# RESTHeart — MongoDB MCP + REST + GraphQL > RESTHeart is an agent-ready backend for MongoDB: it ships a native MCP server plus REST/GraphQL APIs so assistants can query and update data safely. ## Install Merge the JSON below into your `.mcp.json`: ## Quick Use ```bash # Connect to the public Sophia docs MCP endpoints (no auth) claude mcp add --transport http sophia-restheart https://sophia-api.restheart.com/mcp/restheart claude mcp add --transport http sophia-cloud https://sophia-api.restheart.com/mcp/cloud ``` ## Intro RESTHeart is an agent-ready backend for MongoDB: it ships a native MCP server plus REST/GraphQL APIs so assistants can query and update data safely. - **Best for:** Giving agents a controlled API boundary for MongoDB data access - **Works with:** MongoDB; MCP-compatible clients (Claude/Claude Code/Cursor/VS Code); Docker or native binaries (per README) - **Setup time:** 10–30 minutes ## Practical Notes - GitHub: 875 stars · 105 forks; pushed 2026-05-10 (verified via GitHub API). - README includes public Sophia MCP endpoints and Claude Code commands for HTTP transport setup. - README lists REST + GraphQL APIs and real-time options (WebSocket/SSE) for agent-friendly data access patterns. ## Main A safe agent integration pattern: 1. **Expose “read-first” routes.** Start with read-only collections and carefully scoped queries. 2. **Add write access behind policy.** Require approvals or server-side validation for inserts/updates. 3. **Treat MCP as transport, not permission.** Your API rules (JWT/ACL) should remain the real gate. 4. **Log everything.** Persist agent queries and mutations with request IDs so you can audit incidents. This keeps the convenience of natural-language data work without giving assistants raw DB credentials. ### FAQ **Q: Is it MCP-only?** A: No. README highlights MCP plus full REST and GraphQL APIs; you can use either or both. **Q: Can agents write to MongoDB?** A: Yes—but do it via least-privilege rules (JWT/ACL) and add approvals for risky operations. **Q: How do I prevent accidental damage?** A: Start read-only, use validation rules, and keep audit logs for every mutation. ## Source & Thanks > Source: https://github.com/SoftInstigate/restheart > License: AGPL-3.0 > GitHub stars: 875 · forks: 175 --- ## 快速使用 ```bash # 连接官方公开的 Sophia 文档 MCP(无需鉴权) claude mcp add --transport http sophia-restheart https://sophia-api.restheart.com/mcp/restheart claude mcp add --transport http sophia-cloud https://sophia-api.restheart.com/mcp/cloud ``` ## 简介 RESTHeart 是面向 AI 助手的 MongoDB 后端:自带原生 MCP server,同时提供 REST/GraphQL API,让你把“读写数据库”的能力放进可审计的 API 边界里。 - **适合谁:** 给 agent 一个可控、可审计的 MongoDB 访问边界 - **可搭配:** MongoDB;MCP 客户端(Claude/Claude Code/Cursor/VS Code);支持 Docker 或原生二进制(见 README) - **准备时间:** 10–30 分钟 ## 实战建议 - GitHub:875 stars · 105 forks;最近更新 2026-05-10(GitHub API 验证)。 - README 提供公开的 Sophia MCP endpoint,并给出 Claude Code 的 HTTP 连接命令。 - README 同时强调 REST/GraphQL 以及 WebSocket/SSE 等实时能力,适合做 agent 读写边界。 ## 主要内容 更稳的 agent 集成方式: 1. **先开放只读能力。** 从只读集合与受限查询开始。 2. **写入能力加闸门。** 对 insert/update 增加审批或服务端校验。 3. **把 MCP 当“传输层”,别当“权限”。** 真正的权限仍由 JWT/ACL 等 API 规则控制。 4. **全量审计日志。** 记录每次查询/变更及 request_id,便于追踪与复盘。 这样既保留自然语言的数据工作效率,又避免把数据库凭据直接交给助手。 ### FAQ **只能用 MCP 吗?** 答:不是。README 强调 MCP 同时也提供完整 REST 与 GraphQL API,可单独用也可组合用。 **agent 能写 MongoDB 吗?** 答:可以,但建议通过最小权限(JWT/ACL)并对高风险操作加审批。 **怎么避免误操作?** 答:先只读、再逐步放开写;写入加校验规则,并记录每次变更的审计日志。 ## 来源与感谢 > Source: https://github.com/SoftInstigate/restheart > License: AGPL-3.0 > GitHub stars: 875 · forks: 175 --- Source: https://tokrepo.com/en/workflows/restheart-mongodb-mcp-rest-graphql Author: MCP Hub