How to add MongoDB Lens to Windsurf
Full-featured MCP server for querying, aggregating, and managing MongoDB databases via natural language. Paste the config into ~/.codeium/windsurf/mcp_config.json and restart Windsurf.
Last updated June 14, 2026 · 204★ · stdio · no auth
Windsurf config for MongoDB Lens
npx -y mongodb-lens@latest{
"mcpServers": {
"mongodb-lens": {
"command": "/path/to/npx",
"args": [
"-y",
"mongodb-lens@latest",
"mongodb://your-connection-string"
]
}
}
}Setup steps
- 1Open Windsurf → Cascade → the hammer/MCP icon → Configure (or edit ~/.codeium/windsurf/mcp_config.json).
- 2Paste the MongoDB Lens config below.
- 3Fill in placeholder secrets, then save.
- 4Click Refresh in the MCP panel.
- 5MongoDB Lens's tools become available to Cascade.
Before you start
- Node.js (>= v18.x; >= v22.x recommended) for NPX/local installation, or Docker
- A running MongoDB instance with a connection string (defaults to mongodb://localhost:27017)
- An MCP-compatible client such as Claude Desktop or Cursor
What MongoDB Lens can do in Windsurf
find-documentsRun queries with filters, projections, and sorting.
aggregate-dataExecute aggregation pipelines.
count-documentsCount documents matching specified criteria.
distinct-valuesExtract unique values for any field.
insert-documentInsert one or more documents into collections.
update-documentUpdate documents matching specified criteria.
delete-documentDelete documents matching specified criteria (requires confirmation).
bulk-operationsPerform multiple operations efficiently (requires confirmation for destructive operations).
Security
Permissions are dictated by the MongoDB connection string user; using a read-only account prevents unintended writes/deletes. Destructive operations (drop-collection, drop-database, delete-document, drop-index, drop-user, etc.) require two-step token confirmation by default. This can be bypassed by setting CONFIG_DISABLE_DESTRUCTIVE_OPERATION_TOKENS=true, which executes destructive operations immediately without confirmation. Connection string passwords are obfuscated in logs.
MongoDB Lens + Windsurf FAQ
Where is the Windsurf config file?
Windsurf reads MCP servers from ~/.codeium/windsurf/mcp_config.json. Paste the MongoDB Lens config there under the "mcpServers" key and restart the client.
Is MongoDB Lens safe to use with Windsurf?
Permissions are dictated by the MongoDB connection string user; using a read-only account prevents unintended writes/deletes. Destructive operations (drop-collection, drop-database, delete-document, drop-index, drop-user, etc.) require two-step token confirmation by default. This can be bypassed by setting CONFIG_DISABLE_DESTRUCTIVE_OPERATION_TOKENS=true, which executes destructive operations immediately without confirmation. Connection string passwords are obfuscated in logs.
What is the easiest way to run MongoDB Lens?
Run it with NPX: `npx -y mongodb-lens@latest` (optionally followed by your MongoDB connection string). Docker Hub and local Node.js/Docker installs are also supported.
How does it connect to my database?
Pass a MongoDB connection string as an argument (e.g. mongodb://your-connection-string). If omitted, it defaults to mongodb://localhost:27017. You can also define multiple named connection aliases.
How are destructive operations protected?
By default, destructive operations require a two-step token confirmation. You can bypass this in controlled environments by setting CONFIG_DISABLE_DESTRUCTIVE_OPERATION_TOKENS=true. Using a read-only MongoDB user also prevents writes and deletes.