SYSTEM Cited by 1 source
Pinterest Presto MCP Server¶
Definition¶
Pinterest Presto MCP Server is the highest-traffic MCP server in Pinterest's internal MCP ecosystem, exposing Presto query capabilities as agent-callable tools (Source: sources/2026-03-19-pinterest-building-an-mcp-ecosystem-at-pinterest).
Why it exists¶
"Presto tools let agents (including AI-enabled IDEs) pull Presto-backed data on demand so agents can bring data directly into their workflows instead of context-switching into dashboards."
The operational pain point it solves is the dashboard detour — previously, an agent answering a data question had to direct the user to a Querybook / dashboard and let the user run SQL themselves. With Presto MCP, the agent can run Presto queries directly as tool calls, keeping the reasoning loop inside the agent session.
Business-group-based access gating¶
Because Presto MCP queries can "execute queries against sensitive internal data systems", Pinterest applies business-group-based access gating on top of the standard JWT + mesh-identity auth:
"even though the Presto MCP server is technically reachable from broad surfaces like our LLM web chat interface, only a specific set of approved business groups (for example, Ads, Finance, or specific infra teams) can establish a session and run the higher-privilege tools."
Mechanism:
- User's JWT contains business-group membership claim.
- Server-side policy validates membership against the approved-groups allowlist at session establishment, not per-request.
- Users outside approved groups can see the Presto MCP server exists (if the registry exposes it to them) but cannot establish a session.
- Capability subsetting — some tools on the server may be enabled only for users whose roles require data access; others (e.g. schema browsing) may be broader.
The effect: "Turning on a powerful, data-heavy MCP server in a popular surface therefore doesn't silently expand who can see sensitive data."
Seen in¶
- sources/2026-03-19-pinterest-building-an-mcp-ecosystem-at-pinterest — canonical wiki instance. Named as the highest-traffic MCP server at Pinterest.
Related¶
- systems/presto — underlying query engine.
- systems/model-context-protocol — the protocol.
- systems/pinterest-mcp-registry — the registry this server lists in.
- concepts/business-group-authorization-gating — canonical wiki instance.
- patterns/hosted-mcp-ecosystem — umbrella pattern.
- patterns/per-tool-authorization-decorator — the fine-grained tool auth mechanism.
- patterns/layered-jwt-plus-mesh-auth — the auth layering.
- companies/pinterest.