MCP ConfigsMay 12, 2026·2 min read

RESTHeart — MongoDB MCP + REST + GraphQL

RESTHeart is an agent-ready backend for MongoDB: it ships a native MCP server plus REST/GraphQL APIs so assistants can query and update data safely.

Agent ready

Safe staging for this asset

This asset is staged first. The copied prompt tells the agent to inspect the staged files and ask before activating scripts, MCP config, or global config.

Stage only · 17/100Policy: stage
Agent surface
Any MCP/CLI agent
Kind
Mcp Config
Install
Stage only
Trust
Trust: Established
Entrypoint
Asset
Safe staging command
npx -y tokrepo@latest install 780e393f-6fdf-5c51-8b60-8dec4f08535b --target codex

Stages files first; activation requires review of the staged README and plan.

Intro

RESTHeart is an agent-ready backend for MongoDB: it ships a native MCP server plus REST/GraphQL APIs so assistants can query and update data safely.

  • Best for: Giving agents a controlled API boundary for MongoDB data access
  • Works with: MongoDB; MCP-compatible clients (Claude/Claude Code/Cursor/VS Code); Docker or native binaries (per README)
  • Setup time: 10–30 minutes

Practical Notes

  • GitHub: 875 stars · 105 forks; pushed 2026-05-10 (verified via GitHub API).
  • README includes public Sophia MCP endpoints and Claude Code commands for HTTP transport setup.
  • README lists REST + GraphQL APIs and real-time options (WebSocket/SSE) for agent-friendly data access patterns.

Main

A safe agent integration pattern:

  1. Expose “read-first” routes. Start with read-only collections and carefully scoped queries.
  2. Add write access behind policy. Require approvals or server-side validation for inserts/updates.
  3. Treat MCP as transport, not permission. Your API rules (JWT/ACL) should remain the real gate.
  4. Log everything. Persist agent queries and mutations with request IDs so you can audit incidents.

This keeps the convenience of natural-language data work without giving assistants raw DB credentials.

FAQ

Q: Is it MCP-only? A: No. README highlights MCP plus full REST and GraphQL APIs; you can use either or both.

Q: Can agents write to MongoDB? A: Yes—but do it via least-privilege rules (JWT/ACL) and add approvals for risky operations.

Q: How do I prevent accidental damage? A: Start read-only, use validation rules, and keep audit logs for every mutation.

🙏

Source & Thanks

Source: https://github.com/SoftInstigate/restheart > License: AGPL-3.0 > GitHub stars: 875 · forks: 175

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets