| CLI Option | Environment Variable | Default | Description |

| -------------------------------------- | --------------------------------------------------- | --------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |

| `apiClientId` | `MDB_MCP_API_CLIENT_ID` | <not set> | Atlas API client ID for authentication. Required for running Atlas tools. |

| `apiClientSecret` | `MDB_MCP_API_CLIENT_SECRET` | <not set> | Atlas API client secret for authentication. Required for running Atlas tools. |

| `connectionString` | `MDB_MCP_CONNECTION_STRING` | <not set> | MongoDB connection string for direct database connections. Optional, if not set, you'll need to call the `connect` tool before interacting with MongoDB data. |

| `loggers` | `MDB_MCP_LOGGERS` | disk,mcp | Comma separated values, possible values are `mcp`, `disk` and `stderr`. See [Logger Options](#logger-options) for details. |

| `logPath` | `MDB_MCP_LOG_PATH` | see note\* | Folder to store logs. |

| `disabledTools` | `MDB_MCP_DISABLED_TOOLS` | <not set> | An array of tool names, operation types, and/or categories of tools that will be disabled. |

| `confirmationRequiredTools` | `MDB_MCP_CONFIRMATION_REQUIRED_TOOLS` | create-access-list,create-db-user,drop-database,drop-collection,delete-many | An array of tool names that require user confirmation before execution. **Requires the client to support [elicitation](https://modelcontextprotocol.io/specification/draft/client/elicitation)**. |

| `readOnly` | `MDB_MCP_READ_ONLY` | false | When set to true, only allows read, connect, and metadata operation types, disabling create/update/delete operations. |

| `indexCheck` | `MDB_MCP_INDEX_CHECK` | false | When set to true, enforces that query operations must use an index, rejecting queries that perform a collection scan. |

| `telemetry` | `MDB_MCP_TELEMETRY` | enabled | When set to disabled, disables telemetry collection. |

| `transport` | `MDB_MCP_TRANSPORT` | stdio | Either 'stdio' or 'http'. |

| `httpPort` | `MDB_MCP_HTTP_PORT` | 3000 | Port number. |

| `httpHost` | `MDB_MCP_HTTP_HOST` | 127.0.0.1 | Host to bind the http server. |

| `idleTimeoutMs` | `MDB_MCP_IDLE_TIMEOUT_MS` | 600000 | Idle timeout for a client to disconnect (only applies to http transport). |

| `notificationTimeoutMs` | `MDB_MCP_NOTIFICATION_TIMEOUT_MS` | 540000 | Notification timeout for a client to be aware of diconnect (only applies to http transport). |

| `exportsPath` | `MDB_MCP_EXPORTS_PATH` | see note\* | Folder to store exported data files. |

| `exportTimeoutMs` | `MDB_MCP_EXPORT_TIMEOUT_MS` | 300000 | Time in milliseconds after which an export is considered expired and eligible for cleanup. |

| `exportCleanupIntervalMs` | `MDB_MCP_EXPORT_CLEANUP_INTERVAL_MS` | 120000 | Time in milliseconds between export cleanup cycles that remove expired export files. |

| `atlasTemporaryDatabaseUserLifetimeMs` | `MDB_MCP_ATLAS_TEMPORARY_DATABASE_USER_LIFETIME_MS` | 14400000 | Time in milliseconds that temporary database users created when connecting to MongoDB Atlas clusters will remain active before being automatically deleted. |

If your client supports [elicitation](https://modelcontextprotocol.io/specification/draft/client/elicitation), you can set the MongoDB MCP server to request user confirmation before executing certain tools.

When a tool is marked as requiring confirmation, the server will send an elicitation request to the client. The client with elicitation support will then prompt the user for confirmation and send the response back to the server. If the client does not support elicitation, the tool will execute without confirmation.

You can set the `confirmationRequiredTools` configuration option to specify the names of tools which require confirmation. By default, the following tools have this setting enabled: `drop-database`, `drop-collection`, `delete-many`, `atlas-create-db-user`, `atlas-create-access-list`.

// TODO: Use a type tracking all tool names.

confirmationRequiredTools: Array<string>;

confirmationRequiredTools: [

"atlas-create-access-list",

"atlas-create-db-user",

"drop-database",

"drop-collection",

"delete-many",

],

userConfig.confirmationRequiredTools = commaSeparatedToArray(userConfig.confirmationRequiredTools);

import type { ElicitRequest } from "@modelcontextprotocol/sdk/types.js";

import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";

export class Elicitation {

private readonly server: McpServer["server"];

constructor({ server }: { server: McpServer["server"] }) {

this.server = server;

}

/**

public supportsElicitation(): boolean {

const clientCapabilities = this.server.getClientCapabilities();

return clientCapabilities?.elicitation !== undefined;

}

/**

public async requestConfirmation(message: string): Promise<boolean> {

if (!this.supportsElicitation()) {

return true;

}

const result = await this.server.elicitInput({

message,

requestedSchema: Elicitation.CONFIRMATION_SCHEMA,

});

return result.action === "accept" && result.content?.confirmation === "Yes";

}

/**

public static CONFIRMATION_SCHEMA: ElicitRequest["params"]["requestedSchema"] = {

type: "object",

properties: {

confirmation: {

type: "string",

title: "Would you like to confirm?",

description: "Would you like to confirm?",

enum: ["Yes", "No"],

enumNames: ["Yes, I confirm", "No, I do not confirm"],

},

},

required: ["confirmation"],

};