Fix unused variable warning in catalog_handlers and expand MCP roadmap

Prefix `e` with underscore in match guard to silence CI unused-variable error.
Also expands the MCP server roadmap section with architecture details and adds
multi-datasource type support section.

Author: jumpbetweenrows

docs/roadmap.md

@@ -272,22 +272,38 @@ This works but creates policy explosion when combining multiple conditions.
 
 ## AI Integration & Model Context Protocol (MCP)
 
-### Model Context Protocol (MCP) Server Integration
+### Model Context Protocol (MCP) Server
 
-Integrate an MCP server into the SQL proxy to turn it into a secure gateway for AI agents (Claude, ChatGPT, Gemini). This allows LLMs to interact with databases through a standardized protocol while inheriting all fine-grained access control (FGAC) and security policies.
+Expose BetweenRows as an MCP server so that AI agents (Claude Desktop, VS Code Copilot, Cursor, etc.) can interact with it natively — both for querying data and for managing the system — without needing a PostgreSQL driver or direct UI access.
 
-- **Schema Discovery**: LLMs can safely discover allowed tables/columns via MCP "Resources" or tools, constrained by user-specific policies.
-- **Secure Query Execution**: Implement a `run_secure_query` tool that intercepts AI-generated SQL and applies FGAC before execution.
-- **Shadow Mode for AI**: Visualize and audit SQL generated by LLMs to identify potential policy violations or "sneaky" access attempts.
-- **Ecosystem Connectivity**: Enable direct connection from Claude Desktop, VS Code, and other AI agents to the secure proxy.
+**Goal**: An AI agent should be able to handle the full BetweenRows workflow end-to-end — onboard a datasource, discover its schema, create and assign policies, query data, and review audit logs — entirely through tool calls, without ever touching the UI.
 
-**Product Vision**: "BetweenRows: The Firewall for AI-to-SQL Interactions. Policies you can trust, for queries you didn't write."
+**Marketing line**: "BetweenRows: The Firewall for AI-to-SQL Interactions. Policies you can trust, for queries you didn't write."
 
-#### Implementation Steps:
-1. **Define MCP Tools**: Create tools like `execute_query` or `run_secure_query`.
-2. **Contextual Resources**: Share safe schema metadata snippets via MCP Resources.
-3. **Identity Mapping**: Pass user identity through MCP headers to apply correct fine-grained rules.
-4. **SDK Selection**: Use official TypeScript SDK or `fastmcp` for implementation.
+#### Two categories of MCP tools
+
+**1. Data Access** — AI agents querying databases through BetweenRows:
+- `execute_query`: Accepts a datasource name and raw SQL; runs it through the policy engine (row filters, column masks, deny rules); returns JSON results. All existing enforcement and audit logging applies automatically.
+- `describe_schema`: Returns the tables and columns the calling user is permitted to see (policy-filtered catalog), giving the LLM the right context to write correct SQL without exposing hidden schema.
+- Shadow Mode integration: flag AI-generated queries in audit logs for visibility into what LLMs are accessing.
+
+**2. Admin/Management** — AI agents managing BetweenRows itself:
+- Policy management: create, update, delete, and assign policies via tool calls. An agent could interpret a natural-language request ("mask SSN for all non-finance users") and produce the correct policy.
+- User management: create users, update credentials, assign datasource access.
+- Datasource management: register new datasources, trigger catalog discovery.
+- Audit log querying: fetch and summarize recent query activity.
+
+#### Architecture
+
+The MCP server is a thin wrapper over the existing admin API:
+1. Add a `POST /query` endpoint to the admin API that accepts `{ datasource, sql }` and executes through the policy engine — same enforcement path as the PostgreSQL wire protocol.
+2. Build an MCP server (separate sidecar or standalone process) that maps MCP tool calls to admin API HTTP requests. Policy logic stays in the Rust proxy; the MCP layer is stateless and thin.
+3. Authenticate MCP clients via API key mapped to a BetweenRows user identity, so user-specific policies apply correctly.
+
+#### Open questions
+- MCP server implementation: separate Node/Python sidecar (e.g., `fastmcp`) vs. embedded in the Rust binary?
+- Streaming: large query results may need pagination rather than a single JSON response.
+- Scope of admin tools in v1: start with policy CRUD only, expand to users/datasources later?
 
 ## UI/UX Improvements
 
@@ -425,6 +441,22 @@ Given complexity of new policy system (interaction with DataFusion and PostgreSQ
 - SQL injection
 - SSL
 
+## Data Sources
+
+### Multi Data Source Type Support
+
+- Expand beyond PostgreSQL to support additional data source types:
+  - SQLite
+  - MySQL
+  - Amazon Athena
+  - Amazon Redshift
+  - Snowflake
+  - DuckDB
+  - S3 files (Parquet, CSV, JSON)
+- Abstract data source connection layer to support multiple backends
+- Preserve existing policy enforcement (row filter, column mask, deny) across all source types
+- Catalog discovery and schema introspection per source type
+
 ## Infrastructure & Deployment
 
 ### Password & Authentication

proxy/src/admin/catalog_handlers.rs

@@ -141,7 +141,7 @@ async fn run_discovery_job(
             let mut store = state.job_store.lock().await;
             store.complete(&job_id, data);
         }
-        Err(e) if cancel.is_cancelled() => {
+        Err(_e) if cancel.is_cancelled() => {
             send(DiscoveryEvent::Cancelled);
             let mut store = state.job_store.lock().await;
             store.fail(&job_id, "cancelled".to_string());