home / mcp / firestore mcp server

Firestore MCP Server

MCP server for firestore - Part of the master-mcps collection

Installation

Add the following to your MCP client configuration file.

Configuration

{
  "mcpServers": {
    "devlimelabs-firestore-mcp": {
      "command": "mcp-firestore",
      "args": [],
      "env": {
        "FIRESTORE_PROJECT_ID": "your-project-id",
        "GOOGLE_APPLICATION_CREDENTIALS": "/path/to/credentials.json"
      }
    }
  }
}

You run a secure, permission-controlled MCP server that exposes Firestore data to AI assistants and MCP clients through a standardized interface. It provides granular access controls, full CRUD, advanced querying, subcollection support, and transactional operations, making it practical to integrate Firestore into automated workflows and intelligent agents.

How to use

Start the server using the CLI tool and connect your MCP clients to perform common data operations. You can grant fine-grained permissions per collection and per operation, enable read-only access for development or testing, or give full access during development. Use the available commands to list collections, read and modify documents, run queries, work with subcollections, and perform batch writes or transactions. Your MCP clients will interact with Firestore through the server’s endpoints, honoring the configured permissions and providing a consistent, secure interface.

How to install

Prerequisites you need before installation:
- Node.js (for package installation if you are using npm/yarn/pnpm based workflows)
- An active Firestore project and credentials if you choose to authenticate via a service account
- Optional: Docker if you prefer containerized runs (not required)

Install the MCP server package using your preferred package manager:
- npm install mcp-firestore
- yarn add mcp-firestore
- pnpm add mcp-firestore

Alternatively, you can run from source by cloning the project, installing dependencies, and building if required by your setup: - git clone https://github.com/yourusername/mcp-firestore.git - cd mcp-firestore - pnpm install - pnpm build

Start the server with the default permissions or with a custom permissions file as shown below. The server exposes a CLI command named mcp-firestore which you run directly from the shell.

Configuration and security

Configuration combines environment variables and a permissions file to control access: - Environment variables: set your Firestore project details and credentials in a .env file. For example, set the project id and the path to your service account credentials if you use a service account for authentication.

Permissions configuration determines which collections and operations are allowed. You typically provide a file like permissions.json that lists collections with their allowed operations (read, write, query). The default setting denies access unless explicitly allowed.

Usage examples

Basic startup without a custom permissions file uses default settings. You can fine-tune access by providing a permissions file at startup.

Start with a custom permissions file: - mcp-firestore --config permissions.json

Grant full access during development: - mcp-firestore --full-access

Run with read-only access to specific collections: - mcp-firestore --read-only --collections users,posts

Troubleshooting

If you encounter authentication errors, ensure your Google Application Credentials point to a valid service account and that the account has Firestore permissions. For permission issues, verify that the target collection is included in your permissions configuration and that the requested operation is allowed. For connection problems, confirm the Firestore project ID is correct and that there is network connectivity to Firestore.

Notes on security best practices

Adopt minimal permissions by granting access only to the necessary collections and operations. Default-deny configurations should be enforced in production. Protect service account credentials and avoid committing credentials to version control. Regularly audit permission configurations to detect excessive access.

Development and maintenance

Tests can be run with your usual JavaScript/TypeScript testing setup if included in the project. Build steps are performed as part of the development workflow when required by your environment. For containerized deployments, you can build and run a container image with the provided tooling.

Resources for advanced usage

The server exposes a set of MCP endpoints to manage Firestore data directly from MCP clients, including operations for collections, documents, subcollections, batch writes, transactions, and field-value operations.

Available tools

firestore-list-collections

List all accessible collections in the configured Firestore instance.

firestore-get-collection

Retrieve all documents from a specified collection.

firestore-get-document

Fetch a single document from a collection.

firestore-create-document

Create a new document in a collection with provided data.

firestore-update-document

Update fields on an existing document.

firestore-delete-document

Delete a document from a collection.

firestore-query-collection

Run a query against a collection with filters, ordering, and limits.

firestore-list-subcollections

List subcollections under a given document.

firestore-get-collection-by-path

Get documents from a subcollection path.

firestore-create-document-by-path

Create a document in a subcollection path.

firestore-batch-write

Execute multiple write operations atomically.

firestore-batch-read

Read multiple documents in a single operation.

firestore-transaction

Execute a transaction with reads and conditional writes.

firestore-increment-field

Atomically increment a numeric field.

firestore-array-union

Add elements to an array field without duplicates.

firestore-server-timestamp

Set fields to the server timestamp.