowflakeService:
     def get_support_contacts(self) -> list:
         return self._call_procedure("get_support_contacts") or []
 
+    def get_sqlfluff_config_file(self) -> str:
+        return self._call_procedure("get_sqlfluff_config_file") or ""
+
+    def get_documentation(self) -> list:
+        return self._call_procedure("get_documentation") or []
+
     def close(self):
         if self._conn:
             self._conn.close()

{datasecops_cli-0.5.1 → datasecops_cli-0.5.3}/src/datasecops_mcp/server.py

@@ -8,7 +8,7 @@ dbt packages, project profiles, and deployment settings in real-time.
 import json
 import logging
 
-from mcp.server.fastmcp import FastMCP
+from mcp.server.fastmcp import Context, FastMCP
 
 from datasecops_mcp.connection import get_snowflake_service
 from datasecops_cli.models.project_config import DEFAULT_BRANCH_FORMAT
@@ -311,6 +311,36 @@ def get_support_contacts() -> str:
     return json.dumps(raw, indent=2)
 
 
+@mcp.tool()
+def get_sqlfluff_config() -> str:
+    """Get the rendered SQLFluff configuration file (.sqlfluff INI format).
+
+    Returns the fully rendered .sqlfluff config file content as an INI string.
+    This is the actual config that should be written to the project's .sqlfluff file.
+    Use this when you need the exact linting configuration for the project.
+    """
+    sf = get_snowflake_service()
+    raw = sf.get_sqlfluff_config_file()
+    if not raw:
+        return "No rendered SQLFluff config found in native app"
+    return raw
+
+
+@mcp.tool()
+def get_documentation() -> str:
+    """Get all documentation topics from the framework.
+
+    Returns documentation topics with their content, covering areas like
+    model development, object development, data governance, and deployment.
+    Use this to understand framework conventions and best practices.
+    """
+    sf = get_snowflake_service()
+    raw = sf.get_documentation()
+    if not raw:
+        return "No documentation found in native app"
+    return json.dumps(raw, indent=2)
+
+
 # --- Git / Source Control Tools ---
 
 
@@ -399,7 +429,7 @@ def get_deployment_workflow() -> str:
 
 
 @mcp.tool()
-def lint_sql(file_path: str) -> str:
+async def lint_sql(file_path: str, ctx: Context) -> str:
     """Lint a SQL file using SQLFluff with the project's configured rules.
 
     Args:
@@ -408,10 +438,15 @@ def lint_sql(file_path: str) -> str:
     Returns the linting results including rule violations, line numbers,
     and descriptions. Uses the project's .sqlfluff config from the framework.
     """
+    import asyncio
     import subprocess
     from pathlib import Path
 
+    await ctx.report_progress(0, 3)
+    await ctx.info(f"Finding dbt project for: {file_path}")
     project_dir = _find_project_dir()
+    _ensure_dbt_packages(project_dir)
+
     target = Path(file_path)
     if not target.is_absolute():
         target = project_dir / target
@@ -419,12 +454,20 @@ def lint_sql(file_path: str) -> str:
     if not target.exists():
         return json.dumps({"error": f"File not found: {target}"})
 
+    await ctx.report_progress(1, 3)
+    await ctx.info(f"Running SQLFluff lint on {target.name}...")
+
     cmd = ["sqlfluff", "lint", str(target), "--format", "json"]
     config_path = project_dir / ".sqlfluff"
     if config_path.exists():
         cmd += ["--config", str(config_path)]
 
-    result = subprocess.run(cmd, capture_output=True, text=True, cwd=str(project_dir))
+    result = await asyncio.to_thread(
+        subprocess.run, cmd, capture_output=True, text=True, cwd=str(project_dir)
+    )
+
+    await ctx.report_progress(2, 3)
+    await ctx.info("Processing lint results...")
 
     # SQLFluff returns exit code 1 when violations are found (not an error)
     if result.returncode > 1:
@@ -433,14 +476,17 @@ def lint_sql(file_path: str) -> str:
     if result.stdout.strip():
         try:
             violations = json.loads(result.stdout)
+            await ctx.report_progress(3, 3)
             return json.dumps(violations, indent=2)
         except json.JSONDecodeError:
+            await ctx.report_progress(3, 3)
             return result.stdout
+    await ctx.report_progress(3, 3)
     return json.dumps({"status": "clean", "message": "No linting issues found"})
 
 
 @mcp.tool()
-def fix_sql(file_path: str) -> str:
+async def fix_sql(file_path: str, ctx: Context) -> str:
     """Auto-fix linting issues in a SQL file using SQLFluff.
 
     Args:
@@ -449,10 +495,15 @@ def fix_sql(file_path: str) -> str:
     Applies automatic fixes using the project's .sqlfluff config.
     Returns the fix results and what was changed.
     """
+    import asyncio
     import subprocess
     from pathlib import Path
 
+    await ctx.report_progress(0, 3)
+    await ctx.info(f"Finding dbt project for: {file_path}")
     project_dir = _find_project_dir()
+    _ensure_dbt_packages(project_dir)
+
     target = Path(file_path)
     if not target.is_absolute():
         target = project_dir / target
@@ -460,12 +511,20 @@ def fix_sql(file_path: str) -> str:
     if not target.exists():
         return json.dumps({"error": f"File not found: {target}"})
 
+    await ctx.report_progress(1, 3)
+    await ctx.info(f"Running SQLFluff fix on {target.name}...")
+
     cmd = ["sqlfluff", "fix", str(target), "--force", "--format", "json"]
     config_path = project_dir / ".sqlfluff"
     if config_path.exists():
         cmd += ["--config", str(config_path)]
 
-    result = subprocess.run(cmd, capture_output=True, text=True, cwd=str(project_dir))
+    result = await asyncio.to_thread(
+        subprocess.run, cmd, capture_output=True, text=True, cwd=str(project_dir)
+    )
+
+    await ctx.report_progress(2, 3)
+    await ctx.info("Processing fix results...")
 
     if result.returncode > 1:
         return json.dumps({"error": f"SQLFluff fix failed: {result.stderr.strip()}"})
@@ -473,14 +532,17 @@ def fix_sql(file_path: str) -> str:
     if result.stdout.strip():
         try:
             fix_results = json.loads(result.stdout)
+            await ctx.report_progress(3, 3)
             return json.dumps(fix_results, indent=2)
         except json.JSONDecodeError:
+            await ctx.report_progress(3, 3)
             return result.stdout
+    await ctx.report_progress(3, 3)
     return json.dumps({"status": "fixed", "message": f"Fixes applied to {target.name}"})
 
 
 @mcp.tool()
-def lint_project(fix: bool = False) -> str:
+async def lint_project(fix: bool, ctx: Context) -> str:
     """Lint all SQL models in the dbt project.
 
     Args:
@@ -489,15 +551,23 @@ def lint_project(fix: bool = False) -> str:
     Lints the models/ directory using the project's .sqlfluff config.
     Returns a summary of violations or fixes applied.
     """
+    import asyncio
     import subprocess
     from pathlib import Path
 
+    action = "fix" if fix else "lint"
+
+    await ctx.report_progress(0, 3)
+    await ctx.info("Finding dbt project...")
     project_dir = _find_project_dir()
+    _ensure_dbt_packages(project_dir)
     models_dir = project_dir / "models"
     if not models_dir.exists():
         return json.dumps({"error": f"No models directory found at {models_dir}"})
 
-    action = "fix" if fix else "lint"
+    await ctx.report_progress(1, 3)
+    await ctx.info(f"Running SQLFluff {action} on models/...")
+
     cmd = ["sqlfluff", action, str(models_dir), "--format", "json"]
     if fix:
         cmd.append("--force")
@@ -506,7 +576,12 @@ def lint_project(fix: bool = False) -> str:
     if config_path.exists():
         cmd += ["--config", str(config_path)]
 
-    result = subprocess.run(cmd, capture_output=True, text=True, cwd=str(project_dir))
+    result = await asyncio.to_thread(
+        subprocess.run, cmd, capture_output=True, text=True, cwd=str(project_dir)
+    )
+
+    await ctx.report_progress(2, 3)
+    await ctx.info("Processing results...")
 
     if result.returncode > 1:
         return json.dumps({"error": f"SQLFluff {action} failed: {result.stderr.strip()}"})
@@ -527,10 +602,14 @@ def lint_project(fix: bool = False) -> str:
                     "truncated": True,
                     "message": f"Showing first 5 of {len(output)} files",
                 }
+                await ctx.report_progress(3, 3)
                 return json.dumps(summary, indent=2)
+            await ctx.report_progress(3, 3)
             return json.dumps(output, indent=2)
         except json.JSONDecodeError:
+            await ctx.report_progress(3, 3)
             return result.stdout
+    await ctx.report_progress(3, 3)
     return json.dumps({"status": "clean", "action": action, "message": "No issues found"})
 
 
@@ -546,6 +625,48 @@ def _find_project_dir() -> "Path":
     return cwd
 
 
+def _ensure_dbt_packages(project_dir: "Path") -> None:
+    """Ensure dbt-snowflake and dbt packages are available for sqlfluff dbt templater.
+
+    Skips expensive dbt deps if packages are already present, but always
+    ensures the dbt-snowflake Python package is importable.
+    """
+    import subprocess
+    from pathlib import Path
+
+    # Always ensure dbt-snowflake Python package is available (required by sqlfluff-templater-dbt)
+    try:
+        import dbt.adapters.snowflake  # noqa: F401
+    except ImportError:
+        subprocess.run(
+            ["uv", "pip", "install", "dbt-snowflake"],
+            capture_output=True, text=True,
+        )
+
+    # Ensure dbt project packages are installed (refs to macros in packages)
+    packages_dir = project_dir / "dbt_packages"
+    if packages_dir.exists() and any(packages_dir.iterdir()):
+        return  # Already installed
+
+    # Also check legacy dbt_modules directory
+    modules_dir = project_dir / "dbt_modules"
+    if modules_dir.exists() and any(modules_dir.iterdir()):
+        return
+
+    # Check if packages.yml exists before running deps
+    packages_yml = project_dir / "packages.yml"
+    if not packages_yml.exists():
+        return  # No packages to install
+
+    # Packages are missing — run dbt deps to install them
+    import shutil
+
+    for cmd in [["dbtf", "deps"], ["dbt", "deps"]]:
+        if shutil.which(cmd[0]):
+            subprocess.run(cmd, capture_output=True, text=True, cwd=str(project_dir))
+            return
+
+
 def main():
     """Run the MCP server via stdio transport."""
     import argparse

datasecops_cli-0.5.1/src/datasecops_cli/__init__.py

@@ -1 +0,0 @@
-__version__ = "0.5.1"