RESTHeart — MongoDB MCP + REST + GraphQL

Practical Notes

• GitHub: 875 stars · 105 forks; pushed 2026-05-10 (verified via GitHub API).
• README includes public Sophia MCP endpoints and Claude Code commands for HTTP transport setup.
• README lists REST + GraphQL APIs and real-time options (WebSocket/SSE) for agent-friendly data access patterns.

Main

A safe agent integration pattern:

1. Expose “read-first” routes. Start with read-only collections and carefully scoped queries.
2. Add write access behind policy. Require approvals or server-side validation for inserts/updates.
3. Treat MCP as transport, not permission. Your API rules (JWT/ACL) should remain the real gate.
4. Log everything. Persist agent queries and mutations with request IDs so you can audit incidents.

This keeps the convenience of natural-language data work without giving assistants raw DB credentials.

FAQ

Q: Is it MCP-only? A: No. README highlights MCP plus full REST and GraphQL APIs; you can use either or both.

Q: Can agents write to MongoDB? A: Yes—but do it via least-privilege rules (JWT/ACL) and add approvals for risky operations.

Q: How do I prevent accidental damage? A: Start read-only, use validation rules, and keep audit logs for every mutation.