Skip to content
mcp-data-platform composable mcp data platform
v1.x ·· UTC part of txn2 ↗

API Stability

The module is published as github.com/txn2/mcp-data-platform at major version 1 with no /vN suffix. In Go semantics that promises compatibility across everything importable. This page narrows that promise to a surface the project can actually keep, and states the policy for everything outside it.

Supported import surface

These packages are the intended integration points for building a custom server on top of the platform. Breaking changes to their exported identifiers are made only in a major release.

Package What you import it for
pkg/platform The facade: construct, configure, and run the platform (options and lifecycle)
pkg/toolkit Shared types every toolkit implements
pkg/registry Register and manage toolkits
pkg/semantic Semantic provider interface (swap the semantic layer)
pkg/query Query execution provider interface (swap the query engine)
pkg/middleware Request/response middleware contracts
pkg/toolkits/* The toolkit adapters' exported config types (Trino, DataHub, S3, and the others)

Everything else under pkg/

Other exported packages under pkg/ are importable and you may build against them, but they are implementation packages rather than a committed integration surface. Their exported API may change in a minor release. When it does, the change is called out in the release notes for that version, the same way a breaking configuration change is (see below).

If you depend on one of these packages and want it promoted to the supported surface, open an issue describing the use case. Pinning a specific version in your go.mod is the reliable way to insulate a build from these changes.

Facade-internal packages are not importable

The facade's private implementation seams (middleware assembly, field encryption, the IAM resolver, session synchronization, the prompt and memory layers, and similar) live under internal/platform/. Go's internal/ rule makes them unimportable from outside this module. They were never a supported integration surface; the location now enforces that so their evolution cannot break an external build.

Configuration-file compatibility

Configuration keys follow a separate, more conservative policy because a running deployment depends on its config file across upgrades. Config changes are handled as follows:

  • Additive changes (new optional keys, new default-on behavior behind a *bool) ship in minor releases and require no action.
  • Breaking renames or removals are called out in the release notes for the version that introduces them, with an admonition describing the old key, the new key, and the runtime effect of upgrading without changing the file.

Precedent

workflow.require_search replaced the former workflow.require_discovery_before_query as a hard, non-aliased rename, and the release notes documented the behavior change (a deployment that never configured workflow gating begins refusing trino_query/trino_execute until search is called once per session). That is the pattern every breaking configuration change follows.

Setting config.strict: true turns an unknown or stale key into a hard startup error instead of a silent no-op, which surfaces a rename you have not yet accounted for at the earliest possible point.