# ckan-mcp-server

> MCP server for querying CKAN open data portals (package search, DataStore SQL, organizations, groups, tags)

- **URL**: https://www.freshcrate.ai/projects/ckan-mcp-server
- **Author**: ondata
- **Category**: MCP Servers
- **Latest version**: `v0.4.106` (2026-05-31)
- **License**: MIT
- **Source**: https://github.com/ondata/ckan-mcp-server
- **Homepage**: https://ondata.github.io/ckan-mcp-server/
- **Language**: TypeScript
- **GitHub**: 40 stars, 8 forks
- **Registry**: github
- **Tags**: `ai-tools`, `api-client`, `civic-tech`, `ckan`, `ckan-api`, `claude`, `cloudflare-workers`, `data-discovery`, `model-context-protocol`, `typescript`

## Description

MCP server for querying CKAN open data portals (package search, DataStore SQL, organizations, groups, tags)

## Recent releases

| Version | Date | Urgency | Changes |
| --- | --- | --- | --- |
| `v0.4.106` | 2026-05-31 | High | ## Security Fix  ### GHSA-g84h-j7jj-x32p — SSRF bypass via `ip6-localhost`/`ip6-loopback`  Hostname aliases such as `ip6-localhost` and `ip6-loopback` — present in `/etc/hosts` on many Linux systems mapping to `::1` — bypassed the existing SSRF filter (GHSA-3xm7-qw7j-qc8v). The filter checked for `localhost`, dotted IPv4 literals, and bracketed IPv6 literals, but not these string aliases.  **Fix**: replaced the single `hostname === 'localhost'` check with a blocked-hostname `Set` covering `ip6-l |
| `v0.4.105` | 2026-05-25 | High | ## What's New  ### Bug Fix: `ckan_find_relevant_datasets` on federated CKAN catalogs  Thanks to [@piersoft](https://github.com/piersoft) for identifying and fixing this bug (PR [#34](https://github.com/ondata/ckan-mcp-server/pull/34)).  On federated portals like `dati.gov.it`, `organization` is the harvesting catalog (e.g. Regione Puglia), not the actual data owner. Queries like "datasets from Comune di Lecce" previously scored 0 on the owner field for datasets harvested via aggregator catalogs. |
| `v0.4.104` | 2026-05-20 | High | ## What's New  ### Source Portal DataStore Fallback - `ckan_list_resources` now probes the source CKAN portal when a resource has `datastore_active=false` and its download URL belongs to a different CKAN instance (harvested dataset pattern) - New output fields: `source_datastore_active`, `source_portal_url` - New parameter: `check_source_portal` (default `true`) to skip extra HTTP calls - New utility: `extractSourcePortal()` in `url-generator.ts`  ### LLM Error Hints - New `CkanApiError` class i |
| `v0.4.103` | 2026-04-22 | High | ## What's New  ### Security Hardening (CERT-AgID MCP recommendations)  - **Domain allowlist**: optional `CKAN_ALLOWED_DOMAINS` env var to restrict which CKAN portals can be reached. Set to a comma-separated list of hostnames (e.g. `CKAN_ALLOWED_DOMAINS=dati.gov.it,demo.ckan.org`). Default: no restriction. - **Audit logging**: every `makeCkanRequest` call now writes a JSON line to stderr in Node modes (stdio + http). Fields: `ts`, `server`, `action`, `cache_hit`, plus relevant query params (`q`, |
| `v0.4.102` | 2026-04-14 | High | ## What's New  - `cache_hit: true/false` field added to every worker telemetry log entry - Log is now written **after** the response so the flag reflects the actual cache outcome - Enables cache hit rate analysis in `worker_events_flat.jsonl`  ### No Breaking Changes - Log format is additive (new field only)  **Full Changelog**: https://github.com/ondata/ckan-mcp-server/compare/v0.4.101...v0.4.102 |
| `v0.4.101` | 2026-04-14 | Medium | ## What's New  ### Features - Per-portal upstream rate limiter in `makeCkanRequest` via new `src/utils/rate-limiter.ts` - Token bucket algorithm: one independent bucket per CKAN portal hostname - Cache hits bypass the limiter entirely — no token consumed if response is cached - `RateLimitError` thrown when required wait exceeds `CKAN_RATE_LIMIT_MAX_WAIT_MS`  ### Configuration \| Env var \| Default \| Notes \| \|---\|---\|---\| \| `CKAN_RATE_LIMIT_ENABLED` \| `true` \| Set `false` to disable \| \| `CKAN_RATE_ |
| `v0.4.100` | 2026-04-14 | Medium | ## What's New  ### Features - Read-through HTTP cache in `makeCkanRequest` with action-based TTL (metadata 300s, datastore 60s, status 3600s) - Runtime-aware backend: Cloudflare Cache API on Workers, bounded in-memory LRU on Node - Configurable via env vars: `CKAN_CACHE_ENABLED`, `CKAN_CACHE_TTL_DEFAULT`, `CKAN_CACHE_MAX_ENTRIES`, `CKAN_CACHE_MAX_ENTRY_BYTES` - Per-call bypass via `makeCkanRequest(..., { cache: false })`  ### Safety - Errors and `success=false` responses are never cached - Paylo |
| `v0.4.99` | 2026-04-09 | High | ## What's New  ### Bug Fix - `resolveSearchQuery` no longer wraps `*:*` and fielded queries (e.g. `title:X`) in `text:(...)` when auto-detected parser override is "text" - Previously, `escapeSolrQuery` turned `*:*` into `\*\:\*`, causing 0 results on portals like dati.comune.messina.it with Sitelock anti-bot  ### No Breaking Changes - All existing functionality preserved  **Full Changelog**: https://github.com/ondata/ckan-mcp-server/compare/v0.4.98...v0.4.99 |
| `v0.4.98` | 2026-04-05 | High | ## What's New  ### Bug Fix - **`ckan_package_search`**: quoted phrases like `"aree protette"` or `"rischio idrogeologico"` now work correctly when combined with `fq` filters - Root cause: `escapeSolrQuery` was escaping `"` to `\"`, breaking phrase queries inside `text:(...)` wrapping used on dati.gov.it  ### No Breaking Changes - All existing functionality preserved - 327 tests passing  **Full Changelog**: https://github.com/ondata/ckan-mcp-server/compare/v0.4.97...v0.4.98 |
| `v0.4.97` | 2026-04-03 | Medium | ## What's New  ### Improvements - Added `.describe()` to all parameters in `ckan_group_list`, `ckan_group_show`, `ckan_group_search` - Added `.describe()` to all parameters in `ckan_tag_list` - Improved `ckan_package_show` parameter descriptions (server_url example URL, id UUID/slug hint)  ### Why Better parameter descriptions improve usability in Cloudflare Code Mode, where tool schemas are converted to TypeScript API definitions with JSDoc comments. Each `.describe()` becomes a parameter-level |

## Dependency audit

- **Score**: 100/100
- **Total deps**: 14
- **Resolved**: 14
- **Unresolved**: 0
- **License conflicts**: 0
- **Warnings**: 0
- **Scanned**: 2026-06-01

## Citation

- HTML: https://www.freshcrate.ai/projects/ckan-mcp-server
- Markdown: https://www.freshcrate.ai/projects/ckan-mcp-server.md
- Dependencies JSON: https://www.freshcrate.ai/api/projects/ckan-mcp-server/deps

_Generated by freshcrate.ai. Indexes github releases for AI-agent ecosystem packages._