Skip to content

feat: add readOnly flag #130

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 12 commits into from
Apr 25, 2025
Merged

feat: add readOnly flag #130

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
cc2bec5
feat: add readOnly flag
blva Apr 25, 2025
e34b873
Update src/logger.ts
blva Apr 25, 2025
937edfc
address comment: update flag
blva Apr 25, 2025
c6a928c
update env variable
blva Apr 25, 2025
aefccf7
Merge branch 'main' into read-only
blva Apr 25, 2025
9270c4f
address comment: remove cluster operation type
blva Apr 25, 2025
669f044
Merge branch 'main' into read-only
blva Apr 25, 2025
a2819fb
address comment: logId
blva Apr 25, 2025
de8e999
chore: fix test
blva Apr 25, 2025
efbf964
address comment: boolena flag
blva Apr 25, 2025
17ab204
address comment: emit disabled tools
blva Apr 25, 2025
9612966
use reror clarification
blva Apr 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,7 @@ The MongoDB MCP Server can be configured using multiple methods, with the follow
| `connectionString` | MongoDB connection string for direct database connections (optional users may choose to inform it on every tool call) |
| `logPath` | Folder to store logs |
| `disabledTools` | An array of tool names, operation types, and/or categories of tools that will be disabled. |
| `readOnly` | When set to true, only allows read and metadata operation types, disabling create/update/delete operations |

#### `logPath`

Expand Down Expand Up @@ -181,6 +182,19 @@ Operation types:
- `read` - Tools that read resources, such as find, aggregate, list clusters, etc.
- `metadata` - Tools that read metadata, such as list databases, list collections, collection schema, etc.

#### Read-Only Mode

The `readOnly` configuration option allows you to restrict the MCP server to only use tools with "read" and "metadata" operation types. When enabled, all tools that have "create", "update", "delete", or "cluster" operation types will not be registered with the server.

This is useful for scenarios where you want to provide access to MongoDB data for analysis without allowing any modifications to the data or infrastructure.

You can enable read-only mode using:

- **Environment variable**: `export MDB_MCP_READ_ONLY=true`
- **Command-line argument**: `--readOnly=true`

When read-only mode is active, you'll see a message in the server logs indicating which tools were prevented from registering due to this restriction.

### Atlas API Access

To use the Atlas API tools, you'll need to create a service account in MongoDB Atlas:
Expand Down
2 changes: 2 additions & 0 deletions src/config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ export interface UserConfig {
timeoutMS: number;
};
disabledTools: Array<string>;
readOnly?: boolean;
}

const defaults: UserConfig = {
Expand All @@ -32,6 +33,7 @@ const defaults: UserConfig = {
},
disabledTools: [],
telemetry: "disabled",
readOnly: false,
};

export const config = {
Expand Down
5 changes: 5 additions & 0 deletions src/logger.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,11 @@ class McpLogger extends LoggerBase {
}

log(level: LogLevel, _: MongoLogId, context: string, message: string): void {
// Only log if the server is connected
if (!this.server?.isConnected()) {
return;
}

void this.server.server.sendLoggingMessage({
level,
data: `[${context}]: ${message}`,
Expand Down
11 changes: 11 additions & 0 deletions src/server.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,16 @@ export class Server {

async connect(transport: Transport) {
this.mcpServer.server.registerCapabilities({ logging: {} });

// Log read-only mode status if enabled
if (this.userConfig.readOnly) {
logger.info(
mongoLogId(1_000_005),
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we move this to a constant under logger/LogId and update the value to be consistent with the other constants there.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I actually decided to remove since we're not doing anything other than logging here, but will do from now on

"server",
"Server starting in READ-ONLY mode. Only read and metadata operations will be available."
);
}

this.registerTools();
this.registerResources();

Expand Down Expand Up @@ -116,6 +126,7 @@ export class Server {

if (command === "start") {
event.properties.startup_time_ms = commandDuration;
event.properties.read_only_mode = this.userConfig.readOnly || false;
}
if (command === "stop") {
event.properties.runtime_duration_ms = Date.now() - this.startTime;
Expand Down
11 changes: 11 additions & 0 deletions src/tools/tool.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,17 @@ export abstract class ToolBase {
// Checks if a tool is allowed to run based on the config
protected verifyAllowed(): boolean {
let errorClarification: string | undefined;

// Check read-only mode first
if (this.config.readOnly && !["read", "metadata"].includes(this.operationType)) {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

keeping it like this so we don't alter the configured disallowed tools. i also think adding the virtual "write" would be an extra layer of complexity for users that id' like to avoid.

the other thing we could do is remove this check and set the disallowed operation types during initalization, I can do that if you prefer, but I don't have a strong opinion!

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(cc @nirinchev )

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is totally fine!

One thing I noticed is that the SDK recently added the ability to enable/disable tools - modelcontextprotocol/typescript-sdk#247. We should probably look into it post-public-preview and see if it makes sense to use that mechanism instead. Might also be interesting to see if there'd be a way to allow users to dynamically update the server config without restarting it.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice, yep, that'd be awesome, I think in VSCode it gives you a checklist so I think it's possible depending on the tool already

logger.debug(
mongoLogId(1_000_010),
"tool",
`Prevented registration of ${this.name} because it has operation type \`${this.operationType}\` and read-only mode is enabled`
);
return false;
}

if (this.config.disabledTools.includes(this.category)) {
errorClarification = `its category, \`${this.category}\`,`;
} else if (this.config.disabledTools.includes(this.operationType)) {
Expand Down
28 changes: 28 additions & 0 deletions tests/integration/server.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,4 +58,32 @@ describe("Server integration test", () => {
});
});
});

describe("with read-only mode", () => {
const integration = setupIntegrationTest({
...config,
readOnly: true,
apiClientId: "test",
apiClientSecret: "test",
});

it("should only register read and metadata operation tools when read-only mode is enabled", async () => {
const tools = await integration.mcpClient().listTools();
expectDefined(tools);
expect(tools.tools.length).toBeGreaterThan(0);

// Check that we have some tools available (the read and metadata ones)
expect(tools.tools.some((tool) => tool.name === "find")).toBe(true);
expect(tools.tools.some((tool) => tool.name === "collection-schema")).toBe(true);
expect(tools.tools.some((tool) => tool.name === "list-databases")).toBe(true);
expect(tools.tools.some((tool) => tool.name === "atlas-list-orgs")).toBe(true);
expect(tools.tools.some((tool) => tool.name === "atlas-list-projects")).toBe(true);

// Check that non-read tools are NOT available
expect(tools.tools.some((tool) => tool.name === "insert-one")).toBe(false);
expect(tools.tools.some((tool) => tool.name === "update-many")).toBe(false);
expect(tools.tools.some((tool) => tool.name === "delete-one")).toBe(false);
expect(tools.tools.some((tool) => tool.name === "drop-collection")).toBe(false);
});
});
});
Loading