{"id":"bootcamptoprod-embabel-mongo-mcp-server","name":"embabel-mongo-mcp-server","homepage":"https://bootcamptoprod.com/embabel-mongodb-mcp-server/","repo_url":"https://github.com/BootcampToProd/embabel-mongo-mcp-server","category":"infrastructure","subcategories":[],"tags":["mcp","model-context-protocol","mongodb","spring-boot","embabel","agent-tools","sse","database-integration","java"],"what_it_does":"A demo Model Context Protocol (MCP) server (Spring Boot + Embabel) that exposes MongoDB operations as MCP tools over an SSE endpoint (/sse). It can list databases/collections, run simple/complex JSON queries, manage indexes, create collections, and insert documents. It is intended as an example for building MCP servers that bridge AI agents to MongoDB.","use_cases":["Integrating an AI agent with a MongoDB database via MCP tools (e.g., Claude Desktop)","Prototyping agent-driven database operations (querying, inserting, indexing)","Learning how to implement MCP tool exposure in Java using Embabel @Export","Debugging/testing MCP tools via MCP Inspector (SSE)"],"not_for":["Production-grade database access without additional security hardening","Multi-tenant or internet-exposed deployments where database credentials and query capabilities must be tightly controlled","Use cases requiring enterprise compliance features (not evidenced in the README)"],"best_when":"You want a learning/demo implementation of an MCP-to-Mongo bridge and can run it locally or within a tightly controlled environment.","avoid_when":"You need strong authz/authn, rate limiting, and operational hardening guarantees based solely on what’s described here.","alternatives":["Build a custom MCP server with a better-documented security/auth layer (e.g., JWT/API key with scoped tool permissions)","Use direct MongoDB access through a controlled backend service (not directly exposed to the agent) and only expose narrowly scoped endpoints/tools","Use existing database/agent connectors (if available in your ecosystem) that provide hardened governance"],"af_score":38.2,"security_score":26.5,"reliability_score":16.2,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T20:00:40.599060+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":"http://localhost:8080/sse","has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":[],"oauth":false,"scopes":false,"notes":"The README mentions providing an OpenRouter API key (for use with an LLM provider) and MongoDB connection details, but it does not describe authentication/authorization for the MCP/SSE endpoint itself. No user-level auth or tool-level permission model is evidenced."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing for the repo is described. The README references OpenRouter (free tier available) as a prerequisite, but it does not specify costs for this MCP server."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":38.2,"security_score":26.5,"reliability_score":16.2,"mcp_server_quality":60.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":30.0,"rate_limit_clarity":0.0,"tls_enforcement":40.0,"auth_strength":20.0,"scope_granularity":10.0,"dependency_hygiene":30.0,"secret_handling":35.0,"security_notes":"Security is not thoroughly documented in the README. The MCP endpoint is described only as a local URL (/sse). There is no stated authentication/authorization model, no mention of tool permission scoping, and no mention of rate limiting. MongoDB credentials and OpenRouter API key are provided via environment variables, which is a positive signal, but without evidence about logging/redaction, secret handling cannot be considered strong. TLS requirements are not discussed; for SSE over HTTP, deployments should enforce HTTPS/TLS at the reverse proxy layer.","uptime_documented":0.0,"version_stability":40.0,"breaking_changes_history":0.0,"error_recovery":25.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Agent-provided queries may be able to trigger expensive operations; without explicit query limits/guardrails, agents could cause heavy load.","No evidence of authorization granularity: if deployed without network restrictions, an agent could potentially perform broad database actions.","SSE endpoint exposure (/sse) may require proper local firewall/network controls for safety."]}}