# Pitfall Log

Project: sdebruyn/fabric-dw-mcp-cli

Summary: Found 34 structured pitfall item(s), including 5 high/blocking item(s). Top priority: Security or permission risk - Security or permission risk requires verification.

## 1. Security or permission risk - Security or permission risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Developers should check this security_permissions risk before relying on the project: Track: measure execute_sql overuse after the MCP instructions block (needs telemetry)
- User impact: Developers may expose sensitive permissions or credentials: Track: measure execute_sql overuse after the MCP instructions block (needs telemetry)
- Evidence: failure_mode_cluster:github_issue | https://github.com/sdebruyn/fabric-dw-mcp-cli/issues/985

## 2. Security or permission risk - Security or permission risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Developers should check this security_permissions risk before relying on the project: feat(mcp): add server instructions and steer execute_sql toward dedicated tools
- User impact: Developers may expose sensitive permissions or credentials: feat(mcp): add server instructions and steer execute_sql toward dedicated tools
- Evidence: failure_mode_cluster:github_issue | https://github.com/sdebruyn/fabric-dw-mcp-cli/issues/984

## 3. Security or permission risk - Security or permission risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Developers should check this security_permissions risk before relying on the project: feat(mcp): name the remaining tool domains in the server instructions
- User impact: Developers may expose sensitive permissions or credentials: feat(mcp): name the remaining tool domains in the server instructions
- Evidence: failure_mode_cluster:github_issue | https://github.com/sdebruyn/fabric-dw-mcp-cli/issues/992

## 4. Security or permission risk - Security or permission risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Developers should check this security_permissions risk before relying on the project: fix(cli): leading optional ITEM positional swallows the first required argument
- User impact: Developers may expose sensitive permissions or credentials: fix(cli): leading optional ITEM positional swallows the first required argument
- Evidence: failure_mode_cluster:github_issue | https://github.com/sdebruyn/fabric-dw-mcp-cli/issues/981

## 5. Security or permission risk - Security or permission risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/sdebruyn/fabric-dw-mcp-cli/issues/892

## 6. Identity risk - Identity risk requires verification

- Severity: medium
- Evidence strength: runtime_trace
- Finding: Project evidence flags a identity risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Repro command: `pip install fabric-dw`
- Evidence: identity.distribution | https://github.com/sdebruyn/fabric-dw-mcp-cli

## 7. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: fix(ci): replace uv sync --frozen with --locked in remaining workflows
- User impact: Developers may fail before the first successful local run: fix(ci): replace uv sync --frozen with --locked in remaining workflows
- Evidence: failure_mode_cluster:github_issue | https://github.com/sdebruyn/fabric-dw-mcp-cli/issues/990

## 8. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: fix(ci): uv.lock is out of sync with pyproject.toml, and nothing detects it
- User impact: Developers may fail before the first successful local run: fix(ci): uv.lock is out of sync with pyproject.toml, and nothing detects it
- Evidence: failure_mode_cluster:github_issue | https://github.com/sdebruyn/fabric-dw-mcp-cli/issues/988

## 9. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: fix(deps): cap httpx below 2.0 so the pre-release build is installable
- User impact: Developers may fail before the first successful local run: fix(deps): cap httpx below 2.0 so the pre-release build is installable
- Evidence: failure_mode_cluster:github_issue | https://github.com/sdebruyn/fabric-dw-mcp-cli/issues/995

## 10. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: test(integration): add an end-to-end journey smoke test exercising config defaults
- User impact: Developers may fail before the first successful local run: test(integration): add an end-to-end journey smoke test exercising config defaults
- Evidence: failure_mode_cluster:github_issue | https://github.com/sdebruyn/fabric-dw-mcp-cli/issues/982

## 11. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: v2026.7.0
- User impact: Upgrade or migration may change expected behavior: v2026.7.0
- Evidence: failure_mode_cluster:github_release | https://github.com/sdebruyn/fabric-dw-mcp-cli/releases/tag/v2026.7.0

## 12. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: v2026.7.1
- User impact: Upgrade or migration may change expected behavior: v2026.7.1
- Evidence: failure_mode_cluster:github_release | https://github.com/sdebruyn/fabric-dw-mcp-cli/releases/tag/v2026.7.1

## 13. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: v2026.7.1rc1
- User impact: Upgrade or migration may change expected behavior: v2026.7.1rc1
- Evidence: failure_mode_cluster:github_release | https://github.com/sdebruyn/fabric-dw-mcp-cli/releases/tag/v2026.7.1rc1

## 14. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/sdebruyn/fabric-dw-mcp-cli/issues/988

## 15. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/sdebruyn/fabric-dw-mcp-cli/issues/995

## 16. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/sdebruyn/fabric-dw-mcp-cli/issues/982

## 17. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a configuration risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: capability.host_targets | https://github.com/sdebruyn/fabric-dw-mcp-cli

## 18. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: Track: set SQL connection program_name to fdw.debruyn.dev (blocked on mssql-python#649)
- User impact: Developers may misconfigure credentials, environment, or host setup: Track: set SQL connection program_name to fdw.debruyn.dev (blocked on mssql-python#649)
- Evidence: failure_mode_cluster:github_issue | https://github.com/sdebruyn/fabric-dw-mcp-cli/issues/892

## 19. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: fix(test): sql_pools integration tests must ensure a warehouse exists (endpoint 500s on empty workspace)
- User impact: Developers may misconfigure credentials, environment, or host setup: fix(test): sql_pools integration tests must ensure a warehouse exists (endpoint 500s on empty workspace)
- Evidence: failure_mode_cluster:github_issue | https://github.com/sdebruyn/fabric-dw-mcp-cli/issues/994

## 20. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: v2026.6.0
- User impact: Upgrade or migration may change expected behavior: v2026.6.0
- Evidence: failure_mode_cluster:github_release | https://github.com/sdebruyn/fabric-dw-mcp-cli/releases/tag/v2026.6.0

## 21. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: v2026.6.0rc0
- User impact: Upgrade or migration may change expected behavior: v2026.6.0rc0
- Evidence: failure_mode_cluster:github_release | https://github.com/sdebruyn/fabric-dw-mcp-cli/releases/tag/v2026.6.0rc0

## 22. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: v2026.6.0rc2
- User impact: Upgrade or migration may change expected behavior: v2026.6.0rc2
- Evidence: failure_mode_cluster:github_release | https://github.com/sdebruyn/fabric-dw-mcp-cli/releases/tag/v2026.6.0rc2

## 23. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a configuration risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/sdebruyn/fabric-dw-mcp-cli/issues/994

## 24. Capability evidence risk - Capability evidence risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: README/documentation is current enough for a first validation pass.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: capability.assumptions | https://github.com/sdebruyn/fabric-dw-mcp-cli

## 25. Maintenance risk - Maintenance risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a maintenance risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: evidence.maintainer_signals | https://github.com/sdebruyn/fabric-dw-mcp-cli

## 26. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: no_demo
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: downstream_validation.risk_items | https://github.com/sdebruyn/fabric-dw-mcp-cli

## 27. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: no_demo
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: risks.scoring_risks | https://github.com/sdebruyn/fabric-dw-mcp-cli

## 28. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/sdebruyn/fabric-dw-mcp-cli/issues/985

## 29. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/sdebruyn/fabric-dw-mcp-cli/issues/984

## 30. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/sdebruyn/fabric-dw-mcp-cli/issues/992

## 31. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/sdebruyn/fabric-dw-mcp-cli/issues/990

## 32. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/sdebruyn/fabric-dw-mcp-cli/issues/981

## 33. Maintenance risk - Maintenance risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: issue_or_pr_quality=unknown。
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: evidence.maintainer_signals | https://github.com/sdebruyn/fabric-dw-mcp-cli

## 34. Maintenance risk - Maintenance risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: release_recency=unknown。
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: evidence.maintainer_signals | https://github.com/sdebruyn/fabric-dw-mcp-cli
