Add Tools & Grant Permissions

Profile reminder: All databricks CLI commands must include the profile from .env : databricks <command> --profile <profile>

After adding any MCP server to your agent, you MUST grant the app access in databricks.yml .

Without this, you'll get permission errors when the agent tries to use the resource.

Workflow

Step 1: Add MCP server in agent_server/agent.py :

from databricks_langchain import DatabricksMCPServer, DatabricksMultiServerMCPClient

genie_server = DatabricksMCPServer( url=f"{host}/api/2.0/mcp/genie/01234567-89ab-cdef", name="my genie space", )

mcp_client = DatabricksMultiServerMCPClient([genie_server]) tools = await mcp_client.get_tools()

Step 2: Grant access in databricks.yml :

resources: apps: agent_langgraph: resources: - name: 'my_genie_space' genie_space: name: 'My Genie Space' space_id: '01234567-89ab-cdef' permission: 'CAN_RUN'

Step 3: Deploy and run:

databricks bundle deploy databricks bundle run agent_langgraph # Required to start app with new code!

See deploy skill for more details.

Resource Type Examples

See the examples/ directory for complete YAML snippets:

File Resource Type When to Use

uc-function.yaml

Unity Catalog function UC functions via MCP

uc-connection.yaml

UC connection External MCP servers

vector-search.yaml

Vector search index RAG applications

sql-warehouse.yaml

SQL warehouse SQL execution

serving-endpoint.yaml

Model serving endpoint Model inference

genie-space.yaml

Genie space Natural language data

lakebase.yaml

Lakebase database Agent memory storage (provisioned)

lakebase-autoscaling.md

Lakebase autoscaling postgres Agent memory storage (autoscaling)

experiment.yaml

MLflow experiment Tracing (already configured)

custom-mcp-server.md

Custom MCP apps Apps starting with mcp-*

Custom MCP Servers (Databricks Apps)

Apps are not yet supported as resource dependencies in databricks.yml . Manual permission grant required:

Step 1: Get your agent app's service principal:

databricks apps get <your-agent-app-name> --output json | jq -r '.service_principal_name'

Step 2: Grant permission on the MCP server app:

databricks apps update-permissions <mcp-server-app-name>
--json '{"access_control_list": [{"service_principal_name": "<agent-app-service-principal>", "permission_level": "CAN_USE"}]}'

See examples/custom-mcp-server.md for detailed steps.

value_from Pattern

IMPORTANT: Make sure all value_from references in databricks.yml config.env reference an existing key in the databricks.yml resources list. Some resources need environment variables in your app. Use value_from in databricks.yml config.env to reference resources defined in databricks.yml :

In databricks.yml, under apps.<app>.config.env:

env:

• name: MLFLOW_EXPERIMENT_ID value_from: "experiment" # References resources.apps.<app>.resources[name='experiment']
• name: LAKEBASE_INSTANCE_NAME value_from: "database" # References resources.apps.<app>.resources[name='database']

Critical: Every value_from value must match a name field in databricks.yml resources.

Important Notes

• MLflow experiment: Already configured in template, no action needed

• Multiple resources: Add multiple entries under resources: list

• Permission types vary: Each resource type has specific permission values

• Deploy + Run after changes: Run both databricks bundle deploy AND databricks bundle run agent_langgraph

• value_from matching: Ensure config.env value_from values match databricks.yml resource name values